ABSTRACT
Cryptography constitutes a main pillar for network and information security; cryptographic primitives (ciphers, hash functions, digital signatures, etc.) are widely used to provide several security services, such as confidentiality, as well as data and entity authentication. However, despite the fact that their mathematical properties are well established and strong, implementing a proper cryptographic primitive into a generic security protocol, does not always suffice—although it is prerequisite—to ensure the overall security. Several implementation and configuration aspects need to be carefully considered, to thwart specific threats that pose security at risk. Therefore, considering a strong cryptographic primitive, by itself, as panacea for establishing the desired security properties, without taking into account the whole framework in which it is being used, is a fallacy: it is well-known that even the most recent versions of security protocols may have vulnerabilities, if the underlying cryptography is not properly configured or managed. This chapter focuses exactly on such cryptography threats. A short introduction on the main cryptographic primitives is first given, in order to set the definitions and the notation that will be subsequently used. Next, cryptographic threats are studied, being classified in three different areas—that is, threats on public key infrastructures, threats on the transport layer, and threats on the network layer.
