Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Attacking and repairing the winZip encryption scheme
Proceedings of the 11th ACM conference on Computer and communications security
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Nonce Generators and the Nonce Reset Problem
ISC '09 Proceedings of the 12th International Conference on Information Security
BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption
Selected Areas in Cryptography
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New blockcipher modes of operation with beyond the birthday bound security
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
The security and performance of the galois/counter mode (GCM) of operation
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
A provable-security treatment of the key-wrap problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
| Hi-index | 0.00 |
Most of the time, cryptography fails due to "implementation and management errors". So the task at hand is to design a cryptographic library to ease its safe use and to hinder implementation errors. This is of special interest when the implementation language is celebrated for its qualification to write reliable safe and secure systems, such as Ada. This paper concentrates on the handling of nonces ("number used once") and on authenticated encryption, i.e., on establishing a safe communication channel between two parties which share a common secret key. Cryptographers consider it as a "nonce misuse", if a nonce value is ever reused. Avoiding nonce-misuse is easy in theory, but difficult in practice. One problem with authenticated encryption is that a naive combination of a secure authentication and a secure encryption scheme may turn out to be insecure. Another problem is that decryption temporarily provides an incomplete plaintext, that may eventually found to be unauthentic. We discuss how to ease the proper usage of cryptosystems, how to hinder unintentional misuse, and how one may possibly limit the damage in the case of a misuse.