The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Why Cryptosystems Fail

Author

R. Anderson

Entry type

techreport

Abstract

Designers of cryptographic systems are at a disadvantage compared with most other engineers, in that information on how these systems fail is hard to get: their major users have been traditionally governemtn agencies which are very secretive about their mistakes. We Presnt the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by crytosystem designers was wrong: most frauds were not caused by cryptoanalysis or other technical attacks, but by implemenation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some alternatives, and see some signs taht this shift may be under way.

Date

1996 – November – 24

URL

http://portal.acm.org/citation.cfm?id=168615&coll=portal

Address

Cambridge CB@ 3QG

Institution

Cambridge University

Key alpha

Anderson

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.