Summary: Security Protocols and Specifications
Systems Research Center
Abstract. Specifications for security protocols range from informal nar
rations of message flows to formal assertions of protocol properties. This
paper (intended to accompany a lecture at ETAPS '99) discusses those
specifications and suggests some gaps and some opportunities for further
work. Some of them pertain to the traditional core of the field; others
appear when we examine the context in which protocols operate.
The method of ``security by obscurity'' dictates that potential attackers to a
system should be kept from knowing not only passwords and cryptographic keys
but also basic information about how the system works, such as the specifica
tions of cryptographic algorithms, communication protocols, and accesscontrol
mechanisms. It has long been argued that ``security by obscurity'' is usually
inferior to open design [55, 28]. Of course, the value of writing and publishing
specifications is greater when the specifications are clear, complete, and at an
appropriate level of abstraction.