Your Field Guide To Designing Security Into Networking Protocols

From, Mark Pustilnik & Andrew Roths, MSDN Magazine.

Designing a secure protocol is a treacherous task. This article outlines some of the most common pitfalls that await you, but there are many others. Perhaps the best insurance against making mistakes is having your design reviewed by knowledgeable peers, documenting your security guarantees as well as your thought process, and making sure that no holes are introduced during the inevitably iterative software development process.

You cannot succeed at this task without understanding in great detail the security characteristics of your building blocks, including the fact that they, in turn, are not infallible. You can safely assume that security holes will be found eventually, and be prepared to version your design, including the "pluggable" aspects such as authentication and cryptographic primitives.

This article discusses - Designing for secure communication, Man-in-the-middle attacks, Undue trust relationships in secure transports and Versioning & updates.

read more ...