Report: Extensibility and Implementation Independence of the .NET Cryptographic API

Philippaerts, Pieter; Boon, Cédric; Piessens, Frank

doi:10.1007/978-3-642-00199-4_9

Pieter Philippaerts¹⁹,
Cédric Boon¹⁹ &
Frank Piessens¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5429))

Included in the following conference series:

International Symposium on Engineering Secure Software and Systems

463 Accesses

Abstract

When a vulnerability is discovered in a cryptographic algorithm, or in a specific implementation of that algorithm, it is important that software using that algorithm or implementation is upgraded quickly. Hence, modern cryptographic libraries such as the .NET crypto libraries are designed to be extensible with new algorithms. In addition, they also support algorithm and implementation independent use. Software written against these libraries can be implemented such that switching to a new crypto algorithm or implementation requires very little effort.

This paper reports on our experiences with the implementation of a number of extensions to the .NET cryptographic framework. The extensions we consider are smart card based implementations of existing algorithms. We evaluate the extensibility of the libraries, and the support for implementation independence. We identify several problems with the libraries that have a negative impact on these properties, and we propose solutions.

The main conclusion of the paper is that extensibility and implementation independence can be substantially improved with only minor changes. These changes maintain backwards compatibility for client code.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 629–660. Springer, Heidelberg (1998)
Google Scholar
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. Journal of Cryptology 14, 101–119 (2001)
Article MATH Google Scholar
Boon, C., Philippaerts, P., Piessens, F.: Practical experience with the NET cryptographic API (November 2008), http://www.cs.kuleuven.be/publicaties/rapporten/cw/CW531.abs.html
De Cock, D., Wouters, K., Preneel, B.: Introduction to the Belgian EID Card. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 1–13. Springer, Heidelberg (2004)
Chapter Google Scholar
Gaskell, G., Looi, M.: Integrating smart cards into authentication systems. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 270–281. Springer, Heidelberg (1996)
Chapter Google Scholar
Herzberg, A.: Payments and banking with mobile personal devices. Wireless networking security 46(5), 53–58 (2003)
Google Scholar
ISO/IEC. ISO/IEC 7816-8 Identification cards - Integrated circuit cards - Commands for security operations, 2nd edn. (2004)
Google Scholar
ISO/IEC. ISO/IEC 7816-4 Identification cards - Integrated circuit cards - Organization, security and commands for interchange, 2nd edn. (2005)
Google Scholar
Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Information and Communications Security: First International Conference, 233–246 (1997), http://www.trusteer.com/dnsopenbsd
Klein, A.: OpenBSD DNS cache poisoning and multiple O/S predictable IP ID vulnerability (2007)
Google Scholar
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Google Scholar
Naccache, D., M’Raihi, D.: Cryptographic smart cards. IEEE Micro 16(3), 14–24 (1996)
Article Google Scholar
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, 2004/199 (2004)
Google Scholar
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Computer Science, K.U.Leuven, Belgium
Pieter Philippaerts, Cédric Boon & Frank Piessens

Authors

Pieter Philippaerts
View author publications
You can also search for this author in PubMed Google Scholar
Cédric Boon
View author publications
You can also search for this author in PubMed Google Scholar
Frank Piessens
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of Trento, Povo (Trento), Italy
Fabio Massacci
Department of Computer Science, James Madison University, VA 22807, Harrisonburg, USA
Samuel T. Redwine Jr.
Department of Computer Science, University of Toronto, ON, Canada
Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Philippaerts, P., Boon, C., Piessens, F. (2009). Report: Extensibility and Implementation Independence of the .NET Cryptographic API. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_9

Download citation

DOI: https://doi.org/10.1007/978-3-642-00199-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00198-7
Online ISBN: 978-3-642-00199-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics