{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T07:52:37Z","timestamp":1768981957003,"version":"3.49.0"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,3,19]],"date-time":"2019-03-19T00:00:00Z","timestamp":1552953600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Wireless Pers Commun"],"published-print":{"date-parts":[[2019,5]]},"DOI":"10.1007\/s11277-019-06265-6","type":"journal-article","created":{"date-parts":[[2019,3,19]],"date-time":"2019-03-19T08:17:00Z","timestamp":1552983420000},"page":"85-117","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Why Cryptosystems Fail Revisited"],"prefix":"10.1007","volume":"106","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7363-0076","authenticated-orcid":false,"given":"Geir M.","family":"K\u00f8ien","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,3,19]]},"reference":[{"key":"6265_CR1","doi-asserted-by":"crossref","unstructured":"Anderson, R. (1993). Why cryptosystems fail. In Proceedings of the 1st ACM conference on computer and communications security (pp. 215\u2013227). ACM.","DOI":"10.1145\/168588.168615"},{"key":"6265_CR2","volume-title":"An introduction to cryptography. Documentation for pretty good privacy","author":"P Zimmermann","year":"1998","unstructured":"Zimmermann, P. (1998). An introduction to cryptography. Documentation for pretty good privacy. Network Associates: Santa Clara."},{"key":"6265_CR3","unstructured":"Schneier, B. Memo to the amateur cipher designer. Crypto-Gram Newsletter."},{"key":"6265_CR4","unstructured":"Heilman, E., Narula, N., Dryja, T., & Virza, M. Iota vulnerability report: Cryptanalysis of the curl hash function enabling practical signature forgery attacks on the iota cryptocurrency. Technical report, MIT Media Lab."},{"issue":"1","key":"6265_CR5","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1109\/MSP.2016.7","volume":"14","author":"B Schneier","year":"2016","unstructured":"Schneier, B. (2016). Cryptography is harder than it looks. IEEE Security & Privacy, 14(1), 87\u201388.","journal-title":"IEEE Security & Privacy"},{"issue":"00","key":"6265_CR6","first-page":"362","volume":"802","author":"J Walker","year":"2000","unstructured":"Walker, J., et al. (2000). Unsafe at any key size; An analysis of the wep encapsulation. IEEE Document, 802(00), 362.","journal-title":"IEEE Document"},{"issue":"4","key":"6265_CR7","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1109\/MSP.2014.66","volume":"12","author":"M Carvalho","year":"2014","unstructured":"Carvalho, M., DeMott, J., Ford, R., & Wheeler, D. A. (2014). Heartbleed 101. IEEE Security & Privacy, 12(4), 63\u201367.","journal-title":"IEEE Security & Privacy"},{"key":"6265_CR8","doi-asserted-by":"crossref","unstructured":"Barkan, E., Biham, E., & Keller, N. (2003). Instant ciphertext-only cryptanalysis of gsm encrypted communication. In Annual international cryptology conference (pp. 600\u2013616). Springer.","DOI":"10.1007\/978-3-540-45146-4_35"},{"key":"6265_CR9","volume-title":"Convention","author":"ICAO. Convention on International Civil Aviation","year":"2006","unstructured":"ICAO. Convention on International Civil Aviation. (2006). Convention (9th ed., Vol. 7300\/9). Montreal: ICAO.","edition":"9"},{"key":"6265_CR10","volume-title":"Skin in the game: Hidden asymmetries in daily life","author":"NN Taleb","year":"2018","unstructured":"Taleb, N. N. (2018). Skin in the game: Hidden asymmetries in daily life. New York: Random House."},{"key":"6265_CR11","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1109\/32.481513","volume":"1","author":"M Abadi","year":"1996","unstructured":"Abadi, M., & Needham, R. (1996). Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 1, 6\u201315.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"6265_CR12","unstructured":"Checkoway, S., Fredrikson, M., Niederhagen, R. F., Everspaugh, A., Green, M., Lange, T., Ristenpart, T., Bernstein, D. J., & Shacham, H., et\u00a0al. (2014). On the practical exploitability of dual ec in tls implementations. In Conference; 23rd USENIX security symposium; 2014-08-20; 2014-08-22. Usenix Association."