Security protocol deployment risk: (transcript of discussion)

    Research output: Contribution to journalComment/debatepeer-review


    The level of confidence you need in the secrecy of the key you are using to upload your initials to the high score on Tour of Duty is probably different to the confidence you need to do a multi-million pound transaction. So the basic idea of this model is to classify cryptographic key sensitivity in terms of some sort of partial order: authentication master keys are more sensitive than the keys that they're used to protect; and generally a session key that is encrypted under a long term key is less sensitive than the long term key that's being used to encrypt it. If you've got the higher one, then it's possible to obtain the lower one, simply by looking at what's gone through the protocol. For example, if your protocol has got a message like that in it, then this key is below this one in the partial order.
    Original languageEnglish
    Pages (from-to)21-24
    JournalLecture Notes in Computer Science (LNCS)
    Publication statusPublished - 2011


    • cryptographic key
    • master key
    • partial order
    • security protocols
    • session key


    Dive into the research topics of 'Security protocol deployment risk: (transcript of discussion)'. Together they form a unique fingerprint.

    Cite this