jump to navigation

Cryptosystem Failures April 13, 2015

Posted by melihbilen in Security.
trackback

Cryptosystem consists of two different words , cryptographic system. A cryptographic system is a computer system which has cryptography in it. Cryptology is very common in today’s world. You can see basic or complex implementations throughout everywhere. In his article “Why Cryptosystems Fail” , Prof. Ross J Anderson focuses on how can easily Automatic Teller Machines (ATM) be hacked in those days[1]. He argues this issue in terms of two different aspects social and technical attacks. You might be surprised since there is a social side of these attacks too. The most important thing according to him is that cryptosystems generally do not fail because of weaknesses of algorithm but due to human factors such as errors in implementation or management.  Basically he has three main points. First, deploying a cryptosystem is not a simple task. It is very a complex process including designing, implementing and maintaining. These processes need to be done by a group of people working on different areas like management, consultancy, programming, maintenance etc. They should work in harmony in order to be able to produce a robust system. Secondly, there are problems when a cryptosystems is being developed. These problems are due to lack of guidelines to design and implement solutions. As I talked in first part, since it is not an easy and simple task , there should be a methodology to follow in all steps of process from design to maintain. Besides, people who are in that project should be educated in security area. Thirdly, general tendency in security is that when the owners of security system realize that there is a leak in the system , they try to hide it. Creators of that crypto system will never realize the problem in their design since they don’t get any feedback from users of the system. After , discussing all these stuff Anderson proposes a general solution to this situation. According to him this problem can be solved by educating people and building methodologies. You may want to look at following video.

http://www.youtube.com/watch?v=4p6Ff7DcnBc

References

[1] http://www.cs.utexas.edu/~dahlin/Classes/GradOS/papers/p32-anderson.pdf

[2] http://www-cs-students.stanford.edu/~dbfaria/quals/summaries/Anderson-1994.txt

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: