Download:
|
by Theo De Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, Niels Provos
In Proc. of the 1999 USENIX Annual Technical Conference, Freenix Track
http://www.openbsd.org/papers/crypt-paper.ps
Add To MetaCart
Abstract:
Cryptographic mechanisms are an important security component of an operating system in securing the system itself and its communication paths. Indeed, in many situations, cryptography is the only tool that can solve a particular problem, e.g., network-level security. While cryptography by itself does not guarantee security, when applied correctly, it can significantly improve overall security. Since one of the main foci of the OpenBSD system is security, various cryptographic mechanisms are employed in a number of different roles. This paper gives an overview of the cryptography employed in OpenBSD. We discuss the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network). 1
Citations
|
1751
|
New directions in cryptography
– Diffie, Hellman
- 1976
|
|
834
|
Security architecture for the Internet protocol
– Kent, Atkinson
- 1998
|
|
491
|
The MD5 message-digest algorithm
– Rivest
- 1992
|
|
252
|
New Directions in Cryptography
– e, Hellman
- 1976
|
|
202
|
Authentication and authenticated key exchanges
– Diffie, Oorschot, et al.
- 1992
|
|
154
|
A cryptographic file system for Unix
– Blaze
- 1993
|
|
131
|
The S/KEY One-Time password system
– Haller
- 1995
|
|
115
|
Description of a New Variable-Length Key, 64-Bit Block Cipher", from "Fast Software Encryption, Cambridge Security Workshop Proceedings
– Schneier
- 1994
|
|
77
|
Kerberos authentication and authorization system
– MILLER, NEUMAN, et al.
- 1997
|
|
73
|
The Internet IP Security Domain of Interpretation
– PIPER
- 1998
|
|
67
|
Photuris: Session-key management protocol
– Karn, Simpson
- 1998
|
|
61
|
Internet Security Association and Key Management Protocol
– Maughan, Schertler, et al.
- 1997
|
|
60
|
IPv6 Encapsulating Security Payload
– Atkinson
- 1995
|
|
32
|
The Internet Key Exchange (IKE). Request for Comments (Proposed Standard) 2409, Internet Engineering Task Force
– Harkins, Carrel
- 1998
|
|
22
|
The TLS protocol version 1.0,” Request for Comments 2246, Internet Engineering Task Force
– Dierks, Allen
- 1999
|
|
22
|
A Weakness in the 4.2BSD
– Morris
- 1985
|
|
20
|
Probable Plaintext Cryptanalysis of the IP Security Protocols
– Bellovin
- 1997
|
|
19
|
IP Encapsulating Security Payload (ESP),” Request for Comments 2406
– KENT, ATKINSON
- 1998
|
|
17
|
PKCS #1: RSA Encryption Standard, version 1.5 edition
– Laboratories
- 1993
|
|
16
|
Implementing IPsec
– Keromytis, Ioannidis, et al.
- 1948
|
|
14
|
SSH protocol architecture
– Ylonen, Kivinen, et al.
- 2000
|
|
13
|
A future-adaptable password scheme
– Provos, Mazi`eres
- 1999
|
|
8
|
Domain name system security extensions. Request for Comments (Proposed Standard) 2065, Internet Engineering Task Force
– Eastlake
- 1999
|
|
8
|
IP authentication header. Request for Comments (Proposed Standard
– Atkinson
- 1995
|
|
7
|
Also known as: 59 Fed Reg 35317
– Standard
- 1995
|
|
6
|
The S/KEY one-time password system. Request for Comments (Informational
– Haller
- 1995
|
|
4
|
Domain name system structure and delegation. Request for Comments (Informational
– Postel
- 1994
|
|
2
|
The use of HMACRIPEMD-160-96 within ESP and AH
– Keromytis, Provos
- 1999
|
|
2
|
The use of HMACMD5-96 within ESP and AH. Request for Comments (Proposed Standard) 2403, Internet Engineering Task Force
– Madson, Glenn
- 1998
|
|
2
|
The use of HMACSHA-1-96 within ESP and AH. Request for Comments (Proposed Standard) 2404, Internet Engineering Task Force
– Madson, Glenn
- 1998
|
