Purpose
The Protocol object is used to represent the protection level of a Dataflow object/communication.
| Object | Connection | Description |
|---|---|---|
| Dataflow | Protocol Status | The defense attributes of the Protocol object has an impact on the connected Dataflow object(s). |
Attack Steps and Defenses
| Attack Step | Description |
|---|---|
| None | There are no attack steps associated with the Protocol object. |
| Defense | Description | Impact | Default |
|---|---|---|---|
| Authenticated | Cryptographic authentication should guarantee that the information provided is authentic i.e. it has not been altered or substituted. If a Protocol is Authenticated it is assumed to ensure authentication i.e. weak or broken cryptos should be modeled as not authenticated. | Reduces the probability of ManInTheMiddle. | Off |
| Encrypted | Denotes whether or not a Dataflow is Encrypted i.e. a ciphertext has been created from a plaintext. If a Protocol is Encrypted it is assumed to ensure that the ciphertext is not decrypted without authorization i.e. weak or broken cryptos should be modeled as not encrypted. | Prevents Eavesdrop and reduces the probability of ManInTheMiddle. | Off |
| Nonce | Nonce is an abbreviation of number used once and can be appended to communication to ensure that old messages cannot be reused in replay attacks. The nonce in securiLang should be interpreted as a cryptographic non-predictable value. | Prevents Replay attacks. | Off |