By Topic

Lost in translation: theory and practice in cryptography

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
K. G. Paterson ; London Univ., UK ; A. K. L. Yau

The perils of using encryption without authentication or integrity protection are well known in the cryptographic research community. Yet its exactly the mandatory support for unauthenticated encryption that forms the basis of a serious security flaw in an IPsec implementation we recently discovered. In response, the UK's equivalent to CERT, the National Infrastructure Coordination Centre published a vulnerability advisory about the flaw. Vendors also issued updated recommendations to customers, and we saw a flurry of discussion on Slash-dot and the sci.crypt newsgroup. In the aftermath, we asked ourselves, how did this happen?

Published in:

IEEE Security & Privacy  (Volume:4 ,  Issue: 3 )