3,187 Hits in 4.1 sec

How Usable Are Rust Cryptography APIs?

Kai Mindermann, Philipp Keck, Stefan Wagner
2018 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)  
Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are.  ...  Results: Only half of the major libraries explicitly focus on usability and misuse resistance, which is reflected in their current APIs.  ...  [13] compared the usability of cryptographic Python libraries in a controlled experiment with several tasks in an online environment.  ... 
doi:10.1109/qrs.2018.00028 dblp:conf/qrs/MindermannK018 fatcat:jato5lqirbhdlniwfcqvsrpaqu

A Roadmap for High Assurance Cryptography [chapter]

Harry Halpin
2018 Lecture Notes in Computer Science  
bundling of these cryptographic primitives in a new API that prevents common developer mistakes.  ...  In detail, we outline the need for a suite of high-assurance cryptographic software with per-microarchitecture optimizations that maintain competitive speeds with existing hand-optimized assembly and the  ...  Harry Halpin would like to thank Peter Schwabe for many of the original ideas in this paper and for some of the text itself, while taking sole responsibility for any lack of clarity or problems with this  ... 
doi:10.1007/978-3-319-75650-9_6 fatcat:fxwimrpesjddnjfvflveuqbz2q

Why Johnny Can't Store Passwords Securely? A Usability Evaluation of Bouncycastle Password Hashing [article]

Chamila Wijayarathna, Nalin Asanka Gamagedara Arachchilage
2018 arXiv   pre-print
To improve the usability of these APIs to make them easy to learn and use, it is important to identify the usability issues exist on those APIs that make those harder to learn and use.  ...  From data we collected, we identified 63 usability issues that exist in the SCrypt implementation of Bouncycastle API.  ...  The only current work on empirically evaluating usability of security APIs are done by Acar et al. [1] where they evaluated and compared usability of 5 cryptographic APIs for python.  ... 
arXiv:1805.09487v1 fatcat:biiojullcrbltcpdxi56s6ppqm

Dazed and Confused: What's Wrong with Crypto Libraries? [article]

Mohammadreza Hazhirpasand, Oscar Nierstrasz, Mohammad Ghafari
2021 arXiv   pre-print
Moreover, future research should investigate the similarity of problems at the API level among popular crypto libraries.  ...  Recent studies have shown that developers have difficulties in using cryptographic APIs, which often led to security flaws.  ...  We also thank CHOOSE, the Swiss Group for Original and Outside-the-box Software Engineering of the Swiss Informatics Society, for its financial contribution to the presentation of this paper.  ... 
arXiv:2111.01406v1 fatcat:qp3tcca36bayviqrwzfozq44re

KAuth: A Strong Single Sign-On Service based on PKI

Panayiotis Charalambous, Marios Karapetris, Elias Athanasopoulos
2018 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications  
By using Keybase, we minimize the required cryptographic keys to the absolute minimum: one.  ...  We implement two authentication schemes based on Keybase, KAuth and KAuth+, and we evaluate them using a state-of-the-art methodology. 478 Charalambous, P., Karapetris, M. and Athanasopoulos, E.  ...  This framework uses 25 properties split into 3 catergories, Usability, Deployability and Security. The framework is created for evaluation of other schemes compared to web passwords.  ... 
doi:10.5220/0006851906440649 dblp:conf/icete/CharalambousKA18 fatcat:p2zhdc5rpnbeherca3hmpmtfau

Developing Secure Services for IoT with OP-TEE: A First Look at Performance and Usability [article]

Christian Göttel, Pascal Felber, Valerio Schiavoni
2019 arXiv   pre-print
Assessing the performance and usability of a given framework remains challenging, as they are largely influenced by the application and workload considered, as well as the target hardware.  ...  We report our experimental results with the data store and also compare it against OP-TEE's built-in secure storage.  ...  The research leading to these results has received funding from the European Union's Horizon 2020 research and innovation programme under the LEGaTO Project (, grant agreement No 780681  ... 
arXiv:1904.11545v1 fatcat:3xztxkr7ovarlkoghzbhscwlam

Comparative Analysis of Cryptographic Key Management Systems [chapter]

Ievgeniia Kuzminykh, Bogdan Ghita, Stavros Shiaeles
2020 Lecture Notes in Computer Science  
model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code.  ...  Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response  ...  This work reflects authors view and Agency is not responsible for any use that may be made of the information it contains.  ... 
doi:10.1007/978-3-030-65729-1_8 fatcat:cvknlujkyfghvgddvkelfjsu6y

Challenges in Implementing an End-to-End Secure Protocol for Java ME-Based Mobile Data Collection in Low-Budget Settings [chapter]

