Skip to main content
SpringerLink
Log in

Fragile Kryptografie

  • Chapter
  • First Online:
Security by Design

  • 4224 Accesses

Zusammenfassung

Vielen gilt der Einsatz kryptografischer Verfahren als „Silberkugel“ für die Verwirklichung von Sicherheitszielen. Nicht jedes Sicherheitsziel aber lässt sich mithilfe kryptografischer Verfahren umsetzen und deren Nutzung entbindet auch nicht von der Verwendung von State-of-the-art-Techniken zur Erreichung von Systemsicherheit und Robustheit. Die richtige und konsequente Nutzung kryptografischer Verfahren bietet einen starken Schutz von Vertraulichkeit, Integrität und Authentizität und wehrt Bedrohungen wirkungsvoll ab.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literaturverzeichnis

  1. Kerckhoffs A (2014). La cryptographie militaire. Nabu Press, 2014.

    Google Scholar 

  2. Trusted Computing Group (TCG)(2016). Trusted Platform Module Library: Part 1: Architecture Family 2.0, Revision 1.38. Trusted Computing Group (TCG).

    Google Scholar 

  3. NXP Semiconductors (2020). AN4581 i.MX Secure Boot on HABv4 Supported Devices. NXP Semiconductors.

    Google Scholar 

  4. Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Olk W (2008). Internet RFC 5280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Network Working Group, https://tools.ietf.org/html/rfc5280, 2008.

  5. Beutelspacher A, Schwenk J,Wolfenstetter K-D (2018). Moderne Verfahren der Kryptographie. Springer Spektrum, 2018.

    Google Scholar 

  6. Buchmann J (2010). Einführung in die Kryptographie. Springer-Verlag Berlin Heidelberg, 5 edition, 2010.

    Google Scholar 

  7. Bundesamt für Sicherheit in der Informationstechnik (2020). BSI TR-02102 Kryptographische Verfahren: Empfehlungen und Schlüssellängen.

    Google Scholar 

  8. Bundesamt für Sicherheit in der Informationstechnik (2020). BSI TR-03116 Kryptografische Vorgaben für Projekte der Bundesregierung.

    Google Scholar 

  9. Bundesamt für Sicherheit in der Informationstechnik (2019). BSI TR-03125 Beweiswerterhaltung kryptographisch signierter Dokumente.

    Google Scholar 

  10. Krawczyk H, Bellare M, Canetti R (1997). Internet RFC 2104 - HMAC: Keyed-Hashing for Message Authentication. Network Working Group, https://tools.ietf.org/html/rfc2104, 1997.

  11. Kent S, Seo K (2005). Internet RFC 4301 - Security Architecture for the Internet Protocol. Network Working Group, https://tools.ietf.org/html/rfc4301, 2005.

  12. Kent S (2005). Internet RFC 4302 - IP Authentication Header. The Internet Society, https://tools.ietf.org/html/rfc4302, 2005.

  13. Kent S (2005). Internet RFC 4303 - IP Encapsulating Security Payload (ESP). The Internet Society, https://tools.ietf.org/html/rfc4303, 2005.

  14. Kaufman S, Hoffman O, Nir Y, Eronen P, Kivinen T(2014). Internet RFC 7296 – Internet Key Exchange Protocol Version 2 (IKEv2). Internet Engineering Task Force (IETF), https://tools.ietf.org/html/rfc7296, 2014.

  15. Y. Sheffer Y, Fluhrer S (2013). Internet RFC 6989 - Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2). Internet Engineering Task Force, https://tools.ietf.org/html/rfc6989, 2013.

  16. Bleichenbacher D (1989). Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1. In Annual International Cryptology Conference, pages 1–12. Springer, 1998.

    Google Scholar 

  17. Bleichenbacher D, May A (2006). New attacks on rsa with small secret crt-exponents. In International Workshop on Public Key Cryptography, pages 1–13. Springer, 2006.

    Google Scholar 

  18. Bundesamt für Sicherheit in der Informationstechnik (2020). BSI TR-02102-3 Kryptographische Verfahren: Empfehlungen und Schlüssellängen.

    Google Scholar 

  19. Electronic Telecommunications Standards Institute (2017). ETSI TS 119 312 V1.2.1 Electronic Signatures and Infrastructures (ESI). Electronic Telecommunications Standards Institute.

    Google Scholar 

  20. Zimman C, Bong D (2020). PKCS#11 Cryptographic Token Interface Base Specification Version 3.0,

    Google Scholar 

  21. Oracle. Java Cryptography Architecture (JCA) Reference Guide.

    Google Scholar 

  22. Tuveri N, Brumley B (2018). Start your engines: dynamically loadable contemporary crypto. Cryptology ePrint Archive, Report 2018/354, 2018.

    Google Scholar 

  23. Pramstaller N, Rechberger C, Rijmen V (2005). Exploiting coding theory for collision attacks on sha-1. In Lecture Notes in Computer Science, vol 3796 , pages 78–95. Springer-Verlag Berlin Heidelberg,

    Google Scholar 

  24. Leurent G, Peyrin T (2020). Sha-1 is a shambles. https://eprint.iacr.org/2020/014.pdf, 2020.

  25. Xie T, Feng D (2009). How to find weak input differences for md5 collision attacks. 2009.

    Google Scholar 

  26. Schmitt V, Jordaan J (2013). Establishing the validity of md5 and sha-1 hashing in digital forensic practice in light of recent research demonstrating cryptographic weaknesses in these algorithms. International Journal of Computer Applications, 68:40–43, 2013.

    Google Scholar 

  27. Sotirov A et al. (2008). MD5 considered harmful today. https://www.win.tue.nl/hashclash/rogue-ca/.

  28. Chen L et al. (2016). Nistir 8105 - report on post-quantum cryptography. 2016.

    Google Scholar 

  29. Wilhelm F K, Steinwandt R, Langenberg B, Liebermann P J, Messinger A, Schuhmacher P K, Misra-Spieldenner A (2020). Status of quantum computer development. www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/Quantencomputer/

    Google Scholar 

  30. Alashwali E S, Rasmussen K (2018). What’s in a downgrade? a taxonomy of downgrade attacks in the tls protocol and application protocols using tls. In International Conference on Security and Privacy in Communication Systems, pages 468–487. Springer Cham, 2018.

    Google Scholar 

  31. Barker E, Kelsey J (2015). NIST Special Publication 800-90ARevision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators. National Institute for Standards and Technology (NIST), 2015.

    Google Scholar 

  32. Turan M S et al. (2018). NIST Special Publication 800-90B - Recommendation for the EntropySources Used for Random BitGeneration. National Institute for Standards and Technology (NIST), 2018.

    Google Scholar 

  33. Fox-IT BV. Interim Report DigiNotar Certificate Authority breach: Operation Black Tulip.

    Google Scholar 

  34. Operation black tulip: Certificate authorities lose authority. https://www.enisa.europa.eu/media/newsitems/operation-black-tulip/, 2020.

Download references

Author information

Authors and Affiliations

  1. Berlin, Deutschland

    Armin Lunkeit

  2. Schildow, Deutschland

    Wolf Zimmer

Authors
  1. Armin Lunkeit
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wolf Zimmer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Armin Lunkeit .

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer-Verlag GmbH Deutschland, ein Teil von Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Lunkeit, A., Zimmer, W. (2021). Fragile Kryptografie. In: Security by Design. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-62917-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-62917-8_6

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-62916-1

  • Online ISBN: 978-3-662-62917-8

  • eBook Packages: Computer Science and Engineering (German Language)

Publish with us

Policies and ethics

Search

Navigation