Abstract
Most of the time, cryptography fails due to “implementation and management errors”. So the task at hand is to design a cryptographic library to ease its safe use and to hinder implementation errors. This is of special interest when the implementation language is celebrated for its qualification to write reliable safe and secure systems, such as Ada.
This paper concentrates on the handling of nonces (“number used once”) and on authenticated encryption, i.e., on establishing a safe communication channel between two parties which share a common secret key. Cryptographers consider it as a “nonce misuse”, if a nonce value is ever reused. Avoiding nonce-misuse is easy in theory, but difficult in practice. One problem with authenticated encryption is that a naive combination of a secure authentication and a secure encryption scheme may turn out to be insecure. Another problem is that decryption temporarily provides an incomplete plaintext, that may eventually found to be unauthentic.
We discuss how to ease the proper usage of cryptosystems, how to hinder unintentional misuse, and how one may possibly limit the damage in the case of a misuse.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Adamson, A., Maurer, M., R.P.W., et al.: FlexiProvider (November 2011), http://www.flexiprovider.de/overview.html
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)
Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak SHA-3 submission. Submission to NIST, Round 3 (2011)
Bleichenbacher, D.: Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Borisov, N., Goldberg, I., Wagner, D.: Intercepting Mobile Communications: The Insecurity of 802.11. In: MOBICOM, pp. 180–189 (2001)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
C.C.C. (CCC). Analyse einer Regierungs-Malware (2011), http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
Dworkin, M.: Recommandations for block cipher modes of operation. SP 800-38a, U.S. DoC/National Institute of Standards and Technology (2001), http://csrc.nist.gov/CryptoToolkit/modes/
Dworkin, M.: Special Publication 800-38C: Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. National Institute of Standards and Technology, U.S. Department of Commerce (May 2005)
Egelman, S., Cranor, L.F., Hong, J.I.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: CHI, pp. 1065–1074 (2008)
W.D., et al.: Crypto++ Library 5.6.1 - a Free C++ Class Library of Cryptographic Schemes (August 2010), http://www.cryptopp.com/
Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family. Submission to NIST (2010)
Fleischmann, E., Forler, C., Lucks, S.: McOE: A Foolproof On-Line Authenticated Encryption Scheme. Cryptology ePrint Archive, Report 2011/644 (2011), http://eprint.iacr.org/
Forler, C., Barshun, A., M.R., et al.: Libadacrypt-0.2.0 (November 2011), https://github.com/cforler/Ada-Crypto-Library
Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated On-Line Encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 145–159. Springer, Heidelberg (2004)
Gillmor, D.K.: Crypt-Nettle-0.3 (March 2011), http://search.cpan.org/~dkg/Crypt-Nettle-0.3
Goldwasser, S., Micali, S.: Probabilistic Encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
Gustavsson, T., Kerr, C., E.T., et al.: The legion of the bouncy castle java cryptography apis (February 2011), http://www.bouncycastle.org/java.html
Hotz, G.: Console Hacking 2010 - PS3 Epic Fail. In: 27th Chaos Communications Congress (2010), http://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_console_hacking_2010.pdf
Iwata, T.: New Blockcipher Modes of Operation with Beyond the Birthday Bound Security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006)
Iwata, T., Yasuda, K.: BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 313–330. Springer, Heidelberg (2009)
Kent, S.: IP Encapsulating Security Payload (ESP). RFC 4303 (Proposed Standard) (December 2005)
Kohno, T.: Attacking and Repairing the WinZip Encryption Scheme. In: ACM Conference on Computer and Communications Security, pp. 72–81 (2004)
Lloyd, J.: Welcome — Botan (July 2011), http://botan.randombit.net/
McGrew, D.A., Viega, J.: The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)
N.N.I. of Standards and Technology. FIPS 180-2: Secure Hash Standard (April 1995), http://csrc.nist.gov
Rogaway, P.: Authenticated-Encryption with Associated-Data. In: ACM Conference on Computer and Communications Security, pp. 98–107 (2002)
Rogaway, P.: Nonce-Based Symmetric Encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, pp. 196–205 (2001)
Rogaway, P., Shrimpton, T.: A Provable-Security Treatment of the Key-Wrap Problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)
Sabin, T.: Vulnerability in Windows NT’s SYSKEY encryption. BindView Security Advisory (1999), http://marc.info/?l=ntbugtraq&m=94537191024690&w=4
Senier, A.: Libsparkcrypto - A cryptographic library implemented in SPARK (September 2010), http://senier.net/libsparkcrypto/
Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: Proceedings of the 2nd UNIX Workshop on Electronic Commerce, pp. 29–40 (1996)
Wu, H.: The Misuse of RC4 in Microsoft Word and Excel. Cryptology ePrint Archive, Report 2005/007 (2005), http://eprint.iacr.org/
Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Transport Layer Protocol. RFC 4253 (Proposed Standard) (January 2006)
Young, E.A., Hudson, T.J.: OpenSSL: The Open Source toolkit for SSL/TLS (September 2011), http://www.openssl.org/
Zenner, E.: Nonce Generators and the Nonce Reset Problem. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 411–426. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Forler, C., Lucks, S., Wenzel, J. (2012). Designing the API for a Cryptographic Library. In: Brorsson, M., Pinho, L.M. (eds) Reliable Software Technologies – Ada-Europe 2012. Ada-Europe 2012. Lecture Notes in Computer Science, vol 7308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30598-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-30598-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30597-9
Online ISBN: 978-3-642-30598-6
eBook Packages: Computer ScienceComputer Science (R0)