Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHY CRYPTOSYSTEMS FAIL

Published byJoan Fox Modified over 6 years ago

Similar presentations

Presentation on theme: "WHY CRYPTOSYSTEMS FAIL"— Presentation transcript:

1 WHY CRYPTOSYSTEMS FAIL
Ross J. Anderson Communications of the ACM (CACM) Vol. 37, No. 1, November 1994 Presented by Duc Huy Bui, Duc Anh Le 2016/11/22

2 Agenda Introduction Examples of Failures ATM Security Issues ATM Fraud
Organizational Aspects Problems with Security Products Nature of Robustness Explicitness Explicitness and Software Engineering Conclusion © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

3 Introduction Originally, used by governments, military and other organizations to keep messages secret Later, incorporated in wide range of commercial systems Introduced to commercial world from military by designers of automatic teller machines (ATM) systems in 1970 ATM security techniques inspired many other systems Past: message encryption during war Later: bank cards, pay TV, computer tokens, lottery terminals © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

4 Introduction (cont‘d)
Engineering of cryptosystems more difficult than traditional engineering like aeronautical engineering No public feedback Secrecy Further analysis from author on banking systems Next biggest application of cryptography after government [2] No public feedback -> how cryptosystems fail Mistakes -> example 2nd World War: Norway fall rapidly because communication between Britains and Norwegians was cracked by Germans (Britain‘s used same encryption technique against Germany) Secrecy -> government, military To study how vulnerable cryptosystems are -> author focuses on banking systems © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

5 Examples of Failures In USA, regulations require banks to refund all disputed electronic transactions unless they can prove fraud by customer ~15,000$ yearly loss for each bank [2] Video camera installation In Britain, regulations not that strict Bankers deny that system can ever have a fault „Phantom Withdrawals“ are customer‘s problem Many court cases At first: customer got fined or went to jail At the end: someone else fault, security system error USA: customer wins GB: bank win or customer win is unclear © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

6 Encrypted with ‚Terminal key‘ and sent to bank‘s central computer
ATM Security Issues ATM Encryption of PINs [2, 3] Based on variants of a system developed by IBM Example: Encrypted with ‚Terminal key‘ and sent to bank‘s central computer Account Number PIN key FEFEFEFEFEFEFEFE Result of DES A2CE126C69AEC82D Result decimalised Natural PIN 0224 Offset 6565 Customer PIN 6789 PIN key PIN key must be kept absolutely secret Usual strategy is a „terminal key“ for each ATM Two printed components by two separate officials input at ATM keyboard -> combined = key Offset = Natural PIN – Customer PIN No specific cryptographic use -> enables customer to choose their own PIN © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

7 ATM Security Issues (cont‘d)
Threat model from military presumes technical sophisticated attacks Only two out of hundred cases of ATM-related fraud are skilled attacks Three common main causes were simpler Phantom Withdrawals Caused by processing errors Postal service E.g. in Cambridge, 4000 students open bank account yearly -> documents sent to pigeonholes Theft by bank staff Banks dismiss 1% of their staff for disciplinary reasons yearly © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

8 ATM Fraud Internal Fraud (staff) Issuing extra card
Complaints from customer about phantom withdrawals were generally ignored Security hole: address changes unnoticed Recording customer‘s PIN and account number with handheld computer Produce counterfeit cards ATMs w/ test transaction mechanism Typing in 14 digit number outputs 10 bank notes Instructions written in some manual Lead to series of crimes Feature was patched later on © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

9 ATM Fraud (cont‘d) External Fraud (external people)
Observing customer‘s PIN and copy bank details to blank cards Full account number on discarded ATM tickets Telephone card trick ATM believes previous card had been put in again PIN observed © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

10 NOT safe at all! Higher probability of guessing right PIN
ATM Fraud (cont‘d) External Fraud (bank policies) Cardboard Assume PIN is 2256 Choose a four letter word, say BLUE NOT safe at all! Higher probability of guessing right PIN © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

11 ATM Fraud (cont‘d) External Fraud (bank policies) Early conclusions
PIN encrypted on magnetic stripe Account number could be changed Document about this technique circulated in British prison Schemes Example: PIN 4455 (or 4455) Verification: digit one + digit four = digit two + digit three (similiar for second example) Store and Forward Several card copies and draw money from different ATMs at the same time Example: in Italy, ATMs were offline during weekend Early conclusions Incentives for security improvements only when customer carries burden of proof More an organizational problem rather than technical one © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

12 Organizational Aspects
No computer security team or dedicated department Picking wrong external consultants E.g. 40 banks in Asia used Caesar cipher to encrypt PINs for 5 years (very insecure) Management argues about centralizing security or not Two philosophies Railway system Tight central control Aircraft system Remain in command Continuity matters Difficult to maintain effective security control -> constantly changing structure Dominant in research & security practice Railway: trains stops automatically even if train driver sleeps or goes through a red light Aircraft: pilot still have the full control about the plane Both security practice -> railway dominant © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

