Advertisement

Nutzen und Grenzen von Kryptographie-Standards und ihrer APIs

  • Martin Bartosch
  • Jörg Schneider
Part of the DuD-Fachbeiträge book series (DUD)

Zusammenfassung

Dieses Papier untersucht Kryptographie-Standards und ihre APIs aus dem Blickwinkel des Systemarchitekten und Anwendungsentwicklers. Dabei werden Kryptographie-Standards ziemlich weitgefaßt als alle Verfahren, Datenformate und Protokolle definiert, die auf kryptographischen Algorithmen beruhen, hinreichend verbreitet sind, oder es in Zukunft sein werden.

Zunächst wird ein Überblick über bereits existierende und derzeit entstehende Standards gegeben. Anschließend diskutieren wir ihre Brauchbarkeit für die Anwendungsentwicklung und stellen Defizite heraus. Wir kommen zu dem Schluß, daß die nötigen Datenformate und Protokolle vorhanden sind, jedoch für die zugehörigen APIs umfassendere und bessere Standards benötigt werden.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [1]
    IETF (Internet Engineering Task Force). http://www.ietf.org/Google Scholar
  2. [2]
    Internet RFCs. http://www.ietf.org/rfc.htmlGoogle Scholar
  3. [3]
    Privacy Enhanced Mail (PEM), RFC 1421, RFC 1422, RFC 1423, RFC 1424, proposed standard, 1993.Google Scholar
  4. [4]
    Generic Security Service Application Programming Interface (GSS-API vl), RFC 1508, proposed standard, 1993.Google Scholar
  5. [5]
    Generic Security Service API: C-bindings, RFC 1509, proposed standard, 1993.Google Scholar
  6. [6]
    Generic Security Service Application Programming Interface, Version 2 (GSS-API v2), RFC 2078, proposed standard, 1997.Google Scholar
  7. [7]
    SPKM (Simple Public-Key GSS-API Mechanism), RFC 2025, proposed standard, 1996.Google Scholar
  8. [8]
    Kerberos Version 5 GSS-API Mechanism, RFC 1964, proposed standard, 1996Google Scholar
  9. [9]
    Kerberos Network Authentication Service (V5), RFC 1510, 1993.Google Scholar
  10. [10]
    Kerberos Network Authentication Service (V5) update. http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-revisions-04.txtGoogle Scholar
  11. [11]
    Bellovin, S. M.; Merritt, M.: Limitations of the Kerberos Authentication System. In Proceedings of the Winter 1991 Usenix Conference. Januar 1991. http://research.att.com/dist/internet-security/kerblimit.usenix.ps
  12. [12]
    Kohl, John T.; Neuman, B. Clifford; T’so, Theodore Y.: The Evolution of the Kerbe-ros Authentication System. In Distributed Open Systems, IEEE Computer Society Press, 1994, S. 78–94. athena-dist.mit.edu/pub/kerberos/doc/krb_evol.PSGoogle Scholar
  13. [13]
    PKINIT (Public Key Cryptography for Initial Authentication in Kerberos). http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-l0.txtGoogle Scholar
  14. [14]
    SASL (Simple Authentication and Security Layer), RFC 2222. http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-OO.txtGoogle Scholar
  15. [15]
    SPNEGO (The Simple and Protected GSS-API Negotiation Mechanism), RFC 2478, proposed standard, 1998Google Scholar
  16. [16]
    PKCS (Public Key Cryptography Standards); RSA Security Inc. http://www.rsasecurity.com/rsalabs/pkcsGoogle Scholar
  17. [17]
    PKCS #7 (s. auch [19]). http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/Google Scholar
  18. [18]
    PKCS #1, RFC 2437. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/Google Scholar
  19. [19]
    CMS (Cryptographic Message Syntax), RFC 2630, proposed standard, 1999.Google Scholar
  20. [20]
    S/MIME Version 2, RFC 2311, RFC 2312, informational, 1998. http://www.rsasecurity.com/standards/smime/index.htmGoogle Scholar
  21. [21]
    S/MIME Version 3, RFC 2632, RFC 2633, RFC 2634, proposed standard, 1999.Google Scholar
  22. [22]
    S/MIME Interoperability Master Matrix. http://www.securitydynamics.com/standards/smime/interop_enter.htmlGoogle Scholar
  23. [23]
    Worldtalk (Hersteller der S/MIME-Referenzimplementation). http://www.worldtalk.com/Google Scholar
  24. [24]
    TeleTrusT Deutschland e. V., http://www.teletrust.de/Google Scholar
  25. [25]
    MailTrusT — Pilotprojekt Digitale Signatur für den Dokumentenaustausch des TeleTrusT Deutschland e. V. http://www.mailtrust.de/ http://www.teletrust.de/ http://www.darmstadt.gmd.de/mailtrust/Google Scholar
  26. [26]
    PGP (Pretty Good Privacy). http://www.pgp.com/ http://www.pgpi.org/Google Scholar
  27. [27]
    Sicherheit im Internet — Initiative der Bundesministerien für Sicherheit in der Informationstechnik, für Wirtschaft und Technologie und des Innern. http://www.sicherheit-im-internet.de/Google Scholar
  28. [28]
    The GNU Privacy Guard. http://www.gnupg.org/Google Scholar
  29. [29]
    Message Exchange Formats PGP (Pretty Good Privacy), RFC 1991, informational, 1996.Google Scholar
  30. [30]
    OpenPGP Message Format, RFC 2440, proposed standard, 1998.Google Scholar
  31. [31]
    MIME Security with PGP, RFC 2015, proposed standard, 1996.Google Scholar
  32. [32]
    Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API) v2, RFC 2479, informational, 1998.Google Scholar
