Abstract
When a vulnerability is discovered in a cryptographic algorithm, or in a specific implementation of that algorithm, it is important that software using that algorithm or implementation is upgraded quickly. Hence, modern cryptographic libraries such as the .NET crypto libraries are designed to be extensible with new algorithms. In addition, they also support algorithm and implementation independent use. Software written against these libraries can be implemented such that switching to a new crypto algorithm or implementation requires very little effort.
This paper reports on our experiences with the implementation of a number of extensions to the .NET cryptographic framework. The extensions we consider are smart card based implementations of existing algorithms. We evaluate the extensibility of the libraries, and the support for implementation independence. We identify several problems with the libraries that have a negative impact on these properties, and we propose solutions.
The main conclusion of the paper is that extensibility and implementation independence can be substantially improved with only minor changes. These changes maintain backwards compatibility for client code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 629–660. Springer, Heidelberg (1998)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. Journal of Cryptology 14, 101–119 (2001)
Boon, C., Philippaerts, P., Piessens, F.: Practical experience with the NET cryptographic API (November 2008), http://www.cs.kuleuven.be/publicaties/rapporten/cw/CW531.abs.html
De Cock, D., Wouters, K., Preneel, B.: Introduction to the Belgian EID Card. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 1–13. Springer, Heidelberg (2004)
Gaskell, G., Looi, M.: Integrating smart cards into authentication systems. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 270–281. Springer, Heidelberg (1996)
Herzberg, A.: Payments and banking with mobile personal devices. Wireless networking security 46(5), 53–58 (2003)
ISO/IEC. ISO/IEC 7816-8 Identification cards - Integrated circuit cards - Commands for security operations, 2nd edn. (2004)
ISO/IEC. ISO/IEC 7816-4 Identification cards - Integrated circuit cards - Organization, security and commands for interchange, 2nd edn. (2005)
Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Information and Communications Security: First International Conference, 233–246 (1997), http://www.trusteer.com/dnsopenbsd
Klein, A.: OpenBSD DNS cache poisoning and multiple O/S predictable IP ID vulnerability (2007)
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Naccache, D., M’Raihi, D.: Cryptographic smart cards. IEEE Micro 16(3), 14–24 (1996)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, 2004/199 (2004)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Philippaerts, P., Boon, C., Piessens, F. (2009). Report: Extensibility and Implementation Independence of the .NET Cryptographic API. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-00199-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00198-7
Online ISBN: 978-3-642-00199-4
eBook Packages: Computer ScienceComputer Science (R0)