Abstract
Network protocols define how networked computer systems exchange data . As they define all aspects of this communication, the way they are designed is also security sensitive. If communication is supposed to be encrypted, this has to be outlined in the protocol’s specification. If services implementing the protocol should allow for authentication, this has to be defined in the protocol. Hence, the way a protocol is designed is elemental for the security of systems later implementing it. Security by design starts with the protocol definition. Especially in today’s fast-moving environment, with cloud services and the Internet of Things , engineers constantly have to develop new protocols. In this chapter, we derive guidelines for designing new protocols securely, as well as recommendations on how existing protocols can be adjusted to become more secure. We base these recommendations on our analysis of how – historical – protocols were designed and which underlying design decisions made their corresponding implementations susceptible to security issues.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Aboba, B., et al. (2004). Securing Block Storage Protocols over IP, IETF.
Al-Shaer, E. S. and H. H. Hamed (2003). Firewall policy advisor for anomaly discovery and rule editing. Proc. IFIP/IEEE Symposium Integrated Network Management.
Alarcón, R. and E. Wilde (2010). RESTler: Crawling RESTful services. Proc. World Wide Web Conference.
Armbrust, M., et al. (2010). “A view of cloud computing.” Communications of the ACM 53(4): 50–58.
Assolini, F. (2012). The Tale of One Thousand and One DSL Modems.
Atikoglu, B., et al. (2012). Workload analysis of a large-scale key-value store. ACM SIGMETRICS Performance Evaluation Review.
Atkinson, R. (1995a). IP Authentication Header, IETF.
Atkinson, R. (1995b). IP Encapsulating Security Payload (ESP), IETF.
Atkinson, R. (1995c). Security Architecture for the Internet Protocol, IETF.
Balfanz, D., et al. (2004). “In search of usable security: Five lessons from the field.” Proc. IEEE Security & Privacy (5): 19–24.
Barnes, R. (2011). Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE), IETF.
Barrett, D. J., et al. (2005). SSH, The Secure Shell: The Definitive Guide: The Definitive Guide, O’Reilly Media, Inc.
Barrett, R., et al. (2004). Field studies of computer system administrators: analysis of system management tools and practices. Proc. ACM Conference on Computer Supported Cooperative Work.
Bellovin, S. M. and W. R. Cheswick (1994). “Network firewalls.” IEEE Communication Magazine 32(9): 50–57.
Bernstein, D. J. How the AXFR protocol works.
Bernstein, D. J., et al. (2012). The security impact of a new cryptographic library. Progress in Cryptology – LATINCRYPT 2012: 159–176.
Bikos, A. N. and N. Sklavos (2013). “LTE/SAE security issues on 4G wireless networks.” Proc. IEEE Security & Privacy 11(2): 55–62.
Birrell, A. D. and B. J. Nelson (1984). “Implementing remote procedure calls.” ACM Trans. Computer Systems 2(1): 39–59.
Black, D. and P. Koning (2014). Securing Block Storage Protocols over IP: RFC 3723 Requirements Update for IPsec v3, IETF.
Blumenthal, U., et al. (2004). The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model, IETF.
Blumenthal, U. and B. Wijnen (1998). User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3), IETF.
Blumenthal, U. and B. Wijnen (2002). User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3), IETF.
Boe, M. and J. Altman (2002). TLS-based Telnet Security, IETF.
Bollinger, G. (2015). “Securely Managing Your Networks With SNMPv3.” CiscoLIVE! BRKNMS-2658.
Borman, D. (1993). Telnet Authentication Option, IETF.
Botnet, C. (2013). Internet census 2012: Port scanning/0 using insecure embedded devices.
Botta, D., et al. (2007). Towards understanding IT security professionals and their tools. Proc. ACM Symposium on Usable Privacy and Security.
Braden, R. (1989a). Requirements for Internet Hosts – Application and Support, IETF.
Braden, R. (1989b). Requirements for Internet Hosts – Communication Layers, IETF.
Breen, S. (2015). What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
Cantelon, M., et al. (2014). Node.js in Action, Manning.
Carr, C. S. (1969). Network subsystem for time sharing hosts, IETF.
Casado, M., et al. (2006). SANE: A Protection Architecture for Enterprise Networks. Proc. Usenix Security Symp.
Case, J., et al. (1996). Introduction to Community-based SNMPv2, IETF.
Case, J., et al. (1999). Introduction to Version 3 of the Internet-standard Network Management Framework, IETF.
Case, J., et al. (2002). Introduction and Applicability Statements for Internet-Standard Management Framework, IETF.
Case, J. D., et al. (1988). Simple Network Management Protocol, IETF.