Samson Gejibo, Federico Mancini, Khalid A. Mughal, Remi Valvik, Jørn Klungsøyr
2012 Lecture Notes in Computer Science  
In this paper we analyze implementation challenges of a proposed security protocol based on the Java ME platform.  ...  A prototype of our secure solution has been integrated with openXdata.  ...  Hence, even if this could give better performance, it could also affect the security of the API and its usability.  ... 
doi:10.1007/978-3-642-28166-2_5 fatcat:6uj636yx5nfmdnoi3wiz3n2pie

Transaction Security System extensions to the Common Cryptographic Architecture

D. B. Johnson, G. M. Dolan
1991 IBM Systems Journal  
The cryptographic subsystem consists of all cryptographic functions below the Cryptographic API.  ...  The customer (or system) application (APPL) calls API services to provide the cryptographic transformations.  ...  The cryptographic subsystem consists of all cryptographic functions below the Cryptographic API.  ... 
doi:10.1147/sj.302.0230 fatcat:s7foicxcc5d5lizosbi5r4uvha

Evaluation of Static Vulnerability Detection Tools with Java Cryptographic API Benchmarks [article]

Sharmin Afrose, Ya Xiao, Sazzadur Rahaman, Barton P. Miller, Danfeng Yao
2021 arXiv   pre-print
Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps).  ...  We present their performance and comparative analysis. The ApacheCryptoAPI-Bench also examines the scalability of the tools.  ...  ACKNOWLEDGMENTS This work has been supported by the National Science Foundation under Grant No. CNS-1929701 and the Virginia Commonwealth Cyber Initiative (CCI).  ... 
arXiv:2112.04037v1 fatcat:kv4jwcw2wnfulfz2yh6zjoleyi

Towards secure integration of cryptographic software

Steven Arzt, Sarah Nadi, Karim Ali, Eric Bodden, Sebastian Erdweg, Mira Mezini
2015 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!) - Onward! 2015  
Even though high-quality cryptographic APIs are widely available, programmers often select the wrong algorithms or misuse APIs due to a lack of understanding.  ...  use of cryptographic mechanisms.  ...  This work is funded by the DFG as part of project E1 within the CRC 1119 CROSSING, and was further supported by the BMBF within EC SPRIDE and by the Hessian LOEWE excellence initiative within CASED.  ... 
doi:10.1145/2814228.2814229 dblp:conf/oopsla/ArztNABEM15 fatcat:xaj7yilnyrd77jglsgorfqo3rm

Analysis of Key Wrapping APIs: Generic Policies, Computational Security

Guillaume Scerri, Ryan Stanley-Oakes
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
The authors would also like to thank the anonymous reviewers for their valuable comments.  ...  ACKNOWLEDGEMENTS The authors would like to thank Bogdan Warinschi, Martijn Stam and Karthikeyan Bhargavan for their useful feedback on the paper.  ...  Proofs in this model are easy to verify, especially compared to the cryptographic proofs like those found in [CC09] , [KSW11] and [KKS13] .  ... 
doi:10.1109/csf.2016.27 dblp:conf/csfw/ScerriS16 fatcat:nzhufirgmvdzti4clox5iksbqq

On PQC Migration and Crypto-Agility [article]

Alexander Wiesmaier
2021 arXiv   pre-print
We use this as starting point for a community project to keep track of the ongoing efforts and the state of the art in this field.  ...  Besides the development of PQC algorithms, the actual migration of IT systems to such new schemes has to be considered, best by utilizing or establishing crypto-agility.  ...  research area focuses o n understanding the usability of cryptographic API, where 141 examine the usability of cryptographic libraries and found poor documentation and missing code examples to be an issue  ... 
arXiv:2106.09599v1 fatcat:itr6zdltirg2ri3ismbeo7vtiq

Bitcoin's APIs in Open-Source Projects: Security Usability Evaluation

Philipp Tschannen, Ali Ahmed
2020 Electronics  
Making APIs usable is, therefore, an essential aspect related to the quality and robustness of the software.  ...  Furthermore, it evaluates the API usability of Libbitcoin, a well-known C++ implementation of the Bitcoin system, and assesses how the findings of this evaluation could affect the applications that use  ...  They point out that security APIs include more than cryptographic APIs.  ... 
doi:10.3390/electronics9071077 fatcat:7dgaze5pwjhrvp3nrinwc2vvbq

FluentCrypto: Cryptography in Easy Mode [article]

Simon Kafader, Mohammad Ghafari
2021 arXiv   pre-print
., it hides the low-level complexities that involve using the native Node.js cryptography API, and it relies on the rules that crypto experts specify to determine a secure configuration of the API.  ...  We have developed a fluent API named FluentCrypto to ease the secure and correct adoption of cryptography in the Node.js JavaScript runtime environment.  ...  Despite huge efforts in the field of usable security in general and cryptography in particular, cryptography APIs (in short, crypto APIs) are still difficult to use for mainstream developers [2] , resulting  ... 
arXiv:2108.07211v1 fatcat:plz4o626b5dm5gw2ajjftkm73y
« Previous Showing results 1 — 15 out of 3,187 results