Crypto protocols held back by legacy, says ENISA

EU takes the microscope to security

Mon 24 Nov 2014 // 03:05 UTC

The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto designers they're doing it wrong, in two reports released late last week.

At the protocol level, cryptography suffers from the tyranny of the installed base, the group writes in Study on cryptographic protocols (PDF here).

The report states that “cryptographic protocols suffer more from legacy issues than the underlying cryptographic components”, and notes that even when a protocol meets the demands of formal proofs, it can easily be broken by a developer with an eye to improving things:

“Designers and implementers should refrain from “optimising” well studied protocols to achieve some specific application need; unless they are prepared to revisit and re-evaluate the above security proofs. Small insignificant changes in protocols can result in invalidating the guarantees of such proofs”, the study notes.

Its second report, Algorithms, key size and parameters (PDF), adds consideration of side-channel attacks (both in hardware and software) and presents some suggestions for countermeasures.

Among the kinds of side-channel attacks ENISA suggests designers take into account are:

Timing attacks – designers need to make sure that execution time isn't dependent on the private key;
Power consumption observations – “the instantaneous power consumption signal not only leaks the execution time of the algorithm, but also its level of activity”, the paper notes, so designers of hardware crypto should use balanced circuits to reduce the leakage;
Designers should avoid data-dependent branching, and similarly shy away from lookups that are data dependent, because both of these can reveal information about key processing; and
The document also recommends devs use techniques to mask the correlations between data elements and secrets.

There are also long discussions of random number generation and key life-cycle management. ®

Topics

Special Features

Vendor Voice

Resources

Security

Crypto protocols held back by legacy, says ENISA

EU takes the microscope to security

More about

More about

Narrower topics

More about

More about

More about

Narrower topics

TIP US OFF

Other stories you might like

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

Malicious xz backdoor reveals fragility of open source

Reducing the cloud security overhead

Rust developers at Google are twice as productive as C++ teams

US critical infrastructure cyberattack reporting rules inch closer to reality

Feds finally decide to do something about years-old SS7 spy holes in phone networks

H-1B visa fraud alive and well amid efforts to crack down on abuse

Feds probe alleged classified US govt data theft and leak

Apple's GoFetch silicon security fail was down to an obsession with speed

Rubrik files to go public following alliance with Microsoft

Nearly 1M medical records feared stolen from City of Hope cancer centers

About Us

Our Websites

Your Privacy