Toward Semantic Cryptography APIs

While several mature cryptographic frameworks exist, and have been utilized for building complex applications, developers often use these frameworks incorrectly and introduce security vulnerabilities. This stems from several challenges, including (i) an expectation that framework users understand security attacks and defenses and the subtle impact of various low level parameters, (ii) the need to take into account information external to the system to ensure security (e.g. TLS certificate revocations), and (iii) the frequent need to disable security checks during development and testing, as sometimes these checks remain disabled in production. We propose guidelines for designing cryptography APIs that are semantically meaningful for developers and that can be implemented consistently on top of existing frameworks. We also propose the Regulator design pattern, for incorporating security-critical external information, and build management hooks for isolating security workarounds needed during the development and test phases. Our API is a first step toward striking the right balance between restricting the security decisions that developers make and giving them the flexibility needed for complex applications that use cryptography.

[1]  Michael Backes,et al.  You Get Where You're Looking for: The Impact of Information Sources on Code Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[2]  Ralph Johnson,et al.  Design patterns: elements of reuseable object-oriented software , 1994 .

[3]  Christoph Kern Preventing Security Bugs through Software Design , 2015 .

[4]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[5]  Elaine B. Barker,et al.  Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[6]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[7]  Matthew Smith,et al.  Rethinking SSL development in an appified world , 2013, CCS.

[8]  George Danezis,et al.  Proceedings of the 2012 ACM conference on Computer and communications security , 2012, CCS 2012.

[9]  Mira Mezini,et al.  Towards secure integration of cryptographic software , 2015, Onward!.

[10]  Bruce M. Maggs,et al.  An End-to-End Measurement of Certificate Revocation in the Web's PKI , 2015, Internet Measurement Conference.

[11]  Tudor Dumitras,et al.  Helping Johnny encrypt: toward semantic interfaces for cryptographic frameworks , 2016, Onward!.

[12]  Steven M. Bellovin On the Brittleness of Software and the Infeasibility of Security Metrics , 2006, IEEE Security & Privacy Magazine.

[13]  Patrick Traynor,et al.  Mo(bile) Money, Mo(bile) Problems , 2017, ACM Trans. Priv. Secur..

[14]  Wouter Joosen,et al.  Does organizing security patterns focus architectural choices? , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[15]  Joshua J. Bloch How to design a good API and why it matters , 2006, OOPSLA '06.

[16]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.