Sciweavers

CAU
2004

Encrypted? Randomised? Compromised? (When Cryptographically Secured Data is Not Secure)

14 years 27 days ago
Encrypted? Randomised? Compromised? (When Cryptographically Secured Data is Not Secure)
Protecting data is not simply a case of encrypt and forget: even data with full cryptographic confidentiality and integrity protection can still be subject to information leakage. We consider the issue of information leakage through side channels in protocols. Previous work by Bond and Clulow identified multiple vulnerabilities in APIs for financial PIN processing systems, and suggested remedies; however our work here shows that the fixes do not work, and that the problem of information leakage in these APIs has still not been adequately addressed. We argue that information flow and leakage analysis will play an important role in the security of encrypted databases in the future.
Mike Bond, Jolyon Clulow
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2004
Where CAU
Authors Mike Bond, Jolyon Clulow
Comments (0)