Related papers: From Struggle to Simplicity with a Usable and Secure API for Encryption in Java

From Struggle to Simplicity with a Usable and Secure API for Encryption in Java

URL: http://arxiv.org/abs/2409.05128v1
Date: Sun, 8 Sep 2024 15:16:12 GMT
Title: From Struggle to Simplicity with a Usable and Secure API for Encryption in Java
Authors: Ehsan Firouzi, Ammar Mansuri, Mohammad Ghafari, Maziar Kaveh,
Abstract summary: SafEncrypt is an API that streamlines encryption tasks for Java developers. It is built on top of the native Java Cryptography Architecture, and it shields developers from crypto complexities and erroneous low-level details.
Score: 0.07499722271664144
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Cryptography misuses are prevalent in the wild. Crypto APIs are hard to use for developers, and static analysis tools do not detect every misuse. We developed SafEncrypt, an API that streamlines encryption tasks for Java developers. It is built on top of the native Java Cryptography Architecture, and it shields developers from crypto complexities and erroneous low-level details. Experiments showed that SafEncrypt is suitable for developers with varying levels of experience.

Related papers

Secure Semantic Communication With Homomorphic Encryption [52.5344514499035]
This paper explores the feasibility of applying homomorphic encryption to SemCom. We propose a task-oriented SemCom scheme secured through homomorphic encryption.
arXiv Detail & Related papers (2025-01-17T13:26:14Z)
The Evolution of Cryptography through Number Theory [55.2480439325792]
cryptography began around 100 years ago, its roots trace back to ancient civilizations like Mesopotamia and Egypt. This paper explores the link between early information hiding techniques and modern cryptographic algorithms like RSA.
arXiv Detail & Related papers (2024-11-11T16:27:57Z)
ChatGPT's Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools [0.08192907805418582]
cryptography misuse detectors have demonstrated inconsistent performance and remain largely inaccessible to most developers. We investigated the extent to which ChatGPT can detect cryptography misuses and compared its performance with that of the state-of-the-art static analysis tools. Our investigation, mainly based on the CryptoAPI-Bench benchmark, demonstrated that ChatGPT is effective in identifying cryptography API misuses, and with the use of prompt engineering, it can even outperform leading static cryptography misuse detectors.
arXiv Detail & Related papers (2024-09-10T14:50:12Z)
Time to Separate from StackOverflow and Match with ChatGPT for Encryption [0.09208007322096533]
Security is a top concern among developers, but security issues are pervasive in code snippets. ChatGPT can effectively aid developers when they engage with it properly.
arXiv Detail & Related papers (2024-06-10T10:56:59Z)
An Investigation into Misuse of Java Security APIs by Large Language Models [9.453671056356837]
This paper systematically assesses ChatGPT's trustworthiness in code generation for security API use cases in Java. Around 70% of the code instances across 30 attempts per task contain security API misuse, with 20 distinct misuse types identified. For roughly half of the tasks, this rate reaches 100%, indicating that there is a long way to go before developers can rely on ChatGPT to securely implement security API code.
arXiv Detail & Related papers (2024-04-04T22:52:41Z)
CodeChameleon: Personalized Encryption Framework for Jailbreaking Large Language Models [49.60006012946767]
We propose CodeChameleon, a novel jailbreak framework based on personalized encryption tactics. We conduct extensive experiments on 7 Large Language Models, achieving state-of-the-art average Attack Success Rate (ASR) Remarkably, our method achieves an 86.6% ASR on GPT-4-1106.
arXiv Detail & Related papers (2024-02-26T16:35:59Z)
Tortoise: An Authenticated Encryption Scheme [0.0]
Tortoise is an experimental nonce-based authenticated encryption scheme modeled on the Synthetic Counter-in-Tweak. This paper demonstrates a generalizable plug-and-play framework for converting block cipher into Authenticated Encryption with Associated Data.
arXiv Detail & Related papers (2023-09-11T18:55:07Z)
GPT-4 Is Too Smart To Be Safe: Stealthy Chat with LLMs via Cipher [85.18213923151717]
Experimental results show certain ciphers succeed almost 100% of the time to bypass the safety alignment of GPT-4 in several safety domains. We propose a novel SelfCipher that uses only role play and several demonstrations in natural language to evoke this capability.
arXiv Detail & Related papers (2023-08-12T04:05:57Z)
RiDDLE: Reversible and Diversified De-identification with Latent Encryptor [57.66174700276893]
This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor. Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
arXiv Detail & Related papers (2023-03-09T11:03:52Z)
Revocable Cryptography from Learning with Errors [61.470151825577034]
We build on the no-cloning principle of quantum mechanics and design cryptographic schemes with key-revocation capabilities. We consider schemes where secret keys are represented as quantum states with the guarantee that, once the secret key is successfully revoked from a user, they no longer have the ability to perform the same functionality as before.
arXiv Detail & Related papers (2023-02-28T18:58:11Z)
A brief history on Homomorphic learning: A privacy-focused approach to machine learning [2.055949720959582]
Homomorphic encryption allows running arbitrary operations on encrypted data. It enables us to run any sophisticated machine learning algorithm without access to the underlying raw data. It took more than 30 years of collective effort to finally find the answer "yes"
arXiv Detail & Related papers (2020-09-09T21:57:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.