Preparation for Recitation on Why Cryptosystems Fail

Read Why cryptosystems fail. You may wish to skim the abstract, introduction, and conclusion first, because they will help you to focus on the parts of the paper that support the author's main claims. As always, you should read critically and be on the lookout for additional gems, and for arguments that are missing or whose framing de-emphasizes certain points.

This paper is about a philosophy of cryptosystem design, with a focus on their use in financial institutions, and particularly in ATM (Automated Teller Machine) networks. Although it may not be immediately obvious, this paper is closely related to other papers we have read, such as the Therac-25 paper. Think about these connections as you read.

Over half of the paper is devoted to examples of ways in which ATM networks could fail or have failed. This part of the paper is very entertaining, but it can be difficult to keep the big picture in mind while reading about the individual exploits and problems. Pay attention to the section headings (which you may wish to skim before diving into the text) in order to keep your bearings. For each incident, before moving on, spend a few moments thinking about the lessons that it teaches, and how the problem could have been avoided.

Before coming to recitation, please answer the following question:

Think about the end-to-end requirements of a cryptosystem. Can those requirements be achieved by composing modules with certain characteristics? Where and how is the end-to-end check performed, if one is required?

Questions or comments regarding 6.033? Send e-mail to the 6.033 staff at 6.033-staff at mit.edu.

Top // 6.033 home //