Tropyc: A Pattern Language for Cryptographic Software Tropyc: A Pattern Language for Cryptographic SoftwareBy: A.M. Braga, C.M.F. Rubira, R. Dahab
Published in: PLoPD4
Pages: 337-371
Category: Cryptography, Security
Summary: Cryptographic software architecture addresses four fundamental services of information security: data confidentiality, data integrity, sender authentication, and sender nonrepudiation.
Pages: 342-345
To structure flexible and reusable cryptographic software for secure communication, define Codifier and Decodifier classes. The Codifier class has a Hook Method[Pree94] that performs a transformation on the sent message. The Decodifier class has a Hook Method that performs a transformation on the received message.
Pages: 346-349
To support the sending of sensitive messages so outsiders can't read them, have the sender and receiver share an encryption function and a secret key. The sender encrypts the message; the receiver decrypts it.
Pages: 347-349
A receiver of long messages can determine whether a message is correct when cryptographic keys are not used, if the sender and receiver agree to use a Modification Detection Code (MDC). Sender computes the MDC of the message and sends it along with the message. Receiver compares the MDC of the message to the received MDC.
Pages: 349-351
The sender and receiver of messages can distinguish their communication from perhaps spurious ones when you're using a secret key and a secure channel if the sender and receiver use a cryptographic algorithm for generation of Message Authentication Codes (MACs). Sender computes the MAC of the message-plus-key. Receiver computes the MAC of the message-plus-key.
Pages: 351-353
The receiver of a message can convince himself and a third party of the identity of the sender, if the sender and receiver use a public-key digital-signature protocol. Sender applies the algorithm using the private key and sends the result (the signature). Receiver encrypts the message with the private key. Only the knowledge of the key by the sender could have produced the signature.
Pages: 353-355
To verify the integrity of an encrypted message without loss of secrecy, use a Modification Detection Code (MDC) to compute the MDC of the original message. The message is encrypted and sent, along with the MDC. The secret key to compute the MDC must be different from the public key used for encryption.
Pages: 355-356
To authenticate the sender of an encrypted message without the loss of secrecy, use Information Secrecy and Sender Authentication. Use a Message Authentication Code (MAC). Compute the MAC over the original message. Both encrypted message and the MAC are sent. The secret key to compute the MAC must be different from the public key used for encryption.
Pages: 356-358
A receiver can prove to a third party the authorship of an encrypted message without loss of secrecy, by using Information Secrecy and Signature. Sender signs a message, encrypts the signed message and sends it. Receiver encrypts the message and verifies the signed message.
Pages: 358-359
To reduce the memory requirements for signed messages while increasing the performance of the protocol, use Signature and Message Integrity. Implement a signature protocol over a message hash value, which is a Modification Detection Code. Sender computes the hash value of the message, signs it, and sends both. Receiver decrypts the signature, recovers the hash value, and compares it to the one recovered from the signature.
Pages: 359-361
To reduce the memory required to store a message signature while increasing system performance, without loss of secrecy, use Information Secrecy and Signature with Appendix. Sender computes a hash value of the message and signs it. The original message is encrypted and sent with the signed hash value. Receiver decrypts the message and verifies the signature of the hash value with a computed hash value of the decrypted message.