research-article

Public Access

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects

Authors:
Sazzadur Rahaman

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Ya Xiao

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Sharmin Afrose

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Fahad Shaon

University of Texas at Dallas, Dallas, TX, USA

University of Texas at Dallas, Dallas, TX, USA
View Profile

,
Ke Tian

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Miles Frantz

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Murat Kantarcioglu

University of Texas at Dallas, Dallas, TX, USA

University of Texas at Dallas, Dallas, TX, USA
View Profile

,
Danfeng (Daphne) Yao

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2019Pages 2455–2472https://doi.org/10.1145/3319535.3345659

Published:06 November 2019Publication History

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2455–2472

ABSTRACT

Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized (e.g., millions of LoC) programs is not new. However, hindered by the practical difficulty of reducing false positives without compromising analysis quality, this goal has not been accomplished. CryptoGuard is a set of detection algorithms that refine program slices by identifying language-specific irrelevant elements. The refinements reduce false alerts by 76% to 80% in our experiments. Running our tool, CryptoGuard, on 46 high-impact large-scale Apache projects and 6,181 Android apps generated many security insights. Our findings helped multiple popular Apache projects to harden their code, including Spark, Ranger, and Ofbiz. We also have made progress towards the science of analysis in this space, including manually analyzing 1,295 Apache alerts, confirming 1,277 true positives (98.61% precision), and in-depth comparison with leading solutions including CrySL, SpotBugs, and Coverity.

