Related papers: Cryptoscope: Analyzing cryptographic usages in modern software

Cryptoscope: Analyzing cryptographic usages in modern software

URL: http://arxiv.org/abs/2503.19531v1
Date: Tue, 25 Mar 2025 10:39:50 GMT
Title: Cryptoscope: Analyzing cryptographic usages in modern software
Authors: Micha Moffie, Omer Boehm, Anatoly Koyfman, Eyal Bin, Efrayim Sztokman, Sukanta Bhattacharjee, Meghnath Saha, James McGugan,
Abstract summary: The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms.<n>It is crucial not only to identify quantum vulnerable algorithms but also to detect vulnerabilities and incorrect crypto usages.<n>A U.S. government memorandum require agencies to begin their transition to PQC (Post Quantum Cryptograpy) by conducting a prioritized inventory of cryptographic systems.
Score: 0.5139430317578633
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms, necessitating a proactive approach to identify and modernize cryptographic code. Identifying these cryptographic elements in existing code is only the first step. It is crucial not only to identify quantum vulnerable algorithms but also to detect vulnerabilities and incorrect crypto usages, to prioritize, report, monitor as well as remediate and modernize code bases. A U.S. government memorandum require agencies to begin their transition to PQC (Post Quantum Cryptograpy) by conducting a prioritized inventory of cryptographic systems including software and hardware systems. In this paper we describe our code scanning tool - Cryptoscope - which leverages cryptographic domain knowledge as well as compiler techniques to statically parse and analyze source code. By analyzing control and data flow the tool is able to build an extendable and querriable inventory of cryptography. Cryptoscope goes beyond identifying disconnected cryptographic APIs and instead provides the user with an inventory of cryptographic assets - containing comprehensive views of the cryptographic operations implemented. We show that for more than 92% of our test cases, these views include the cryptographic operation itself, APIs, as well as the related material such as keys, nonces, random sources etc. Lastly, building on top of this inventory, our tool is able to detect and report all the cryptographic related weaknesses and vulnerabilities (11 out of 15) in CamBench - achieving state-of-the-art performance.

Related papers

Cryptanalysis via Machine Learning Based Information Theoretic Metrics [58.96805474751668]
We propose two novel applications of machine learning (ML) algorithms to perform cryptanalysis on any cryptosystem.<n>These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem.<n>We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy.
arXiv Detail & Related papers (2025-01-25T04:53:36Z)
Secure Semantic Communication With Homomorphic Encryption [52.5344514499035]
This paper explores the feasibility of applying homomorphic encryption to SemCom. We propose a task-oriented SemCom scheme secured through homomorphic encryption.
arXiv Detail & Related papers (2025-01-17T13:26:14Z)
Revocable Encryption, Programs, and More: The Case of Multi-Copy Security [48.53070281993869]
We show the feasibility of revocable primitives, such as revocable encryption and revocable programs. This suggests that the stronger notion of multi-copy security is within reach in unclonable cryptography.
arXiv Detail & Related papers (2024-10-17T02:37:40Z)
Applications of Post-quantum Cryptography [0.0]
The review employs a systematic scoping review with the scope restricted to the years 2022 and 2023. The review examined the articles on the applications of quantum computing in various spheres. The paper is analyzing various PQC algorithms, including lattice-based, hash-based, code-based, and isogeny-based cryptography.
arXiv Detail & Related papers (2024-06-19T06:45:39Z)
Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications. The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms. This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z)
Software-Defined Cryptography: A Design Feature of Cryptographic Agility [6.223203288731036]
Cryptographic agility, or crypto-agility, is a design feature that enables seamless updates to new cryptographic algorithms and standards. This paper introduces a notion of software-defined cryptography as the desired design feature for crypto-agility.
arXiv Detail & Related papers (2024-04-02T10:11:58Z)
FoC: Figure out the Cryptographic Functions in Stripped Binaries with LLMs [51.898805184427545]
We propose a novel framework called FoC to Figure out the Cryptographic functions in stripped binaries. We first build a binary large language model (FoC-BinLLM) to summarize the semantics of cryptographic functions in natural language. We then build a binary code similarity model (FoC-Sim) upon the FoC-BinLLM to create change-sensitive representations and use it to retrieve similar implementations of unknown cryptographic functions in a database.
arXiv Detail & Related papers (2024-03-27T09:45:33Z)
Post-Quantum Cryptography: Securing Digital Communication in the Quantum Era [0.0]
Post-quantum cryptography (PQC) is a critical field aimed at developing resilient cryptographic algorithms to quantum attacks. This paper delineates the vulnerabilities of classical cryptographic systems to quantum attacks, elucidates impervious principles of quantum computing, and introduces various PQC algorithms.
arXiv Detail & Related papers (2024-03-18T12:51:56Z)
Cryptanalysis and improvement of multimodal data encryption by machine-learning-based system [0.0]
encryption algorithms to accommodate varied requirements of this field. Best approach to analyzing an encryption algorithm is to identify a practical and efficient technique to break it.
arXiv Detail & Related papers (2024-02-24T10:02:21Z)
Demonstration of quantum-digital payments [36.136619420474766]
We show how quantum light can secure daily digital payments by generating inherently unforgeable quantum cryptograms. Unlike previously proposed protocols, our solution does not depend on long-term quantum storage or trusted agents and authenticated channels. It is practical with near-term technology and may herald an era of quantum-enabled security.
arXiv Detail & Related papers (2023-05-23T20:20:14Z)
Revocable Cryptography from Learning with Errors [61.470151825577034]
We build on the no-cloning principle of quantum mechanics and design cryptographic schemes with key-revocation capabilities. We consider schemes where secret keys are represented as quantum states with the guarantee that, once the secret key is successfully revoked from a user, they no longer have the ability to perform the same functionality as before.
arXiv Detail & Related papers (2023-02-28T18:58:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.