Chapman, D. B. (1992). Network (In) Security Through IP Packet Filtering. Proc. Usenix.
Charland, A. and B. Leroux (2011). “Mobile application development: Web vs. native.” Communications of the ACM 54(5): 49–53.
Chen, D. and H. Zhao (2012). Data security and privacy protection issues in cloud computing. Proc. IEEE Computer Science and Electronics Engineering (ICCSEE).
Claise, B. (2004). Cisco Systems NetFlow Services Export Version 9, IETF.
Claise, B. (2008). Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information, IETF.
Clark, D. (1988). “The design philosophy of the DARPA Internet protocols.” ACM Computer Communication Review 18(4): 106–114.
Cormack, G. V. (2007). “Email spam filtering: A systematic review.” Foundations and Trends in Information Retrieval 1(4): 335–455.
Corrente, A. and L. Tura (2004). Security performance analysis of SNMPv3 with respect to SNMPv2c. Proc. IFIP/IEEE Network Operations and Management Symposium (NOMS).
Costin, A., et al. (2014). A large-scale analysis of the security of embedded firmwares. Proc. Usenix Security Symp.
Crocker, D. (1982). STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES, IETF.
Cuppens, F., et al. (2005). Detection and removal of firewall misconfiguration. Proc. IASTED Conference on Communication, Network and Information Security.
DeCandia, G., et al. (2007). Dynamo: Amazon’s highly available key-value store. ACM SIGOPS Operating System Review.
Docker.com (2015).
Durumeric, Z., et al. (2013). ZMap: Fast Internet-wide Scanning and Its Security Applications. Proc. Usenix Security Symp.
Dwivedi, H. (2005). “iSCSI Security.” Black Hat.
Eastlake, D. (2005). Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), IETF.
Edge, B. (2015). Data, Technologies and Security – Part 1.
Falliere, N., et al. (2011). “W32. stuxnet dossier.” White paper, Symantec Corp., Security Response 5.
Fallon, R. (2015). Celebgate: Two Methodological Approaches to the 2014 Celebrity Photo Hacks. Internet Science: 49–60.
Ferguson, N. and B. Schneier (2000). “A cryptographic evaluation of IPsec.”
Fiebig, T., et al. (2016). A One-Year Perspective on Exposed In-Memory Key-Value Stores. Proc. ACM Workshop on Automated Decision Making for Active Cyber Defense (SafeConf), ACM.
Fiebig, T., et al. (2013). Grindr application security evaluation report.
Flanagan, H. and S. Ginoza (2014). RFC Style Guide, IETF.
Foster, I., et al. (2015). Fast and Vulnerable: A Story of Telematic Failures. Proc. USENIX Workshop on Offensive Technologies (WOOT).
Frye, R., et al. (2000). Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework, IETF.
Frye, R., et al. (2003). Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework, IETF.
Furnell, S. M., et al. (2009). “An integrated view of human, organizational, and technological challenges of IT security management.” Information Management & Computer Security 17(1): 4-19.
Garcia-Alfaro, J., et al. (2013). “Management of stateful firewall misconfiguration.” Elsevier Computers & Security 39: 64–85.
Greenwald, S. J., et al. (2004). The user non-acceptance paradigm: INFOSEC’s dirty little secret. Proc. ACM Workshop on New Security Paradigms.
Gutmann, P. and I. Grigg (2005). “Security usability.” Proc. IEEE Security & Privacy 3(4): 56–58.
Haber, E. M. and J. Bailey (2007). Design guidelines for system administration tools developed through ethnographic field studies. Proc. ACM Symposium on Computer Human Interaction for the Management of Information Technology.
Hayes, J. (2013). “Security Issues and Best Practices for Water/Wastewater Facilities.” Proceedings of the Water Environment Federation 2013(8): 6442–6461.
Herriot, R., et al. (1999). Internet Printing Protocol/1.0: Encoding and Transport, IETF.
Hoffman, P. (1999). SMTP Service Extension for Secure SMTP over TLS, IETF.
Hoffman, P. (2005). Cryptographic Suites for IPsec, IETF.
Hoffman, P. and J. Schlyter (2012). The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA, IETF.
Housley, R. (2005). Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP), IETF.
Hunt, A. and D. Thomas (2000). The pragmatic programmer: From journeyman to master, Addison-Wesley Professional.
Industry, P. C. (2014). Payment Card Industry Data Security Standards, Abril.
Institute, S. A. N. S. (2003). Printer Insecurity: Is it Really an Issue?
Jung, J. and E. Sit (2004). An empirical study of spam traffic and the use of DNS black lists. Proc. ACM Internet Measurement Conference.
