Hydamc: A Hybrid Detection Approach for Misuse of Cryptographic Algorithms in Closed-Source Software

Hydamc: A Hybrid Detection Approach for Misuse of Cryptographic Algorithms in Closed-Source Software

연구 분야: Verification

학회: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Cryptographic algorithms are fundamental to secure software development, but security vulnerabilities can arise during implementation, usage, and when calling third-party libraries. As security standards continue to evolve, software updates have become an inevitable trend, and detecting cryptographic algorithm misuse is crucial to ensure compliance with these standards during the update process. However, closed-source software presents challenges in detecting cryptographic algorithm misuse. To enhance the security ecosystem of software, we designed a hybrid detection approach for detecting misuses in closed-source software related to weak cryptographic algorithms, short keys, insecure working modes, and insecure padding modes. Our hybrid detection tool uses both static and dynamic detection methods to collect log information through a logging mechanism in binary executable files. The collected data is cleaned using a data cleaning strategy and analyzed to extract key features, generating test reports to help developers and experts identify cryptographic algorithm security issues. We tested 24 software applications from app stores and found that 62.5% had weak algorithm implementations or usage, 83.3% supported short keys, and 50% supported insecure padding modes. Finally, we provided actionable recommendations to mitigate identified issues.