},{"issue":"11","key":"6265_CR13","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1145\/3266291","volume":"61","author":"S Checkoway","year":"2018","unstructured":"Checkoway, S., Maskiewicz, J., Garman, C., Fried, J., Cohney, S., Green, M., et al. (2018). Where did i leave my keys? Lessons from the juniper dual ec incident. Communications of the ACM, 61(11), 148\u2013155.","journal-title":"Communications of the ACM"},{"issue":"7","key":"6265_CR14","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/MSPEC.2018.8389181","volume":"55","author":"S Higginbotham","year":"2018","unstructured":"Higginbotham, S. (2018). 6 ways IoT is vulnerable. IEEE Spectrum, 55(7), 21.","journal-title":"IEEE Spectrum"},{"issue":"8","key":"6265_CR15","doi-asserted-by":"publisher","first-page":"761","DOI":"10.1145\/358198.358210","volume":"27","author":"K Thompson","year":"1984","unstructured":"Thompson, K. (1984). Reflections on trusting trust. Communications of the ACM, 27(8), 761\u2013763.","journal-title":"Communications of the ACM"},{"key":"6265_CR16","unstructured":"Malmedal, B. & R\u00f8islien, H. E. (2016). The Norwegian cybersecurity culture. NorSIS: Report."},{"key":"6265_CR17","volume-title":"The CERT C secure coding standard","author":"RC Seacord","year":"2008","unstructured":"Seacord, R. C. (2008). The CERT C secure coding standard. London: Pearson Education."},{"key":"6265_CR18","doi-asserted-by":"crossref","unstructured":"Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In 35th Annual symposium on foundations of computer science, 1994 proceedings (pp. 124\u2013134). IEEE.","DOI":"10.1109\/SFCS.1994.365700"},{"key":"6265_CR19","unstructured":"ETSI. (2011). Implementation security of quantum cryptography; Introduction, challenges, solutions. ETSI White Paper\u00a027, ETSI, Sophia Antipolis, France."},{"key":"6265_CR20","unstructured":"ETSI. (2015). Quantum safe cryptography and security: An introduction, benefits, enablers and challenges. ETSI White Paper\u00a08, ETSI, Sophia Antipolis, France."},{"key":"6265_CR21","unstructured":"Smart, N. P. (ed). (2014). Algorithms, key sizes and parameters report 2014. Technical report, ENISA."},{"key":"6265_CR22","unstructured":"Microsoft Corporation. Deprecation of SHA-1 for SSL\/TLS certificates in microsoft edge and internet explorer 11. Technical report, Microsoft."},{"key":"6265_CR23","unstructured":"Peters, T. PEP 20\u2014The Zen of Python (2004-08)."},{"key":"6265_CR24","unstructured":"Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Recommended practice: Improving industrial control system cybersecurity with defense-in-depth strategies. Department of Homeland Security."},{"key":"6265_CR25","unstructured":"NeSmith, B.. The cybersecurity talent gap is an industry crisis. Forbes (online), 2018-08-09."},{"key":"6265_CR26","volume-title":"Security engineering","author":"R Anderson","year":"2008","unstructured":"Anderson, R. (2008). Security engineering. Hoboken: Wiley."},{"key":"6265_CR27","series-title":"Originally a 1974 Caltech commencement address","volume-title":"In surely you\u2019re joking, Mr. Feynman","author":"RP Feynman","year":"1985","unstructured":"Feynman, R. P. (1985). Cargo cult science. In W. W. Norton (Ed.), In surely you\u2019re joking, Mr. Feynman (1st ed.)., Originally a 1974 Caltech commencement address London: Vintage.","edition":"1"},{"key":"6265_CR28","volume-title":"Beyond fear: Thinking sensibly about security in an uncertain world","author":"B Schneier","year":"2003","unstructured":"Schneier, B. (2003). Beyond fear: Thinking sensibly about security in an uncertain world. New York: Copernicus Book."},{"key":"6265_CR29","unstructured":"Greenberg, A. The untold story of NotPetya, the most devastating cyberattack in history. Wired (online), 22.08.2018."},{"key":"6265_CR30","doi-asserted-by":"crossref","unstructured":"Gollmann, D. (2003). Analysing security protocols. In Formal aspects of security: First international conference, FASec 2002, London, UK, December 16\u201318, 2002, Revised papers (vol.\u00a01, p.\u00a071). Springer.","DOI":"10.1007\/978-3-540-40981-6_8"},{"key":"6265_CR31","unstructured":"Knuth, D. (1977). Notes on the van Emde Boas construction of priority deques: An instructive use of recursion. Memo\/Letter."},{"key":"6265_CR32","unstructured":"ENISA. ENISA threat landscape report 2017. Technical report, ENISA."