Supplemental Material

p2455-rahaman.webm

webm

84.9 MB

Download

References

CogniCrypt_SAST for Android.Google Scholar
Coverity Static Application Security Testing (SAST).Google Scholar
Spotbugs: Find Bugs in Java Programs.Google Scholar
Cryptographic Key Length Recommendation. https://www.keylength.com/en/4/,2016. [Online; accessed 29-Jan-2018].Google Scholar
Google Play Warning: How to fix incorrect implementation of Hostname Verifier? https://stackoverf low.com/questions/41312795/google-play-warning-how-to-fix-incorrect-implementation-of-hostnameverifier, 2016. [Online; accessed29-Jan-2018].Google Scholar
Change the default Crypt Algo to use stronger cryptographic algo. "https://issues.apache.org/jira/browse/RANGER-1644", 2017. [Online; accessed Jan 26,2018].Google Scholar
Class Random. https://docs.oracle.com/javase/8/docs/api/java/util/Random.html,2017. [Online; accessed 29-Jan-2018].Google Scholar
Class Secure Random. https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html, 2017. [Online; accessed 29-Jan-2018].Google Scholar
Lifetimes of cryptographic hash functions. http://valerieaurora.org/hash.html,2017. [Online; accessed 29-Jan-2018].Google Scholar
List of Rainbow Tables. http://project-rainbowcrack.com/table.htm, 2017.[Online; accessed 29-Jan-2018].Google Scholar
Update Doc/Wiki to provide details on using custom encryption key and salt for encryption of credentials. https://issues.apache.org/jira/browse/RANGER-1645,2017. [Online; accessed Jan 26, 2018].Google Scholar
Google rejected app because of Hostname Verifier issue. "https://stackoverf low.com/questions/48420530/google-rejected-app-because-of-hostnameverifier-issue", 2018. [Online; accessed Jan 26, 2018].Google Scholar
Y. Acar, M. Backes, S. Fahl, S. Garfinkel, D. Kim, M. L. Mazurek, and C. Stransky. Comparing the Usability of Cryptographic APIs. In IEEE S&P'17, pages 154--171, 2017.Google Scholar
Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky. You Get Where You're Looking for: The Impact of Information Sources on Code Security. In IEEE S&P'16, pages 289--305, 2016.Google Scholar
Y. Acar et al. Developers Need Support, Too: A Survey of Security Advice forSoftware Developers. In IEEE Secure Development Conference SecDev, 2017.Google Scholar
D. Adrian et al. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In ACM CCS'15, pages 5--17, 2015.Google ScholarDigital Library
S. Afrose, S. Rahaman, and D. D. Yao. Crypto API-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses. In IEEE Secure Development Conference (SecDev), September 2019.Google Scholar
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. L. Traon, D. Octeau, and P. D. McDaniel. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, pages 259--269, 2014.Google ScholarDigital Library
M. Backes, S. Bugiel, and E. Derr. Reliable Third-Party Library Detection in Android and its Security Applications. In ACM CCS'16, pages 356--367, 2016.Google ScholarDigital Library
G. V. Bard. The Vulnerability of SSL to Chosen Plaintext Attack. IACR Cryptologye Print Archive, 2004:111, 2004.Google Scholar
D. J. Bernstein, Y. Chang, C. Cheng, L. Chou, N. Heninger, T. Lange, and N. van Someren. Factoring RSA Keys from Certified Smart Cards: Coppersmith in the Wild. In ASIACRYPT'13, pages 341--360, 2013.Google ScholarCross Ref
K. Bhargavan and G. Leurent. On the practical (in-)security of 64-bit blockciphers: Collision attacks on HTTP over TLS and OpenVPN. In ACM CCS'16, pages 456--467, 2016.Google ScholarDigital Library
K. Bhargavan and G. Leurent. Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH. In NDSS'16, 2016.Google Scholar
A. Bianchi, Y. Fratantonio, A. Machiry, C. Kruegel, G. Vigna, S. P. H. Chung, and W. Lee. Broken Fingers: On the Usage of the Fingerprint API in Android. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, SanDiego, California, USA, February 18--21, 2018, 2018.Google Scholar
D. Boneh. Twenty Years of Attacks on the RSA Cryptosystem. NOTICES OF THEAMS, 46(2), 1999.Google Scholar
A. Bosu, F. Liu, D. D. Yao, and G. Wang. Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications. In ACM AsiaCCS'17, pages 71--85, 2017.Google ScholarDigital Library
D. Chang, A. Jati, S. Mishra, and S. K. Sanadhya. Cryptanalytic Time-Memory Tradeoff for Password Hashing Schemes. IACR Cryptology ePrint Archive, 2017:603, 2017.Google Scholar
S. Checkoway, J. Maskiewicz, C. Garman, J. Fried, S. Cohney, M. Green,N. Heninger, R. Weinmann, E. Rescorla, and H. Shacham. A Systematic Analysis of the Juniper Dual EC Incident. In ACM CCS'16, pages 468--479, 2016.Google ScholarDigital Library
A. Chi, R. A. Cochran, M. Nesfield, M. K. Reiter, and C. Sturton. A System to Verify Network Behavior of Known Cryptographic Clients. In USENIX NSDI'17, pages 177--195, 2017.Google Scholar
J. Clark and P. C. van Oorschot. SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19--22, 2013, pages 511--525, 2013.Google ScholarDigital Library
