Why Cryptosystems Fail SNU为什么密码失败首尔.pptVIP

*/23 */28 * Why Cryptosystems Fail Ross Anderson Proceeding of the 1st ACM Conference on Computer and Communications Security, 1993 2010-20784 ??? Introduction Information on how cryptosystems fail hard to getdue to secrecy This paper surveys the failure modes of ATM in order to discover out the information After government, the next biggest application is in banking It turns out that the threat model was wrong Most frauds were not caused by cryptanalysis or other technical attacks But by implementation errors and management failures Alternative models are analyzed which we might usefully import into the security domain Safety critical systems Limitation of Cryptology No public feedback about how cryptographic systems fail Their major user have traditionally been government agencies, which are very secretive about their mistakes Difference with most other engineering The flying community has a strong and institutional learning mechanism If an aircraft crashes .. A typical example – phantom withdrawals Nonetheless customers did not withdraw money from an account, there is the withdrawal record on the account Outline Introduction How ATM fraud takes place Simple attacks Complex attacks Discussion The wider implications Why the threat model was wrong Confirmation of our analysis A new security paradigm Conclusion Simple Attacks (1) From inside (by bank staff) Issuing extra cards Recording customer’s PIN and account number, counterfeited cards Using cards which can withdraw money from any customer accounts From outside Observing customers’ PINs standing in ATM queues It can be done because the full account number is printed on the ATM ticket Recording a ‘pay’ response from the bank and keeping on replaying it until the machine is empty Simple Attacks (2) From outside Postal interception 30% of all UK payment card losses Test transaction Outputting 10 banknotes when a 14 digit sequence is entered False terminal Collecting customer card and PIN data Using