Abstract
Security is an increasing concern for application developers, whether they are targeting internal customers, organizations or the general public. Particularly for the US public sector with requirements like FIPS 140, developers need to identify and remove superseded cryptography in both legacy applications and new development. This paper outlines a mechanism using static analysis tools to find outdated or improper cryptography and suggest corrections or correct code. This prevents the need for manual inspection and correction by developers familiar with cryptography and is more accurate than text searches.
- Fortify 360 Source Code Analyzer (SCA), 2011. https://www.fortify.com/products/fortify360/ source-code-analyzer.htmlGoogle Scholar
- Tolga Acar, Mira Belenkiy, Mihir Bellare, and David Cash. Cryptographic agility and its relation to circular encryption. Cryptology ePrint Archive, Report 2010/117, 2010. http://eprint.iacr.org/Google Scholar
- Alex Biryukov and Dmitry Khovratovich. Related-key Cryptanalysis of the Full AES-192 and AES-256. Cryptology ePrint Archive, Report 2009/317, 2009. http://eprint.iacr.org/Google Scholar
- Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolić. Distinguisher and Related-Key Attack on the Full AES-256 (Extended Version), 2009. Cryptology ePrint Archive, Report 2009/241.Google Scholar
- Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger. Biclique Cryptanalysis of the Full AES, 2011. Cryptology ePrint Archive, Report 2011/449.Google Scholar
- Steve Christey. CWE top 25 most dangerous software errors, 2011. http://cwe.mitre.org/top25/.Google Scholar
- Coverity, Inc. Coverity Static Analysis, 2011. http:// www.coverity.com/products/static-analysis.htmlGoogle Scholar
- CWE-320: Key Management Errors. http://cwe.mitre.org/data/definitions/320.htmlGoogle Scholar
- CWE-326: Inadequate Encryption Strength. http://cwe.mitre.org/data/definitions/326.htmlGoogle Scholar
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm. http://cwe.mitre.org/data/definitions/327.htmlGoogle Scholar
- T. Dierks and C. Allen. The TLS Protocol Version 1.0, January 1999. http://www.ietf.org/rfc/rfc2246.txt Google ScholarDigital Library
- D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19(1):42--51, Jan/Feb 2002. http://citeseerx.ist.psu.edu/viewdoc/download? doi=10.1.1.23.8576&rep=rep1&type=pdf Google ScholarDigital Library
- J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart. Http authentication: Basic and digest access authentication. http://www.ietf.org/rfc/rfc2617.txt Google ScholarDigital Library
- The Open Group. 'grep' Reference, 2008. http://pubs.opengroup.org/onlinepubs/ 9699919799/utilities/grep.htmlGoogle Scholar
- Aberdeen Group. Security and the software development lifecycle: Secure at the source, December 2010. http://www.aberdeen.com/Aberdeen-Library/6825/RB-software-development-lifecycle.aspxGoogle Scholar
- Michael Howard and David LeBlanc. Writing Secure Code. Microsoft Press, Redmond, Wash., 2nd edition, 2003. Google ScholarDigital Library
- Michael Howard. SDL Crypto Code Review Macro, June 2007. http: //blogs.msdn.com/b/michael_howard/archive/ 2007/06/14/sdl-crypto-code-review-macro.aspxGoogle Scholar
- Michael Howard. Banned Crypto and the SDL, Jul 2009. http://blogs.msdn.com/b/sdl/archive/2009/07/16/banned-crypto-and-the-sdl.aspxGoogle Scholar
- ISACA. COBIT 5 Initiative|Status Update, June 2011. http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-5-Initiative-Status-Update.aspxGoogle Scholar
- Earl E. Lee, II, John E. Mitchell, and William A. Wallace. Assessing vulnerability of proposed designs for interdependent infrastructure systems. In Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 2 - Volume 2, pages 20054.3, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
- Microsoft. FxCop, 2011. http://msdn.microsoft.com/en-us/library/bb429476(v=vs.80).aspxGoogle Scholar
- National Institute of Standards and Technology (NIST). FIPS 140-2 Security Requirements for Cryptographic Modules, May 2001. Publication: http://csrc.nist.gov/publications/fips/fips140-2/Fips140-2.zip Module validation: http: //csrc.nist.gov/groups/STM/cmvp/index.html Algorithm validation: http: //csrc.nist.gov/groups/STM/cavp/index.html Annex C containing RNG requirements: http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdfGoogle Scholar
- National Institute of Standards and Technology (NIST). FIPS 140-3 Draft, December 2009. http://csrc.nist.gov/publications/drafts/ fips140-3/revised-draft-fips140-3_PDF-zip_document-annexA-to-annexG.zipGoogle Scholar
- National Security Agency (NSA). NSA Suite B Cryptography, Nov 2010. http://www.nsa.gov/ia/programs/suiteb_cryptography/Google Scholar
- D. Nelson. Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS), November 2008. http://tools.ietf.org/html/ draft-ietf-radext-crypto-agility-requirements-01Google Scholar
- Hilarie Orman and Paul Hoffman. Determining strengths for public keys used for exchanging symmetric keys, January 2004. http://tools.ietf.org/html/draft-orman-public-key-lengths-08 Google ScholarDigital Library
- Yekaterina Tsipenyuk O'Neil. A few words about crypto, March 2009. http://blog.fortify.com/blog/2009/03/12/A-Few-Words-about-Crypto.Google Scholar
- OWASP. OWASP guide to cryptography, May 2009. https://www.owasp.org/index.php/Guide_to_ Cryptography.Google Scholar
- Paulo S.L.M. Barreto and Vincent Rijmen. The WHIRLPOOL Hashing Function, May 2003. http://pheattarchive.emporia.edu/courses/2007/cs260f07/hand42/Whirlpool.pdf.Google Scholar
- C. Rigney, S. Willens, A. Rubens, and W. Simpson. Remote Authentication Dial In User Service (RADIUS). http://www.ietf.org/rfc/rfc2865.txt Google ScholarDigital Library
- Stacy Simpson. Fundamental practices for secure software development, February 2011. Pages 32--36 of http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdfGoogle Scholar
- J. Smith, S. Russell, and M. Looi. Security as a safety issue in rail communications. In Proceedings of the 8th Australian workshop on Safety critical systems and software - Volume 33, SCS '03, pages 79{88, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc. Google ScholarDigital Library
- Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. MD5 considered harmful today, December 2008. http://www.win.tue.nl/hashclash/rogue-ca/Google Scholar
- Bryan Sullivan. Cryptographic agility: Defending against the sneakers scenario. https://media. blackhat.com/bh-us-10/presentations/Sullivan/BlackHat-USA-2010-Sullivan-Cryptographic-Agility-slides.pdfGoogle Scholar
- Bryan Sullivan. Cryptographic agility. Microsoft Developer Network (MSDN) Magazine, August 2009. http://msdn.microsoft.com/en-us/magazine/ee321570.aspxGoogle Scholar
- B A Wichmann, AA. Canning, D.L. Clutterbuck, L A Winsborrow, N.J. Ward, and D.W.R. Marsh. Industrial perspective on static analysis. IEEE, 1995. Also http://www.ida.liu.se/~TDDC90/papers/industrial95.pdfGoogle ScholarCross Ref
- Jeff Williams and Dave Witchers. OWASP Top 10 2010, 2010. https://www.owasp.org/index.php/Top_10_2010-MainGoogle Scholar
Index Terms
- Using static analysis tools to detect and correct non-compliant cryptography
Recommendations
Nonmalleable Cryptography
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext ...
Nonmalleable Cryptography
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so ...
Comments