J. de Ruiter and E. Poll. Protocol State Fuzzing of TLS Implementations. In USENIX Security'15, pages 193--206, 2015.Google Scholar
Welcome to the SWAMP. https://continuousassurance.org, 2018.Google Scholar
M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel. An empirical study of cryptographic misuse in Android applications. In ACM CCS'13, pages 73--84,2013.Google ScholarDigital Library
K. O. Elish, X. Shu, D. D. Yao, B. G. Ryder, and X. Jiang. Profiling user-trigger dependence for Android malware detection. Computers & Security, 49:255--273,2015.Google ScholarDigital Library
S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgärtner, and B. Freisleben. Why Eve and Mallory love Android: an analysis of Android SSL (in)Security. In ACM CCS'12, pages 50--61, 2012.Google ScholarDigital Library
F. Gagnon, M. Ferland, M. Fortier, S. Desloges, J. Ouellet, and C. Boileau. Andro SSL: A Platform to Test Android Applications Connection Security. In FPS'15, pages 294--302, 2015.Google Scholar
C. P. García, B. B. Brumley, and Y. Yarom. "Make Sure DSA Signing Exponentiations Really are Constant-Time". In ACM CCS'16, pages 1639--1650, 2016.Google ScholarDigital Library
C. Garman, M. Green, G. Kaptchuk, I. Miers, and M. Rushanan. Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage. In USENIX Security'16, pages 655--672, 2016.Google Scholar
M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The most dangerous code in the world: validating SSL certificates in non-browser software. In ACM CCS'12, 2012.Google ScholarDigital Library
I. Goldberg and D. Wagner. Randomness and the Netscape browser. Dr Dobb's Journal-Software Tools for the Professional Programmer, 21(1):66--71, 1996.Google Scholar
B. He, V. Rastogi, Y. Cao, Y. Chen, V. N. Venkatakrishnan, R. Yang, and Z. Zhang. Vetting SSL usage in applications with SSLINT. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17--21, 2015, pages 519--534, 2015.Google ScholarDigital Library
N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In USENIX Security'12, pages 205--220, 2012.Google Scholar
D. Hovemeyer and W. Pugh. Finding bugs is easy. SIGPLAN Notices, 39(12):92--106,2004.Google ScholarDigital Library
B. Johnson et al. Why don't software developers use static analysis tools to find bugs? In ICSE'13, pages 672--681, 2013.Google Scholar
H. Krawczyk. How to Predict Congruential Generators. In CRYPTO'89, pages 138--153, 1989.Google Scholar
S. Krüger et al. CogniCrypt: supporting developers in using cryptography. In IEEE/ACM ASE'17, pages 931--936, 2017.Google Scholar
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In ECOOP'18, pages 10:1--10:27, 2018.Google Scholar
Y. Kwon, B. Saltaformaggio, I. L. Kim, K. H. Lee, X. Zhang, and D. Xu. A2C: Selfdestructing exploit executions via input perturbation. In NDSS'17, 2017.Google Scholar
D. Lazar, H. Chen, X. Wang, and N. Zeldovich. Why does cryptographic softwarefail?: A case study and open problems. In APSys'14, 2014.Google ScholarDigital Library
J. Li, Z. Lin, J. Caballero, Y. Zhang, and D. Gu. K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15--19, 2018, pages 412--425, 2018.Google ScholarDigital Library
R. Lippmann and R. K. Cunningham. Improving intrusion detection performance using keyword selection and neural networks. Computer Networks, 34(4):597--603, 2000.Google ScholarDigital Library
A. D. Lucia. Program Slicing: Methods and Applications. In IEEE International Workshop on Source Code Analysis and Manipulation SCAM'01, pages 144--151, 2001.Google Scholar
S. Ma, D. Lo, T. Li, and R. H. Deng. CDRep: Automatic Repair of Cryptographic Misuses in Android Applications. InProceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, pages 711--722,2016.Google ScholarDigital Library
S. Ma, F. Thung, D. Lo, C. Sun, and R. H. Deng. VuRLE: Automatic Vulnerability Detection and Repair by Learning from Examples. In Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, pages 229--246, 2017.Google ScholarCross Ref
N. Meng, S. Nagy, D. Yao, W. Zhuang, and G. A. Argoty. Secure Coding Practices in Java: Challenges and Vulnerabilities. In ACM ICSE'18, Gothenburg, Sweden, May 2018.Google ScholarDigital Library
K. Moriarty, B. Kaliski, and A. Rusch. PKCS# 5: Password-Based Cryptography Specification Version 2.1. 2017.Google ScholarCross Ref
V. Murali, S. Chaudhuri, and C. Jermaine. Bayesian specification learning for finding API usage errors. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4--8,2017, pages 151--162, 2017.Google ScholarDigital Library
S. Nadi, S. Krüger, M. Mezini, and E. Bodden. Jumping Through Hoops: Why Do Java Developers Struggle with Cryptography APIs? In ICSE'16, pages 935--946,2016.Google ScholarDigital Library
Y. Nan, Z. Yang, X. Wang, Y. Zhang, D. Zhu, and M. Yang. Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018, 2018.Google ScholarCross Ref