Jung, J., et al. (2002). “DNS Performance and the Effectiveness of Caching.” IEEE/ACM Trans. Networking (TON) 10(5): 589–603.
Kalafut, A. J., et al. (2008). Understanding implications of DNS zone provisioning. Proc. ACM Internet Measurement Conference.
Karn, P., et al. (1995). The ESP DES-CBC Transform, IETF.
Kaufman, C. (2005). Internet Key Exchange (IKEv2) Protocol, IETF.
Kent, S. (2005a). Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP), IETF.
Kent, S. (2005b). IP Authentication Header, IETF.
Kent, S. (2005c). IP Encapsulating Security Payload (ESP), IETF.
Kent, S. and K. Seo (2005). Security Architecture for the Internet Protocol, IETF.
Kim, T. and N. Zeldovich (2013). Practical and Effective Sandboxing for Non-root Users. Proc. Usenix.
Klensin, J., et al. (1995). SMTP Service Extensions, IETF.
Klensin, J. and M. Padlipsky (2008). Unicode Format for Network Interchange, IETF.
Krämer, J. I. (2015). Why cryptography should not rely on physical attack complexity, Springer.
Kraus, L., et al. (2015). “Analyzing End-Users’ Knowledge and Feelings Surrounding Smartphone Security and Privacy.” Proc. IEEE Security & Privacy Workshops – Mobile Security Technologies (MoST).
Krenc, T., et al. (2014). “An Internet census taken by an illegal botnet: A qualitative assessment of published measurements.” ACM Computer Communication Review 44(3): 103–111.
Kührer, M., et al. (2014). Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. Proc. Usenix Security Symp.
Lawrence, N. and P. Traynor (2012). Under New Management: Practical Attacks on SNMPv3. Proc. USENIX Workshop on Offensive Technologies (WOOT).
Lorente, E. N., et al. (2015). Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers. Proc. USENIX Workshop on Offensive Technologies (WOOT).
Mahadevan, B. (2000). “Business models for Internet-based e-commerce.” California management review 42(4): 55–69.
Masse, M. (2011). REST API design rulebook, O’Reilly Media, Inc.
Mayer, A., et al. (2000). Fang: A firewall analysis engine. Proc. IEEE Security & Privacy.
McGregor, S. E., et al. (2015). Investigating the computer security practices and needs of journalists. Proc. Usenix Security Symp.
Metzger, P. and W. Simpson (1995). IP Authentication using Keyed MD5, IETF.
Mockapetris, P. V. (1983a). Domain names: Concepts and facilities, IETF.
Mockapetris, P. V. (1983b). Domain names: Implementation specification, IETF.
Moonen, R. (2012). “Digitale achterdeuren in de Nederlandse internet infrastructuur.” Itsx bv.
Myers, J. (1999). SMTP Service Extension for Authentication, IETF.
Nelson, B. J. (1981). “Remote procedure call.”
Newman, S. (2015). Building Microservices, O’Reilly Media, Inc.
O’Sullivan, T. C. (1971). Telnet Protocol – a proposed document, IETF.
Okman, L., et al. (2011). Security issues in NoSQL databases. Proc. IEEE Trust, Security and Privacy in Computing and Communications (TrustCom).
Orman, H. (2003). “The Morris worm: A fifteen-year perspective.” Proc. IEEE Security & Privacy (5): 35–43.
Pa, Y. M. P., et al. (2015). IoTPOT: Analysing the Rise of IoT Compromises. Proc. USENIX Workshop on Offensive Technologies (WOOT).
Pallis, G. (2010). “Cloud computing: the new frontier of Internet computing.” IEEE Internet Computing (5): 70-73.
Pfleeger, C. P. and S. L. Pfleeger (2002). Security in computing, Prentice Hall Professional Technical Reference.
Polakis, I., et al. (2015). Where’s Wally?: Precise User Discovery Attacks in Location Proximity Services. Proc. ACM Conference on Computer and Communications Security (CCS).
Postel, J. (1982). Simple Mail Transfer Protocol, IETF.
Postel, J. (1992). Introduction to the STD Notes, IETF.
Postel, J. (1993). Instructions to RFC Authors, IETF.
Postel, J. and J. Reynolds (1997). Instructions to RFC Authors, IETF.
Postel, J. and J. K. Reynolds (1983). Telnet Protocol Specification, IETF.
Pratistha, I. M. P., et al. (2003). A Micro-Services Framework on Mobile Devices. ICWS.
Qazi, Z. A., et al. (2013). SIMPLE-fying middlebox policy enforcement using SDN. ACM Computer Communication Review.
