Lost in translation: theory and practice in cryptography
Paterson, K.G.
Yau, A.K.L.
London Univ.;
This paper appears in: Security & Privacy, IEEE
Publication Date: May-June 2006
Volume: 4,
Issue: 3
On page(s): 69-72
ISSN: 1540-7993
INSPEC Accession Number: 8953804
Digital Object Identifier: 10.1109/MSP.2006.74
Current Version Published: 2006-05-30
Abstract
The perils of using encryption without authentication or integrity protection are well known in the cryptographic research community. Yet its exactly the mandatory support for unauthenticated encryption that forms the basis of a serious security flaw in an IPsec implementation we recently discovered. In response, the UK's equivalent to CERT, the National Infrastructure Coordination Centre published a vulnerability advisory about the flaw. Vendors also issued updated recommendations to customers, and we saw a flurry of discussion on Slash-dot and the sci.crypt newsgroup. In the aftermath, we asked ourselves, how did this happen?
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
