Sciweavers

CCS
1993
ACM

Why Cryptosystems Fail

14 years 4 months ago
Why Cryptosystems Fail
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes. In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.
Ross J. Anderson
Added 09 Aug 2010
Updated 09 Aug 2010
Type Conference
Year 1993
Where CCS
Authors Ross J. Anderson
Comments (0)