Quittek, J., et al. (2004). Requirements for IP Flow Information Export (IPFIX), IETF.
Ren, K., et al. (2012). “Security challenges for the public cloud.” IEEE Internet Computing (1): 69–73.
Rescorla, E. and B. Korver (2003). Guidelines for Writing RFC Text on Security Considerations, IETF.
Richter, P., et al. (2015). Distilling the Internet’s Application Mix from Packet-Sampled Traffic. Proc. Passive and Active Measurement (PAM).
Romanow, A., et al. (2005). Remote Direct Memory Access (RDMA) over IP Problem Statement, IETF.
Rossow, C. (2014). Amplification hell: Revisiting network protocols for DDoS abuse. Symposium on Network and Distributed System Security (NDSS).
Roth, V., et al. (2005). “Security and usability engineering with particular attention to electronic mail.” International Journal of Human-Computer Studies 63(1): 51–73.
Satran, J., et al. (2004). Internet Small Computer Systems Interface (iSCSI), IETF.
Schiller, J. (2002). Strong Security Requirements for Internet Engineering Task Force Standard Protocols, IETF.
Schiller, J. (2005). Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2), IETF.
Schneier, B. (2008). The psychology of security. Progress in Cryptology – AFRICACRYPT 2008, Springer: 50-79.
Segmuller, W. and B. Leiba (2008). Sieve Email Filtering: Relational Extension, IETF.
Slay, J. and M. Miller (2008). Lessons learned from the maroochy water breach, Springer.
Spafford, E. H. (1989). “The Internet worm program: An analysis.” ACM Computer Communication Review 19(1): 17–57.
Srinivas, S. and A. Nair (2015). Security maturity in NoSQL databases-are they secure enough to haul the modern IT applications? Proc. IEEE Conference on Advances in Computing, Communications and Informatics (ICACCI).
Stallings, W. (1998). “SNMPv3: A security enhancement for SNMP.” IEEE Communications Surveys 1(1): 2–17.
Streibelt, F., et al. (2013). Exploring EDNS-client-subnet adopters in your free time. Proc. ACM Internet Measurement Conference.
Unger, N., et al. (2015). SoK: Secure Messaging. Proc. IEEE Security & Privacy.
van Halteren, A. and P. Pawar (2006). Mobile service platform: A middleware for nomadic mobile service provisioning. Proc. IEEE Wireless and Mobile Computing, Networking and Communications (WiMob).
van Rijswijk-Deij, R., et al. (2014). DNSSEC and Its Potential for DDoS Attacks: A Comprehensive Measurement Study. Proc. ACM Internet Measurement Conference.
website, M. (2015).
West, R. (2008). “The psychology of security.” Communications of the ACM 51(4): 34–40.
Wijnen, B., et al. (1999). An Architecture for Describing SNMP Management Frameworks, IETF.
Wool, A. (2004). “A quantitative study of firewall configuration errors.” IEEE Computer 37(6): 62–67.
Xu, T., et al. (2015). Hey, you have given me too many knobs!: Understanding and dealing with over-designed configuration in system software. Proc. ACM Meeting on Foundations of Software Engineering.
Xu, T., et al. (2013). Do not blame users for misconfigurations. Proc. ACM Conference on Symposium on Operating Systems Principles (SOSP).
Yang, X., et al. (2005). A DoS-limiting network architecture. ACM Computer Communication Review.
Ylönen, T. (1996). SSH: Secure Login Connections over the Internet. Proc. Usenix Security Symp.
Ylonen, T. and C. Lonvick (2006a). The Secure Shell (SSH) Authentication Protocol, IETF.
Ylonen, T. and C. Lonvick (2006b). The Secure Shell (SSH) Connection Protocol, IETF.
Ylonen, T. and C. Lonvick (2006c). The Secure Shell (SSH) Protocol Architecture, IETF.
Ylonen, T. and C. Lonvick (2006d). The Secure Shell (SSH) Transport Layer Protocol, IETF.
Yuan, L., et al. (2006). Fireman: A toolkit for firewall modeling and analysis. Proc. IEEE Security & Privacy.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Fachmedien Wiesbaden GmbH, ein Teil von Springer Nature
About this chapter
Cite this chapter
Fiebig, T. et al. (2018). Learning from the Past: Designing Secure Network Protocols. In: Bartsch, M., Frey, S. (eds) Cybersecurity Best Practices. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-21655-9_41
Download citation
DOI: https://doi.org/10.1007/978-3-658-21655-9_41
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-21654-2
Online ISBN: 978-3-658-21655-9
eBook Packages: Computer Science and Engineering (German Language)