13 The Problems with Security Products
High-tech attacks were rare, but most exercising for the crypto industry Security standards are written in the Orange Book Misguided focus towards building cryptosecurity products without knowing how to use them in real systems Security products should only be certified if they are simple enough for ordinary stuff to use © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

14 The Problems with Security Products
Security researchers tend to use threat and risk models in which only one thing goes wrong at a time In reality: combination of careless insiders and opportunist attacks © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

15 The Nature of Robustness
Essence: Solution that is slightly less than optimal but provides benefits such as: Reducing design or operational complexity Resilience against minor errors Redundancy against component failure (doesn‘t work for computational systems) Example: many aircraft accidents are caused by the failure of critical components  Extensive use of redundancy BUT: Doing more rounds of a bad encryption algorithm doesn‘t make it better! © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

16 The Nature of Robustness
Unthinking use of redundancy in computer systems can lead to resilience ATM systems therefore inspired us to look for an organizing principle for robustness properties No Silver Bullet © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

17 Explicitness Importance of explicitness is confirmed in field of computer systems security Approaches: Formal methods Check desireable properties, verify correctness of protocols Integrate security with software engineering Problem: identifying which objects have a security significance Solution: dependency analysis © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

18 Explicitness and Software Engineering
Explicitness fits well in the general principles of SE Elementary problem: establishment of security goals Many SE methodologies require a concept of operations before any detailed specifications are defined Conflicting goals for ATM security: Controlling internal and external fraud Arbitrating disuptes fairly Security systems were built without any clear ideas © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

19 Explicitness and Software Engineering
Compare secure systems with safety critcial systems Four principles of software safety: Specification should list all possible failure modes Explain what strategy has been adopted to prevent each of these failure modes, or at least make them acceptly unlikely Should tell, how these strategies are implemented, including consequences when each component fails Certification program must include a review by independant experts © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

20 Conclusion Designers for cryptosystems have suffered from a lack of feedback This has led to a false threat model: Focused on what could possibly go wrong instead of what was likely to Products ended up being too complex to use Almost all security failures were in fact due to implementation and management errors Component level certification (TCSEC) is unlikely to achive its goals  Security standards should take more account of environment in which components are used © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

21 Conclusion Fact: most research budget went into activities of marginal relevance Robust security systems can be achieved by explicitness Examine assumptions in a systematic and careful manner  central for cryptography and secure operating systems Above all: determine security goals  concerns how a system performs © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

22 Q&A © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

23 References [1] R. Anderson, Why Cryptosystems Fail. In Communications of the ACM, Volume 37, No.1. Nov. 1994, pp [2] R. Anderson, Why Cryptosystems Fail. In Proceedings of the 1993 ACM Conference in Computer and Communication Security. 1993, pp [3] last access: 20. Nov 2016 © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

24 BACKUP

25 Threat Model Threat Modeling Threat
Planned activity for identifying and assessing application threats and vulnerabilities Defining countermeasures to prevent, or mitigate the effects of threats to the system Threat is a potential or actual undesirable event that may be malicious (such as DoS attack) or incidental (failure of a Storage Device) Source: last access: 20. Nov 2016 © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

26 Caesar Cipher One of the simplest and most widely known encryption techniques Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW Plaintext: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD Source: last access: 21. Nov 2016 © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

27 Silver Bullet Action, which cuts through complexity and provides an immediate solution to a problem Source: last access: 21. Nov 2016 © 2016 Seoul National University, College of Engineering, Department of Computer Science and Engineering.

Download ppt "WHY CRYPTOSYSTEMS FAIL"

Similar presentations

Why Cryptosystems Fail Nick Feamster CS 6262 Spring 2009.

Why Cryptosystems Fail Nick Feamster CS 6262 Spring 2009.
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
What are the questions really asking?

What are the questions really asking?
Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.

Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.
Reliability and Safety Lessons Learned. Ways to Prevent Problems Good computer systems Good computer systems Good training Good training Accountability.

Reliability and Safety Lessons Learned. Ways to Prevent Problems Good computer systems Good computer systems Good training Good training Accountability.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Why Cryptosystems Fail?

Why Cryptosystems Fail?
Why Cryptosystems Fail Ross Anderson Proceeding of the 1 st ACM Conference on Computer and Communications Security, 1993 2010-20784 김학봉.

Why Cryptosystems Fail Ross Anderson Proceeding of the 1 st ACM Conference on Computer and Communications Security, 김학봉.
Why cryptosystems Fail Ross Anderson Proceeding of the 1 st ACM Conference on Computer and Communications Security, 1993 SSR Jiyeon Park.

Why cryptosystems Fail Ross Anderson Proceeding of the 1 st ACM Conference on Computer and Communications Security, 1993 SSR Jiyeon Park.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.

Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
General Awareness Training

General Awareness Training
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google