Why cryptosystems fail

Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes. In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.

[1]  Wai Wong,et al.  Application of formal methods to railway signalling—a case study , 1993 .

[2]  Donald W. Davies,et al.  Security for computer networks - an introduction to data security in teleprocessing and electronic funds transfer (2. ed.) , 1989, Wiley series in communication and distributed systems.

[3]  Karen R. Sollins,et al.  Towards Security in an Open Systems Federation , 1992, ESORICS.

[4]  Richard Outerbridge,et al.  Des Watch: an Examination of the Sufficiency of the Data Encryption Standard for Financial Institution Information Security in the 1990's , 1991, Cryptologia.

[5]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[6]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[7]  Charles Cresson Wood,et al.  Security for computer networks : D.W. Davies and W.L. Price New York: John Wiley and Sons, 1984. 386 + xix pages, $19.50 , 1985, Computers & security.

[8]  Ross J. Anderson UEPS - A Second Generation Electronic Wallet , 1992, ESORICS.

[9]  Abraham Bookstein,et al.  Cryptography: A new dimension in computer data security ? and ?. Wiley-Interscience, New York (1982). xxi + 775 pp., $43.95. ISBN 0471-04892-5. , 1985 .

[10]  Alan Burns,et al.  On the Meaning of Safety and Security , 1992, Comput. J..

[11]  T. Kuhn The Structure of Scientific Revolutions. , 1964 .

[12]  Marie A. Wright Security controls in ATM systems , 1991 .

[13]  Michael J. Kelly,et al.  Common Cryptographic Architecture Cryptographic Application Programming Interface , 1991, IBM Syst. J..

[14]  Don Coppersmith,et al.  The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..

[15]  Ken Wong Data security — watch out for the new computer criminals , 1987 .

[16]  Harold Joseph Highland,et al.  Perspectives in Information Technology Security , 1992, IFIP Congress.