Skip to main content

Advertisement

Springer Nature Link
Log in

0 Trust, 100 % Trust Anchor

Ultimative Herausforderung für die Kryptographie?

  • Schwerpunkt
  • Published:
Datenschutz und Datensicherheit - DuD Aims and scope Submit manuscript

Zusammenfassung

Je weiter sich in Zero Trust Architekturen der Fokus vom Schutz des Perimeters auf die Daten selbst zubewegt, desto wichtiger wird Kryptographie. Dieser Beitrag beleuchtet die Chancen sowie die Risiken und worauf es bei der Umsetzung in einer Zero Trust Architecture (ZTA) ankommt.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Literatur

  1. Mozilla Security Blog (2020). “HTTPS-Only Mode in Firefox 83”. Mozilla, https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/.

  2. Fahl, S., Acar, Y., Perl, H., & Smith, M. (2014). Why Eve and Mallory love android: An analysis of android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 50-61). ACM.

  3. Laurie, B., Langley, A., & Kasper, E. (2013). Certificate Transparency. RFC 6962, IETF.

  4. Weis, Eric (2019). SSL-Inspection – Fluch oder Segen? https://www.brandmauer.de/blog/it-security/ssl-inspection-fluch-oder-segen

  5. Diffie, W., & Hellman, M. (1976). New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6), 644-654.

    Article  MathSciNet  MATH  Google Scholar 

  6. Merkle, R. C. (1978). Secure Communications Over Insecure Channels. Communications of the ACM, 21(4), 294-299.

    Article  MATH  Google Scholar 

  7. Rivest, R., Shamir, A., & Adleman, L. (1978). A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2), 120-126.

    Article  MathSciNet  MATH  Google Scholar 

  8. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., & Polk, W. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, IETF.

  9. National Institute of Standards and Technology. (2020). Special Publication 800-207, Zero Trust Architecture. NIST.

  10. Marlinspike, Moxie & Perrin, Trevor (editor) (2016). The X3DH Key Agreement Protocol. Revision 1, https://signal.org/docs/specifications/x3dh/x3dh.pdf.

  11. Perrin, Trevor (editor) & Marlinspike, Moxie (2016). The Double Ratchet Algorithm. Revision 1, https://signal.org/docs/specifications/doubleratchet/doubleratchet.pdf.

  12. Campbell, B. & Bradley, J. (2020). OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens, RFC 8705, IETF.

  13. Barker, E., & Roginsky, A. (2019). Transitions: Recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication, 800-131A.

  14. Durumeric, Z., Li, F., Kasten, J., Amann, J., Beekman, J., Payer, M., ... & Paxson, V. (2014). The matter of Heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference (pp. 475-488).

  15. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology — CRYPTO’99 (pp. 388-397). Springer.

  16. Soghoian, C., & Stamm, S. (2011, October). Certified lies: Detecting and defeating government interception attacks against SSL. In Proceedings of the 15th international conference on Financial Cryptography and Data Security (Vol. 7126, pp. 250-259). Springer.

  17. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., & Polk, W. (2008). Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, IETF.

  18. Santesson, S. & Myers, M. (2013). X.509 Internet Public Key Infrastructure – Online Certificate Status Protocol – OCSP, RFC 6960, IETF.

  19. Shor, P. W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th Annual Symposium on Foundations of Computer Science (pp. 124-134). IEEE.

  20. Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2018). Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622.

    Article  Google Scholar 

  21. Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39-53.

    Article  Google Scholar 

  22. Bhargav-Spantzel, A., Squicciarini, A. C., Czeskis, A., Bertino, E., & Ferrari, E. (2008). Privacy preserving multi-factor authentication with biometrics. In Proceedings of the second ACM conference on Data and Application Security and Privacy (pp. 63-74).

  23. De Cristofaro, E., Durussel, A., & Aad, I. (2011). Reclaiming privacy for smartphone applications. In 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops) (pp. 84-90). IEEE.

  24. Sun, S. T., & Beznosov, K. (2012). The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 378-390).

  25. National Institute of Standards and Technology. (2020). Special Publication 800-207, Zero Trust Architecture. NIST.

  26. Bundesamt für Sicherheit in der Informationstechnik (2023). Mindeststandard des BSI zur Verwendung von Transport Layer Security nach § 8 Absatz 1 Satz 1 BSIG – Version 2.4 vom 25.05.2023.

  27. Pahl, C. (2015). Containerization and the PaaS Cloud. IEEE Cloud Computing, 2(3), 24-31.

    Article  Google Scholar 

  28. Moskowitz, R. (2018). Guidelines for Cryptographic Agility and Selecting Cryptographic Suites, RFC 7696, IETF.

  29. Hammann , S., Sasse, R. & Basin, D. (2020). Privacy-Preserving OpenID Connect, ASIA CCS ’20, https://people.inf.ethz.ch/basin/pubs/asiaccs20.pdf.

  30. Rane, A., Lin, C., & Tiwari, M. (2020). Ryoan: A distributed sandbox for untrusted computation on secret data. ACM Transactions on Computer Systems (TOCS), 35(4), 1-30.

    Google Scholar 

  31. Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. In Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing (pp. 169-178).

  32. Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.

    Article  Google Scholar 

  33. Bernstein, D. J., & Lange, T. (2017). Post-Quantum Cryptography. Nature, 549(7671), 188-194.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. intcube GmbH, Berlin, Deutschland

    David Fuhr & Dror-John Röcher

Authors
  1. David Fuhr
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dror-John Röcher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Fuhr.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fuhr, D., Röcher, DJ. 0 Trust, 100 % Trust Anchor. Datenschutz Datensich 47, 633–637 (2023). https://doi.org/10.1007/s11623-023-1834-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11623-023-1834-5