skip to main content
10.1145/2637166.2637237acmotherconferencesArticle/Chapter ViewAbstractPublication PagesapsysConference Proceedingsconference-collections
research-article

Why does cryptographic software fail?: a case study and open problems

Published: 25 June 2014 Publication History

Abstract

Mistakes in cryptographic software implementations often undermine the strong security guarantees offered by cryptography. This paper presents a systematic study of cryptographic vulnerabilities in practice, an examination of state-of-the-art techniques to prevent such vulnerabilities, and a discussion of open problems and possible future research directions. Our study covers 269 cryptographic vulnerabilities reported in the CVE database from January 2011 to May 2014. The results show that just 17% of the bugs are in cryptographic libraries (which often have devastating consequences), and the remaining 83% are misuses of cryptographic libraries by individual applications. We observe that preventing bugs in different parts of a system requires different techniques, and that no effective techniques exist to deal with certain classes of mistakes, such as weak key generation.

References

[1]
R. Anderson. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS), pages 215--227, Fairfax, VA, Nov. 1993.
[2]
C. Arnaud and P.-A. Fouque. Timing attack against protected RSA-CRT implementation used in PolarSSL. In Proceedings of the Cryptographer's Track at RSA Conference (CT-RSA), pages 18--33, San Francisco, CA, Feb. 2013.
[3]
J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. ACM Transactions on Programming Languages and Systems, 33(2):8, 2011.
[4]
D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang. High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2):77--89, Sept. 2012.
[5]
K. Bhargavan, R. Corin, C. Fournet, and E. Zalinescu. Cryptographically verified implementations for TLS. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), pages 459--468, Alexandria, VA, Oct. 2008.
[6]
B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop, pages 82--96, June 2001.
[7]
A. Bortz, D. Boneh, and P. Nandy. Exposing private information by timing web applications. In Proceedings of the 16th International Conference on World Wide Web, pages 621--628, May 2007.
[8]
D. Cadé and B. Blanchet. From computationally-proved protocol specifications to implementations. In Proceedings of the Seventh International Conference on on Availability, Reliability and Security (ARES), pages 65--74, 2012.
[9]
A. Datta, A. Derek, J. C. Mitchell, and A. Roy. Protocol composition logic (PCL). Electronic Notes in Theoretical Computer Science, 172:311--358, Apr. 2007.
[10]
A. Dey and S. Weis. Keyczar: A cryptographic toolkit, 2008. http://www.keyczar.org/.
[11]
M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel. An empirical study of cryptographic misuse in Android applications. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), pages 73--84, Berlin, Germany, Nov. 2013.
[12]
L. Erkök and J. Matthews. Pragmatic equivalence and safety checking in Cryptol. In Proceedings of the 3rd Workshop on Programming Languages Meets Program Verification, pages 73--82, 2009.
[13]
S. Fahl, M. Harbach, T. Muders, L. Baumgärtner, B. Freisleben, and M. Smith. Why Eve and Mallory love Android: An analysis of Android SSL (in)security. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pages 50--61, Raleigh, NC, Oct. 2012.
[14]
N. Ferguson, B. Schneier, and T. Kohno. Cryptography Engineering: Design Principles and Practical Applications. Wiley, Mar. 2010.
[15]
A. Langley. HTTPS: things that bit us, things we fixed and things that are waiting in the grass. Workshop on Real-World Cryptography, Jan. 2013. https://www.imperialviolet.org/2013/01/13/rwc03.html.
[16]
P. Marchenko and B. Karp. Structuring protocol implementations to protect sensitive data. In Proceedings of the 19th USENIX Security Symposium, pages 47--62, Washington, DC, Aug. 2010.
[17]
J. C. Mitchell, M. Mitchell, and U. Stern. Automated analysis of cryptographic protocols using Murφ. In Proceedings of the 18th IEEE Symposium on Security and Privacy, pages 141--151, Oakland, CA, May 1997.
[18]
M. Morgan. Blowfish can be cracked! (fix included...), July 1996. https://www.schneier.com/blowfish-bug.txt.
[19]
National Institute of Standards and Technology. Cryptographic algorithm validation program. http://csrc.nist.gov/groups/STM/cavp/.
[20]
OpenAFS. Brute force DES attack permits compromise of AFS cell (CVE-2013-4134), July 2013. http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt.
[21]
C. Percival. Cryptographic right answers, June 2009. http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html.
[22]
J. Rizzo and T. Duong. The CRIME attack. ekoparty Security Conference, Sept. 2012. http://www.ekoparty.org/archive/2012/CRIME_ekoparty2012.pdf.
[23]
B. Schneier. NSA surveillance: A guide to staying secure, Sept. 2013. https://www.schneier.com/essay-450.html.
[24]
E. W. Smith and D. L. Dill. Automatic formal verification of block cipher implementations. In Proceedings of the 8th International Conference on Formal Methods in Computer-Aided Design (FMCAD), Portland, OR, Nov. 2008.
[25]
E. Snowden. NSA whistleblower answers reader questions, June 2013. http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower.
[26]
The MITRE Corporation. Common vulnerabilities and exposures (CVE). http://cve.mitre.org/.
[27]
X. Wang, H. Chen, A. Cheung, Z. Jia, N. Zeldovich, and M. F. Kaashoek. Undefined behavior: What happened to my code? In Proceedings of the 3rd Asia-Pacific Workshop on Systems, Seoul, South Korea, July 2012.
[28]
A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), pages 291--304, Big Sky, MT, Oct. 2009.
[29]
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), pages 263--278, Seattle, WA, Nov. 2006.

Cited By

View all
  • (2025)A survey on Cryptoagility and Agile Practices in the light of quantum resistanceInformation and Software Technology10.1016/j.infsof.2024.107604178(107604)Online publication date: Feb-2025
  • (2024)K-Hunt++: Improved Dynamic Cryptographic Key ExtractionProceedings of the 2024 Workshop on Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks10.1145/3689934.3690818(22-29)Online publication date: 19-Nov-2024
  • (2024)Enhanced Analysis of Cryptographic Library Usage Patterns and Trends in Android Applications2024 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC63325.2024.00031(88-93)Online publication date: 6-Nov-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
APSys '14: Proceedings of 5th Asia-Pacific Workshop on Systems
June 2014
98 pages
ISBN:9781450330244
DOI:10.1145/2637166
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

  • Chinese Academy of Sciences

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Funding Sources

Conference

APSys'14
Sponsor:
APSys'14: Asia-Pacific Workshop on Systems
June 25 - 26, 2014
Beijing, China

Acceptance Rates

APSys '14 Paper Acceptance Rate 14 of 35 submissions, 40%;
Overall Acceptance Rate 169 of 430 submissions, 39%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)157
  • Downloads (Last 6 weeks)6
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)A survey on Cryptoagility and Agile Practices in the light of quantum resistanceInformation and Software Technology10.1016/j.infsof.2024.107604178(107604)Online publication date: Feb-2025
  • (2024)K-Hunt++: Improved Dynamic Cryptographic Key ExtractionProceedings of the 2024 Workshop on Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks10.1145/3689934.3690818(22-29)Online publication date: 19-Nov-2024
  • (2024)Enhanced Analysis of Cryptographic Library Usage Patterns and Trends in Android Applications2024 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC63325.2024.00031(88-93)Online publication date: 6-Nov-2024
  • (2024)Towards cryptographic agility manifesto in end-to-end encryption systems: a position paper from the perspective of crypto-consumers2024 IEEE Conference on Dependable, Autonomic and Secure Computing (DASC)10.1109/DASC64200.2024.00015(65-72)Online publication date: 5-Nov-2024
  • (2023)Understanding Persistent-memory-related Issues in the Linux KernelACM Transactions on Storage10.1145/360594619:4(1-28)Online publication date: 3-Oct-2023
  • (2023)A Comparative Study on Design and Usability of Cryptographic LibrariesProceedings of the 2023 Australasian Computer Science Week10.1145/3579375.3579388(102-111)Online publication date: 30-Jan-2023
  • (2023)Empirical Analysis of Software Vulnerabilities Causing Timing Side Channels2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288690(1-9)Online publication date: 2-Oct-2023
  • (2023)CryptoEvalIET Information Security10.1049/ise2.1211717:4(582-597)Online publication date: 24-May-2023
  • (2023)Implementing Post-quantum Cryptography for DevelopersSN Computer Science10.1007/s42979-023-01724-14:4Online publication date: 29-Apr-2023
  • (2023)Enabling Lightweight Privilege Separation in Applications with MicroGuardsApplied Cryptography and Network Security Workshops10.1007/978-3-031-41181-6_31(571-598)Online publication date: 4-Oct-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media