Chapter 10
Real-World Security Protocols
The wire protocol guys don’t worry about security becausethat’s really a network protocolproblem. The network protocolguys don’t worry about it because, really, it’s an application problem.The application guys don’t worry about it because,after all, they can just use the IP address and trust the network.
—Marcus J. Ranum
In the real world, nothing happens at the right place at the right time.It is the job of journalists and historians to correct that.
—Mark Twain
10.1 Introduction
In this chapter, we’ll discuss several widely used real-world security protocols. First on the agenda is the Secure Shell, or SSH, which is used for a variety of purposes. Next, we consider the Secure Socket Layer, or SSL, which is currently the most widely used security protocol for Internet transactions. The third protocol that we’ll consider in detail is IPSec, which is a complex protocol with some significant security issues. Then we will discuss Kerberos, a popular authentication protocol based on symmetric key cryptography and timestamps.
We conclude the chapter with two wireless protocols, WEP and GSM. WEP is a seriously flawed security protocols, and we’ll consider several well-known attacks. The final protocol we’ll cover is GSM, which is used to secure mobile communications. The GSM protocol is provides an interesting case study due to the large number and wide variety of known attacks.
10.2 SSH
The Secure Shell, SSH, creates a secure tunnel which can ...