  33. [33]
    XML (Extensible Markup Language). http://www.w3.org/XML/Google Scholar
  34. [34]
    XML Digital Signatures. http://www.ietf.org/html.charters/xmldsig-charter.html http://www.w3.org/Signature/Google Scholar
  35. [35]
    Common Data Security Architecture (CDSA); Open Group. http://www.opengroup.org/security/cdsa http://developer.intel.com/ial/security/specifications.htmGoogle Scholar
  36. [36]
    PC/SC Workgroup. http://www.pcscworkgroup.com/Google Scholar
  37. [37]
    PC/SC Implementation für Linux. http://www.linuxnet.com/middleware/middleware.htmlGoogle Scholar
  38. [38]
    Secure Socket Layer 3.0 (SSL) specification. http://www.netscape.com/eng/ssl3Google Scholar
  39. [39]
    Freie SSL/TLS-Implementierung (Open-Source Projekt). http://www.openssl.orgGoogle Scholar
  40. [40]
    Wagner, D.; Schneier, B.: Analysis of the SSL 3.0 protocol. Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX Press, 1996, S. 29–40. www.counterpane.com/ssl. htmlGoogle Scholar
  41. [41]
    TLS (Transport Layer Security), RFC 2246, proposed standard, 1999.Google Scholar
  42. [42]
    IETF-TLS Working Group; Transport Layer Security. http://www.consensus.com/ietf-tls/ietf-tls-home.html http://www.ietf.org/html.charters/tls-charter.htmlGoogle Scholar
  43. [43]
    RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography. http://www.rsasecurity.com/rsalabs/faqGoogle Scholar
  44. [44]
    MIME (Multipurpose Internet Mail Extensions), RFC 2045, RFC 2046, RFC 2047, RFC 2048, RFC 2049, draft standard, 1996.Google Scholar
  45. [45]
    MOSS (MIME Object Security Services), RFC 1848, proposed standard, 1995.Google Scholar
  46. [46]
    Fumy, W.; Meister, G.; Reitenspieß, M.; Schäfer, W. (Ed.): Sicherheitsschnittstellen — Konzepte, Anwendungen und Einsatzbeispiele. Proceedings des VIS-Workshops Security APIs’ 94, Deutscher Universitäts-Verlag, Wiesbaden 1994.Google Scholar
  47. [47]
    W3C (Word Wide Web Consortium). http://www.w3.org/Google Scholar
  48. [48]
    FIPS PUB 186-1: Digital Signature Standard (DSS). U.S. Department of Commerce/National Institute of Standards and Technology. RFC 2104.Google Scholar
  49. [49]
    FIPS PUB 180-1: Secure Hash Standard. U.S. Department of Commerce/National Institute of Standards and Technology. http://csrc.nist.gov/fips/fip 180-1.pdfGoogle Scholar
  50. [50]
    ECDSA ANSI X9.62.Google Scholar
  51. [51]
    WAP (Wireless Application Protocol) Forum. http://www.wapforum.com/Google Scholar
  52. [52]
    WTLS (Wireless Transport Layer Security). http://www.wapforum.org/what/technical/SPEC-WTLS-19990211.pdfGoogle Scholar
  53. [53]
    Saarinen, M-J.: Attacks against the WAP WTLS Protocol. Proceedings CMS’ 99 Communications and Multimedia Security, Kluwer Academic Publishers, Boston 1999.Google Scholar
  54. [54]
    RPCSEC_GSS Protocol Specification, RFC 2203, proposed standard, 1997.Google Scholar
  55. [55]
    Authentication Mechanisms for ONC RPC, RFC 2695, informational, 1999.Google Scholar
  56. [56]
    IPsec — Security Architecture for the Internet Protocol, RFC 2401, proposed standard, 1998.Google Scholar
  57. [57]
    The Globus Project — Gemeinsames Projekt folgender Partner: Information Sciences Institute of the University of Southern California, Mathematics and Computer Science Division of Argonne National Laboratory, Aerospace Corporation. http://www.globus.org/
  58. [58]
    JCA (Java Cryptography Architecture). http://www.javasoft.com/products/jdk/l.2/docs/guide/security/CryptoSpec.htmlGoogle Scholar
  59. [59]
    JSSE (Java Secure Socket Extension). http://java.sun.com/products/jsse/Google Scholar
  60. [60]
    JCE (Java Cryptography Extension). http://www.Javasoft.com/products/jce/Google Scholar
  61. [61]
    Java Smart Card API. http://java.sun.com/products/commerce/javax.smartcard/Google Scholar
  62. [62]
    Java Wallet. http://java.sun.com/products/commerce/Google Scholar
  63. [63]
    Open Card Framework. http://www.opencard.org/Google Scholar
  64. [64]
    CORBA (Common Object Request Broker Architecture). http://www.corba.org/Google Scholar
  65. [65]
    DOM (Document Object Model). http://www.w3.org/D0M/Google Scholar
  66. [66]
    SECUDE Sicherheitstechnologie Informationssysteme GmbH. http://www.secude.com/Google Scholar
  67. [67]
    IBM SecureWay. http://www.ibm.com/software/secureway/Google Scholar
  68. [68]
    Schneider, B.: Comments on the “NSAKEY” in Microsoft’s Crypto API. Crypto-Gram newsletter, September 1999. http://www.counterpane.com/nsakey.html
  69. [69]
    SET (Security Electronic Transaction LLC) Specifications, http://www.setco.org/set-specifications.htmlGoogle Scholar
  70. [70]
    MailProtect (S/MIME-Plugin für Lotus Notes). http://www.mailprotect.de/Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden 2000

Authors and Affiliations

  • Martin Bartosch
    • 1
  • Jörg Schneider
    • 1
  1. 1.Deutsche Bank AGDeutschland

Personalised recommendations