D. C. Nguyen et al. A Stitch in Time: Supporting Android Developers in Writing Secure Code. In ACM CCS'17, pages 1065--1077, 2017.Google ScholarDigital Library
R. Paletov, P. Tsankov, V. Raychev, and M. T. Vechev. Inferring crypto API rulesfrom code changes. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, pages 450--464,2018.Google ScholarDigital Library
X. Pan, X. Wang, Y. Duan, X. Wang, and H. Yin. Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps. In NDSS'17, 2017.Google Scholar
N. H. Pham, T. T. Nguyen, H. A. Nguyen, and T. N. Nguyen. Detection of recurring software vulnerabilities. In ASE 2010, 25th IEEE/ACM International Conference on Automated Software Engineering, pages 447--456, 2010.Google ScholarDigital Library
S. Rahaman and D. Yao. Program Analysis of Cryptographic Implementationsfor Security. In IEEE Secure Development Conference (SecDev), 2017, pages 61--68, 2017.Google Scholar
N. Rutar, C. B. Almazan, and J. S. Foster. A comparison of bug finding tools for Java. In 15th International Symposium on Software Reliability Engineering (ISSRE 2004), pages 245--256, 2004.Google ScholarDigital Library
S. Sivakorn, G. Argyros, K. Pei, A. D. Keromytis, and S. Jana. HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations. In IEEE S&P'17, pages 521--538, 2017.Google Scholar
J. Somorovsky. Systematic Fuzzing and Testing of TLS Libraries. In ACM CCS'16, pages 1492--1504, 2016.Google Scholar
D. Sounthiraraj, J. Sahs, G. Greenwood, Z. Lin, and L. Khan. SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In NDSS'14, 2014.Google Scholar
M. Stevens, E. Bursztein, P. Karpman, A. Albertini, and Y. Markov. The First Collision for Full SHA-1. In CRYPTO'17, 2017.Google ScholarCross Ref
M. Stevens, A. K. Lenstra, and B. de Weger. Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. In EUROCRYPT'07, pages 1--22, 2007.Google ScholarDigital Library
Update to Current Use and Deprecation of TDEA, 2017. https://csrc.nist.gov/news/2017/update-to-current-use-and-deprecation-of-tdea.Google Scholar
V. van der Veen et al. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In ACM CCS'16, pages 1675--1689, 2016.Google ScholarDigital Library
K. Xu, D. Yao, B. Ryder, and K. Tian. Probabilistic Program Modeling for High-Precision Anomaly Classification. In CSF'15, July 2015.Google Scholar
H. Y. Yang, E. D. Tempero, and H. Melton. An Empirical Study into Use of Dependency Injection in Java. In Australian Software Engineering Conference ASWEC'08, pages 239--247, 2008.Google ScholarCross Ref
D. Yao, X. Shu, L. Cheng, and S. J. Stolfo. Anomaly Detection as a Service: Challenges, Advances, and Opportunities. In Information Security, Privacy, and Trust Series. Morgan & Claypool., 2017.Google Scholar
T. Zhang, G. Upadhyaya, A. Reinhardt, H. Rajan, and M. Kim. Are code exampleson an online Q&A forum reliable?: a study of API misuse on stack overflow. In Proceedings of the 40th International Conference on Software Engineering, ICSE 2018, pages 886--896, 2018.Google ScholarDigital Library
C. Zuo, Z. Lin, and Y. Zhang. Why Does Your Data Leak? Uncovering the DataLeakage in Cloud from Mobile Apps. In IEEE S&P'16, 2019.Google Scholar

Index Terms

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects
1. Security and privacy
  1. Software and application security

Recommendations

A Comprehensive Benchmark on Java Cryptographic API Misuses
CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a ...
Read More
Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Cryptographic API misuses seriously threaten software security. Automatic screening of cryptographic misuse vulnerabilities has been a popular and important line of research over the years. However, the vision of producing a scalable detection tool that ...
Read More
Deployment-quality and Accessible Solutions for Cryptography Code Development
CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

Cryptographic API misuses seriously threatens software security. Automatic screening of cryptographic misuse vulnerabilities has been a popular and important line of research over the years. However, the vision of producing a scalable detection tool ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
November 2019
2755 pages
ISBN:9781450367479
DOI:10.1145/3319535
General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Java
accuracy
benchmark
cryptographic API misuses
false negative
false positive
static program analysis
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '19 Paper Acceptance Rate149of934submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 78
  Total Citations
  View Citations
- 2,949
  Total Downloads
- Downloads (Last 12 months)620
- Downloads (Last 6 weeks)84
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

A Comprehensive Benchmark on Java Cryptographic API Misuses

Poster: Deployment-quality and Accessible Solutions for Cryptography Code Development

Deployment-quality and Accessible Solutions for Cryptography Code Development