CRYScanner: Finding cryptographic libraries misuse

Cryptographic libraries have become an integral part of every digital device. Studies have shown that these systems are not only vulnerable due to bugs in cryptographic libraries, but also due to misuse of these libraries. In this paper, we focus on vulnerabilities introduced by the application deve...

Full description

Saved in:
Bibliographic Details
Published in2021 8th NAFOSTED Conference on Information and Computer Science (NICS) pp. 230 - 235
Main Authors Choudhari, Amit, Guilley, Sylvain, Karray, Khaled
Format Conference Proceeding
LanguageEnglish
Published IEEE 21.12.2021
Subjects
Buildings
Codes
Computer bugs
Computer science
Cryptography libraries
dynamic analysis
Intrusion detection
misuse
novel "CRYScanner" tool
Performance evaluation
Philosophical considerations
Online AccessGet full text

Cover

More Information
Summary:Cryptographic libraries have become an integral part of every digital device. Studies have shown that these systems are not only vulnerable due to bugs in cryptographic libraries, but also due to misuse of these libraries. In this paper, we focus on vulnerabilities introduced by the application developer. We performed a survey on the potential misusage of wellknown libraries such as PKCS # 11. We introduced a generic tool CRYScanner, to identify such misuses during and post-development. It works on the similar philosophy of an intrusion detection system for an internal network. This tool provides verification functions needed to check the safety of the code, such as detecting incorrect call flow and input parameters. We performed a feature-wise comparison with the existing state of the art solutions. CRYScanner includes additional features, preserving the capabilities of both static and dynamic analysis tools. We also show the detection of potential vulnerabilities in the several sample codes found online.
DOI:10.1109/NICS54270.2021.9701469