ABSTRACT
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes.
In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.
- A1.D Austin, "Marking the Cards", in Banking Technology, Dec 91/Jan 92, pp 18- 21Google Scholar
- A2.RJ Anderson, "UEPS- A Second Generation Electronic Wallet". in Computer Security - ES- ORICS 92, Springer LNCS 648, pp 411 - 418 Google ScholarDigital Library
- B.M Buckler MP, letter to plaintiff's solicitor, 8 June 1992Google Scholar
- BAB."Card Fraud: Banking's Boom Sector", in Banking Automation Bulletin for Europe, Mar 92, pp 1-5Google Scholar
- BAN.M Burrows, M Abadi and RM Needham, 'A Logic of Authentication', DEC SRC Research Report 39Google Scholar
- BB."Cash Dispenser Security", Bar'clays Briefing (press release) 12/9/92Google Scholar
- BGS.JA Bull, L Gong, K Sollins, "Towards Security in an Open Systems Federation", in Proceedings of ESORICS 9~, Springer LNCS 648 pp 3- 20 Google ScholarDigital Library
- BMD.A Burns, JA McDermid, JE Dobson, 'On the meaning of safety and security', University of Newcastle upon Tyne Computer Laboratory TR 382 (5/92)Google Scholar
- C1.A Collins, "Bank worker guilty of ATM fraud", in Sunday Times, 22 Mar 1992Google Scholar
- C2.A Collins, "The Machines That Never Go Wrong", in Computer Weekly, 27 June 1992, pp 24- 25Google Scholar
- C3.D Coppersmith, "The Data Encryption Standard (DES) and its strength against attacks", IBM Thomas J Watson Research Center technical report RC 18613 (81421), 22 December 1992Google Scholar
- C4.J Cullyer, "Safety-critical systems", in Computing and Control Engineering Journal 2 no 5 (Sep 91) pp 202- 210Google Scholar
- C5.B Christianson, "Document Integrity in CSCW", in Proc. Cambridge Workshop on Formal Methods (1993, to appear)Google Scholar
- CR.Boeing News Digest, quoted in usenet newsgroup 'comp.risks' 14 no 5 (29 April 1993)Google Scholar
- CW.J Cullyer, W Wong, "Application of formal methods to railway signalling - a case study", in Computing and Control Engineering Journal 4 no 1 (Feb 93) pp 15- 22Google Scholar
- DP.DW Davies and WL Price, 'Security for Computer Networks ', John Wiley and Sons 1984. Google ScholarDigital Library
- E.J Essinger, 'A TM Networks - Their Oryanisation, Security and Future', Elsevier 1987Google Scholar
- GO.G Garon and R Outerbridge, "DES Watch: An examination of the Sufficiency of the Data Encryption Standard for Financial Institution Information Security in the 1990's, in Cryptologia, XV, no. 3 (July 1991) pp 177- 193 Google Scholar
- H.HJ Highland, "Perspectives in Information Technology Security", in Proceedings of the 1992 IFIP Congress, 'Education and Society ', IFIP A-13 vol II (1992) pp 440 - 446 Google ScholarDigital Library
- ITSEC.'Information Technology Security Evaluation Criteria', June 1991, EC document COM(90) 314Google Scholar
- J1.RB Jack (chairman), 'Banking services: law and practice report by the Review Committee ', HMSO, London, 1989Google Scholar
- J2.K Johnson, "One Less Thing to Believe In: Fraud at Fake Cash Machine", in New York Times 13 May 1993 p 1Google Scholar
- JAJP.HL Johnson, C Arvin, E Jenkinson, R Pierce, "Integrity and assurance of service protection in a large, multipurpose, critical system" in proceedings of the 15th National Computer Security Conference, NIST (1992) pp 252- 261Google Scholar
- JC.Dorothy Judd v Citibank, 435 NYS, 2d series, pp 210 - 212, 107 Misc.2d 526Google Scholar
- JDKLM.DB Johnson, GM Dolan, MJ Kelly, AV Le, SM M atyas, "Common Cryptographic Architecture Application Programming Interface", in IBM Systems Journal 30 no 2 (1991) pp 130 - 150 Google ScholarDigital Library
- K1.D Kahn, 'The Codebreakers', Macmillan 1967Google Scholar
- K2.TS Kuhn, 'The Structure of Scientific Revolutions', Chicago 1970Google Scholar
