Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Common cryptographic architecture cryptographic application programming interface
IBM Systems Journal - Special issue on cryptology
Perspectives in Information Technology Security
Proceedings of the IFIP 12th World Computer Congress on Education and Society - Information Processing '92 - Volume 2 - Volume 2
UEPS - A Second Generation Electronic Wallet
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Towards Security in an Open Systems Federation
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Communications of the ACM
Communications of the ACM
On the Reliability of Electronic Payment Systems
IEEE Transactions on Software Engineering
Accountability in Electronic Commerce Protocols
IEEE Transactions on Software Engineering
Proceedings of the 2001 workshop on New security paradigms
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
Escrow Encryption Systems Visited: Attacks, Analysis and Designs
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
SOFSEM '98 Proceedings of the 25th Conference on Current Trends in Theory and Practice of Informatics: Theory and Practice of Informatics
Lessons Learned in Implementing and Deploying Crypto Software
Proceedings of the 11th USENIX Security Symposium
Securing the AES Finalists Against Power Analysis Attacks
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
An approach to usable security based on event monitoring and visualization
Proceedings of the 2002 workshop on New security paradigms
Soft constraint programming to analysing security protocols
Theory and Practice of Logic Programming
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
In the eye of the beholder: a visualization-based approach to information system security
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Efficient data protection for distributed shared memory multiprocessors
Proceedings of the 15th international conference on Parallel architectures and compilation techniques
Improving the security of 'a flexible biometrics remote user authentication scheme'
Computer Standards & Interfaces
Incentive design for home computer security
CHI '07 Extended Abstracts on Human Factors in Computing Systems
Passwords decay, words endure: secure and re-usable multiple password mnemonics
Proceedings of the 2007 ACM symposium on Applied computing
Payment switches for open networks
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Security when people matter: structuring incentives for user behavior
Proceedings of the ninth international conference on Electronic commerce
Lessons from the Norwegian ATM System
IEEE Security and Privacy
Undercover: authentication usable in front of prying eyes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
A Proof of Concept Attack against Norwegian Internet Banking Systems
Financial Cryptography and Data Security
A security architecture to protect against the insider threat from damage, fraud and theft
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Usability and security of out-of-band channels in secure device pairing protocols
Proceedings of the 5th Symposium on Usable Privacy and Security
What is the shape of your security policy?: security as a classification problem
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Quantum oblivious mutual identification
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Folk models of home computer security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Interconnecting Smart Objects with IP: The Next Internet
Interconnecting Smart Objects with IP: The Next Internet
Addressing software application security issues
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
Heat of the moment: characterizing the efficacy of thermal camera-based attacks
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Using mobile device screens for authentication
Proceedings of the 23rd Australian Computer-Human Interaction Conference
Cryptographic key reliable lifetimes: bounding the risk of key exposure in the presence of faults
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
An efficient and practical fingerprint-based remote user authentication scheme with smart cards
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Measuring resistance to social engineering
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
The casino and the OODA loop: why our protocols always eventually fail (transcript of discussion)
SP'12 Proceedings of the 20th international conference on Security Protocols
Introducing computing students to scientific experimentation
Proceedings of the 18th ACM conference on Innovation and technology in computer science education
Hi-index | 0.04 |
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes.In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.