DocumentCode
950671
Title
Lost in translation: theory and practice in cryptography
Author
Paterson, Kenneth G. ; Yau, Arnold K L
Author_Institution
London Univ.
Volume
4
Issue
3
fYear
2006
Firstpage
69
Lastpage
72
Abstract
The perils of using encryption without authentication or integrity protection are well known in the cryptographic research community. Yet its exactly the mandatory support for unauthenticated encryption that forms the basis of a serious security flaw in an IPsec implementation we recently discovered. In response, the UK´s equivalent to CERT, the National Infrastructure Coordination Centre published a vulnerability advisory about the flaw. Vendors also issued updated recommendations to customers, and we saw a flurry of discussion on Slash-dot and the sci.crypt newsgroup. In the aftermath, we asked ourselves, how did this happen?
Keywords
cryptography; transport protocols; IPsec; National Infrastructure Coordination Centre; cryptography; encryption; information security; integrity protection; Authentication; Computer security; Cryptographic protocols; Cryptography; Electrostatic precipitators; Information security; Privacy; Protection; Software standards; Standards development; IPsec; cryptography; encryption;
fLanguage
English
Journal_Title
Security & Privacy, IEEE
Publisher
ieee
ISSN
1540-7993
Type
jour
DOI
10.1109/MSP.2006.74
Filename
1637385
Link To Document