The encyclopedia defines a security protocol as “a sequence of operations that ensure protection of data. Used with an underlying communication protocol, it provides secure delivery of data between two parties.”
We use security protocols in everyday computing. For example, when we use our domain credentials to log in to a Microsoft Windows environment, we use the Kerberos (or the NTLM protocol in the earlier versions of Windows) indirect authentication protocol. When we conduct an e-commerce transaction using a secure e-commerce site, we use various encryption protocols, integrity protocols, and so on. Of course, there are other types of security protocols – authentication protocols, access-control (or authorization protocols), encryption protocols, key management protocols, key distribution protocols, and so on.
In day-to-day computing, we use standard security protocols because they offer us significant security benefits.
For one, experts design standard security protocols. Once designed, these are reviewed and re-reviewed by experts in standards organizations (e.g., IEEE, W3C, IETF). New protocols are subjected to security threat modeling analysis to ensure that they offer protection against commonly known attack patterns. When these protocols are deployed in the field, their security is monitored, and over time their security kinks are worked out.
In addition, when these standard protocols become (eventually) insecure, more secure versions of protocols are made available (e.g., TLS 1.1/1.2 to replace TLS 1.0), or new protocols are designed to replace the aging ones (e.g., AES replaced aging DES/3DES).
There are weaknesses associated with the use of standard protocols as well. Since all the knowledge pertaining to a standard protocol design/implementation is in the public domain, there is a greater likelihood of finding zero-day exploits. Additionally, when an issue discovered, it is widely known and exploitable in a very short period of time. The Heartbleed bug is a good example of this. Finally, tools are widely available to exploit any older and unpatched versions of the software libraries/packages that are known to implement the standard protocol incorrectly.