In this paper we analyze SCEP, the Simple Certificate Enrollment Procedure, a two-way communication protocol to manage the secure emission of digital certificates to network devices. The protocol provides a consistent method of requesting and receiving certificates from different Certification Authorities, by offering an open and scalable solution for deploying certificates. It can be bene- ficial to all network devices and IPSEC software solutions. We formally analyze SCEP through a software tool for the automatic analysis of cryptographic protocols, able to discover, at a conceptual level, attacks against security procedures. Our method of survey contributes towards a better understanding of the structure and the aims of a protocol, both for protocol developers, analyzers and final users.

Anna Vaccarelli

Fabio Martinelli

Marinella Petrocchi