|
|
Recent update
|
Oct. 16, 2013: We have opend English site. At initial state, results on two ISO/IEC protocols are uploded. Other resuls are uploded in the middle of November.
Oct. 16, 2013: Evaluation results on PLAID protocol with Proverif and Scyther are uploded in "ISO/IEC protocols". This protocol is lightweight authentication protocol which is proposed to ISO/IEC 25185. These report are provided by NTT Laboratory and Hitachi.
Oct. 16, 2013: Bachelor thesis which evaluates ISO/IEC 11770-2 and 11770-3 (Key Management) have been provided from Lara Schmid and Cas Cremers with ETH Zurich. This thesis shows evaluation results by using Scyther and several attakcs on 11770-2 and 11770-3. This thesis and presentation file are uploded in "ISO/IEC protocols".
|
What is Cryptographic Protocol Verification Portal?
|
A technology called cryptographic protocol, which combines cryptographic technology and communication, is used on networks for encrypting information, authentication, preventing falsification of information, protecting privacy, and other purposes. Typical examples include SSL/TLS for authentication and encryption of a communication channel in website access and encryption schemes for wireless LAN.
Cryptographic protocols are designed by researchers and engineers all over the world, standardized by organizations such as the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), and implemented on network devices for actual use. Yet it is not rare for a design problem to be found even in a standardized cryptographic protocol.
This Cryptographic Protocol Verification Portal publicizes results of safety assessments of cryptographic protocols performed by NICT. The results are made public here as technical documents. The assessments were made in line with the framework for safety assessment of cryptographic protocols prescribed in ISO/IEC 29128 (Verification of Cryptographic Protocol) and by using the cryptographic protocol assessment tools assumed in ISO/IEC 29128.
|
Information Provided Here
|
This portal site summarizes cryptographic protocols that were subject to safety verification by NICT and results of additional verifications by NICT regarding assessments made by other research institutes or organizations. This site basically provides summaries of inputs and outputs to and from cryptographic protocol assessment tools assumed in ISO/IEC 29128.
The site provides the following information for each cryptographic protocol and each assessment tool that was used.
- Description of the cryptographic protocol
- Description of required security functions
- Description of attack environment
- Output from the cryptographic protocol assessment tool and explanation
Since tools used for the assessment are open to the public as open-source software, etc., anyone can conduct additional tests.
Results shown on this site do not guarantee the safety of subject cryptographic protocols but are aimed at providing information about their vulnerabilities that were discovered. Accordingly, it should be noted that even if a certain protocol is free from an attack at the moment, it is still possible that it may be attacked in the future.
|
Intended Users
|
This portal site is intended for use by engineers who implement existing cryptographic protocols on network devices, etc. or who apply such protocols to the design of ICT systems. The site permits such users to check if any vulnerability has been discovered concerning cryptographic protocols they intend to implement.
This site is also intended for engineers and researchers who are planning to design cryptographic protocols. It is assumed to help them design safer cryptographic protocols by showing them results of assessments of existing cryptographic protocols.
|
|