},{"key":"6265_CR33","volume-title":"Report","author":"Symantec Corporation. Internet security threat report","year":"2018","unstructured":"Symantec Corporation. Internet security threat report. (2018). Report. Mountain View: Symantec Corporation."},{"key":"6265_CR34","unstructured":"ETSI Technical Committee Cyber Security. CYBER; methods and protocols; part 1: Method and pro forma for threat, vulnerability, risk analysis (TVRA). Technical Specification 102 165-1 V5.2.3, ETSI (2017)."},{"key":"6265_CR35","volume-title":"Threat modeling: Designing for security","author":"S Adam","year":"2014","unstructured":"Adam, S. (2014). Threat modeling: Designing for security (1st ed.). Hoboken: Wiley.","edition":"1"},{"key":"6265_CR36","doi-asserted-by":"crossref","unstructured":"Kalenderi, M., Pnevmatikatos, D., Papaefstathiou, I., & Manifavas, C. (2012). Breaking the gsm a5\/1 cryptography algorithm with rainbow tables and high-end fpgas. In 22nd International conference on field programmable logic and applications (FPL), 2012 (pp. 747\u2013753). IEEE.","DOI":"10.1109\/FPL.2012.6339146"},{"key":"6265_CR37","unstructured":"Nohl, K. (2010). Attacking phone privacy. Black Hat USA, pp. 1\u20136."},{"key":"6265_CR38","doi-asserted-by":"crossref","unstructured":"Dunkelman, O., Keller, N., & Shamir, A. (2010). A practical-time related-key attack on the kasumi cryptosystem used in gsm and 3g telephony. In Annual cryptology conference (pp. 393\u2013410). Springer.","DOI":"10.1007\/978-3-642-14623-7_21"},{"key":"6265_CR39","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D., & Herley, C. (2013). Where do all the attacks go? In Economics of information security and privacy III (pp. 13\u201333). Springer.","DOI":"10.1007\/978-1-4614-1981-5_2"},{"issue":"6","key":"6265_CR40","doi-asserted-by":"publisher","first-page":"1121","DOI":"10.1037\/0022-3514.77.6.1121","volume":"77","author":"J Kruger","year":"1999","unstructured":"Kruger, J., & Dunning, D. (1999). Unskilled and Unaware of it: How difficulties in recognizing one\u2019s own incompetence lead to inflated self-assessments. Journal of Personality and Social Psychology, 77(6), 1121.","journal-title":"Journal of Personality and Social Psychology"},{"key":"6265_CR41","series-title":"McGraw-Hill series in social psychology","volume-title":"The psychology of judgment and decision making","author":"S Plous","year":"1993","unstructured":"Plous, S. (1993). The psychology of judgment and decision making., McGraw-Hill series in social psychology New York: Mcgraw-Hill Book Company."},{"key":"6265_CR42","unstructured":"Schneier, B. Drawing the wrong lessons from horrific events. CNN.com."},{"key":"6265_CR43","volume-title":"The black swan: The impact of the highly improbable","author":"NN Taleb","year":"2007","unstructured":"Taleb, N. N. (2007). The black swan: The impact of the highly improbable. New York: Random House Publishing Group."},{"key":"6265_CR44","volume-title":"Privacy by design: The 7 foundational principles","author":"A Cavoukian","year":"2009","unstructured":"Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Ontario: Information and Privacy Commissioner of Ontario."},{"key":"6265_CR45","unstructured":"EU. (2016). Regulation (EU) 2016\/679 (General data protection regulation). Regulations 679, EU, 04."},{"key":"6265_CR46","unstructured":"NSM. (2016). S-01 Fire effektive tiltak mot dataangrep."},{"key":"6265_CR47","unstructured":"NSM. (2016). S-02 Ti viktige tiltak mot dataangrep."}],"container-title":["Wireless Personal Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-019-06265-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11277-019-06265-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-019-06265-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,1]],"date-time":"2020-12-01T18:38:37Z","timestamp":1606847917000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11277-019-06265-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3,19]]},"references-count":47,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,5]]}},"alternative-id":["6265"],"URL":"https:\/\/doi.org\/10.1007\/s11277-019-06265-6","relation":{},"ISSN":["0929-6212","1572-834X"],"issn-type":[{"value":"0929-6212","type":"print"},{"value":"1572-834X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3,19]]},"assertion":[{"value":"19 March 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}