The Many-Time Pad: Theme and Variations

Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1983-04-25 DOI:10.1109/SP.1983.10010

D. Denning

{"title":"The Many-Time Pad: Theme and Variations","authors":"D. Denning","doi":"10.1109/SP.1983.10010","DOIUrl":null,"url":null,"abstract":"The man-time pad is a method of subverting the security controls of a system to obtain data that is not directly accessible(e.g., because the data is confidential, classified, or otherwise deemed sensitive). It is the antithesis of the one-time pad, the only theoretically unbreakable cipher, in two respects: 1) whereas the one-time pad is a method of protection,the many-time pad is a method of attack; and 2) whereas the one-time pad is used just once, the many-time pad is reusable. A1so, whereas the interpretation of \"pad\" m the one-time pad comes from a \"pad of paper\", its interpretation in the many-time pad comes from \"stuffing\". What makes the many-time pad attack interesting is that it arises in three different contexts: cryptographic systems, where digital signatures can be forged or messages decrypted; statistical databases, where trackers can be used to obtain confidential data; and programming systems, where Trojan Horses can be planted in programs to leak sensitive input data, We shall first describe the basic structure of the attack and countermeasures for foiling it. We shall then show how these three seemingly unrelated security threats are variations of a common theme.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"9 1","pages":"23-32"},"PeriodicalIF":0.0000,"publicationDate":"1983-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.1983.10010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

The man-time pad is a method of subverting the security controls of a system to obtain data that is not directly accessible(e.g., because the data is confidential, classified, or otherwise deemed sensitive). It is the antithesis of the one-time pad, the only theoretically unbreakable cipher, in two respects: 1) whereas the one-time pad is a method of protection,the many-time pad is a method of attack; and 2) whereas the one-time pad is used just once, the many-time pad is reusable. A1so, whereas the interpretation of "pad" m the one-time pad comes from a "pad of paper", its interpretation in the many-time pad comes from "stuffing". What makes the many-time pad attack interesting is that it arises in three different contexts: cryptographic systems, where digital signatures can be forged or messages decrypted; statistical databases, where trackers can be used to obtain confidential data; and programming systems, where Trojan Horses can be planted in programs to leak sensitive input data, We shall first describe the basic structure of the attack and countermeasures for foiling it. We shall then show how these three seemingly unrelated security threats are variations of a common theme.

查看原文本刊更多论文

多时间垫:主题和变奏

人工入侵是一种破坏系统安全控制以获取不能直接访问的数据的方法。(因为数据是机密的、分类的或被视为敏感的)。它是一次性密码的对立面，一次性密码是理论上唯一不可破解的密码，在两个方面:1)一次性密码是一种保护方法，多次密码是一种攻击方法;2)一次性垫只使用一次，而多次垫是可重复使用的。此外，“pad”在一次性便笺簿中的解释来自“pad of paper”，而在多次便笺簿中的解释来自“stuffing”。让多次键盘攻击变得有趣的是，它出现在三种不同的环境中:加密系统，其中数字签名可以伪造或消息可以解密;统计数据库，跟踪者可用于获取机密数据;和编程系统，其中特洛伊木马可以植入程序泄漏敏感的输入数据，我们将首先描述攻击的基本结构和阻止它的对策。然后，我们将展示这三种看似无关的安全威胁是如何从一个共同的主题演变而来的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings. IEEE Symposium on Security and Privacy

自引率

0.00%

发文量