Crypto-IT

A protocol is a set of actions that two or more entities need to perform in order to accomplish a task. All users take the actions step by step and successfully carry out the agreed procedure to the end.

Computers and other electronic devices use communications protocols to establish a connection and exchange data. Nowadays there are many protocols and communications standards which are recognized globally. Thanks to that, various different devices located in different places in the world may communicate with each other quite easily.

Cryptographic protocols are protocols that use cryptography. They have to guarantee that no entity will be able to gain more knowledge and access more privileges than it was designed in their algorithms. Cryptographic protocols include various types of encryption, message authentication or key agreement algorithms.

An additional entity, apart from communicating sides, takes part in arbitration protocols. The new entity is called an arbiter, and by definition, the arbiter is impartial, not interested in the communication and trusted by all the other sides. He acts like a bank officer, mediating in financial services.

Arbitration protocols simplify a lot of tasks which are performed by computers. The arbiter makes it easier to resolve disputes and exchange secret data safely. On the other hand, using arbitration protocols may sometimes be inconvenient:

• There is a need to find an arbiter, which may be located far from the other sides, and which would be trusted by all the other entities.
• The servers serving as arbiters must be financed and maintained.
• An arbiter is an obvious bottleneck of the transaction. A damaged, attacked or faulty arbiter is a serious problem for the communicating parties.

Most modern systems for transferring money, like credit cards and PayPal, require trusted intermediaries, like banks and credit card companies, to facilitate the transfer.

A dispute protocol is a kind of arbitration protocol, in which the arbiter is involved only when it is really required. If there are not any problems, then the communicating parties perform the whole task and exchange information without the participation of the arbiter. On the other hand, if a problem occurs - an error, an unexpected circumstance or fraud - an arbiter is called for help. The arbiter has information and power to fix the situation.

Dispute protocols are cheaper and easier in use than arbitration protocols. Usually the fact of the arbiter's existence alone prevents fraud. Because the arbiter does not have to be involved in most communications, the major disadvantage of arbitration protocols is overcome.

In self-enforcing protocols the whole communication doesn't require trusted third parties. The algorithms are designed in a way that assures that any fraud attempt made by one side is immediately visible for others and they are able to prevent it, without suffering any loses.

Undoubtedly self-enforcing protocols have the largest number of advantages and they eliminate the need of involving additional entities. Unfortunately, no all operations can be carried out by using the protocols of this kind.

In general, there are two types of attacks on protocols: active and passive

• Passive attacks: the intruder may eavesdrop the communication but he is not able to interfere with the exchange of messages.
• Active attacks: the attacker tries to change the protocol - by sending new messages, modifying or removing the existing ones, or even altering the whole communication channel.

The main goal of a passive attack is only overhearing the communications. On the other hand, the goals of an active attack may vary, and the effects may usually be much more dangerous for the victims. In the most complex active attacks many intruders take part, attacking various points of the targeted system.