Sciweavers

Free Online Productivity Tools i2Speak i2Symbol i2OCR iTex2Img iWeb2Print iWeb2Shot i2Type iPdf2Split iPdf2Merge i2Bopomofo i2Arabic i2Style i2Image i2PDF iLatex2Rtf Sci2ools

10

CCS
1993
ACM

favoriteEmaildiscussreport

89views Security Privacy» more CCS 1993»

Why Cryptosystems Fail

13 years 8 months ago

Why Cryptosystems Fail

Download www.cl.cam.ac.uk

Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes. In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.

Ross J. Anderson

Real-time Traffic

CCS 1993 | Cryptographic Systems | Failure Modes | Retail Banking Systems | Security Privacy |

claim paper

Related Content

» Why Mobile Payments Fail Towards a Dynamic and MultiPerspective Explanation

» Why Kad Lookup Fails

» Why Do Upgrades Fail and What Can We Do about It

» Why Do Internet Services Fail and What Can Be Done About It

» Why Heideggerian AI failed and how fixing it would require making it more Heideggerian

» A ChosenCiphertext Attack against NTRU

» Efficient elliptic curve exponentiation

» Failure of the McEliece PublicKey Cryptosystem Under MessageResend and RelatedMessage Atta...

» Some Basic Cryptographic Requirements for ChaosBased Cryptosystems

Post Info
More Details (n/a)

Added	09 Aug 2010
Updated	09 Aug 2010
Type	Conference
Year	1993
Where	CCS
Authors	Ross J. Anderson

Comments (0)