Check out the new USENIX Web site. next up previous
Next: Paper Organization Up: Cryptography in OpenBSD: An Previous: Abstract

Introduction

  An important aspect of security in a modern operating system is cryptographic services and mechanisms. While not a security panacea, cryptography is sometimes the right tool in solving certain problems. In particular, cryptography is extremely useful in solving a number of security issues in the following three areas:

Since one of our goals in the OpenBSD project is to provide strong security, we have implemented a number of protocols and services in the base system. An OpenBSD distribution thus has full support for such mechanisms as IPsec, SSL, Kerberos, etc, being unaffected by export restriction laws.

Simply supporting these mechanisms, however, is not sufficient for wide-spread use. We are constantly trying to make their use as easy and, where possible, transparent to the end user. Thus, more work is done in those mechanisms that can be used to provide transparent security, e.g., IPsec.

With this paper, we intend to give a good overview of the cryptography currently distributed and used in OpenBSD, and of our plans for future work. We hope this will be of interest both to end-users and administrators looking for better ways to protect their host and networks, and to developers in other systems (free or otherwise) that are considering supporting some of these mechanisms. We should again caution the readers, however, that cryptography does not solve all security problems in an operating system, and should not be considered as an end in itself, but rather as an important piece of the security puzzle.



 
next up previous
Next: Paper Organization Up: Cryptography in OpenBSD: An Previous: Abstract
& D. Keromytis
4/26/1999