- L1.B Lewis, "How to rob a bank the cashcard way", in Sunday Telegraph 25th April 1992 p 5Google Scholar
- L2.D Lane, "Where Cash is King", in Banking Technolo9y, October 1992, pp 38 - 41Google Scholar
- M1.S M cConnell, "Barclays defends its cash machines", in The Times, 7 November 1992Google Scholar
- M2.R Morris, invited lecture given at Cambridge 1993 formal methods workshop (proceedings to appear)Google Scholar
- M3.JA McDermid, "Issues in the Development of Safety Critical Systems", public lecture, 3rd February 1993Google Scholar
- MB.McConville & others v Barclays Bank & others, High Court of Justice Queen's Bench Division 1992 ORB no.812Google Scholar
- MBW.McConville & others v Barclays Bank & others cit, affidavit by D WhalleyGoogle Scholar
- MM.CH Meyer and SM Matyas, 'Cryptography: A New Dimension in Computer Data Security', John Wiley and Sons 1982.Google Scholar
- N.I Newton, 'Philosophiae Naturalis Principia Mathematica', University of California Press 1973Google Scholar
- NSM.'Network security Module - Application Devel. oper's Manual', Computer Security Associates, 1990Google Scholar
- NSP.New Security Paradigms Workshop, 2-5 August 1993, proceedings to be published by the ACM.Google Scholar
- P.WR Price, "Issues to Consider When Using Evaluated Products to Implement Secure Mission Systems", in Proceedings of the 15th National Computer Security Conference, National Institute of Standards and Technology (1992) pp 292 - 299Google Scholar
- R.RA Rueppel, "Criticism of ISO CD 11166 Banking: Key Management by Means of Asymmetric Algorithms", in Proceedings of 3rd Symposium of State and Progress of Research in Cryptography, Fondazione Ugo Bordoni, Rome 1993Google Scholar
- RM.R v Moon, Hastings Crown Court, Feb 92Google Scholar
- RSH.R v Stone and Hider, Winchester Crown Court July 1991Google Scholar
- S.A Stone, "ATM cards & fraud", manuscript 1993Google Scholar
- SSWDC.L Sutterfield, T Schell, G White, K Doster and D Cuiskelly, "A Model for the Measurement of Computer Security Posture", in Proceedings of the 15th National Computer Security Conference, NIST (1992) pp 379 - 388Google Scholar
- TCSEC.'Trusted Computer System Evaluation Criteria, US Department of Defense, 5200.28-STD, December 1985Google Scholar
- VSM.'VISA Security Module Operations Manual', VISA, 1986Google Scholar
- W1.G Welchman, The Hut Siz Story, McGraw-Hill, 1982Google Scholar
- W2.MA Wright, 'Security Controls in ATM Systems', in Computer Fraud and Security Bulletin, November 1991, pp 11 - 14Google Scholar
- W3.K Wong, 'Data security ~ watch out for the new computer criminals", in Computer Fraud and Security Bulletin, April 1987, pp 7- 13Google ScholarCross Ref
Index Terms
- Why cryptosystems fail
Recommendations
Securely combining public-key cryptosystems
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications SecurityIt is a maxim of sound computer-security practice that a cryptographic key should have only a single use. For example, an RSA key pair should be used only for public-key encryption or only for digital signatures, and not for both.In this paper we show ...
Fail-Stop Signatures
Fail-stop signatures can briefly be characterized as digital signatures that allow the signer to prove that a given forged signature is indeed a forgery. After such a proof has been published, the system can be stopped. This type of security is strictly ...
Chosen ciphertext secure keyed-homomorphic public-key cryptosystems
In homomorphic encryption schemes, anyone can perform homomorphic operations, and therefore, it is difficult to manage when, where and by whom they are performed. In addition, the property that anyone can "freely" perform the operation inevitably means ...
Comments