Here's a fab idea: Get crypto libs to warn devs when they screw up

Security is a process that requires hitting people over the head with their errors

Crypto algorithm selection dial

Building warnings into crypto libraries that alert developers to unsafe coding practices turns out to be an effective way to improve the security of applications.

At the USENIX Symposium on Usable Privacy and Security (SOUPS) 2018 this week, a group of researchers from several universities in Germany reported findings to this effect.

In a paper presented at the conference, "Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse," Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke , Christian Stransky, Sebastian Moeller, Yasemin Acar, and Sascha Fahl describe how they modified a Python crypto library to provide implementation advice, which led to more secure code.

Interventionist systems often annoy people - witness the resentment of Microsoft Office Assistant, also known as Clippy. But at least in this context, unsolicited advice can save developers from themselves.

The boffins attribute a large number of software vulnerabilities to developers who misuse security APIs related to secure network connections, mobile app permissions, and cryptographic APIs.

Instead of alternative approaches like simplifying security libraries or adding assistance via IDE (Integrated Development Environment) plugins – which require changes to programming interfaces and sustained development of plugins for multiple IDEs – the researchers modified the PyCrypto library to catch problems and present remediation advice in the terminal.

The way this looked to study participants would be something like:

/!\ Warning
You are using the weak encryption algorithm RC4 (aka ARC4 or ARCFOUR):

        Line: 14
        Path: /filepath
        Function: arc4_example
        Code: cipher =

The use of ARC4 puts the processed data’s confidentiality at risk and may lead to data disclosure.

(Followed by sample code showing how to implement AES properly.)

The modified version of PyCrypto hooks onto API calls that instantiate weak crypto objects, such as, which relies on the insecure ARC2 algorithm. When such objects get created, the altered library calls an advice method to display the appropriate warning.

"Whenever possible, the security advice proposes code changes to fix the responsible security issues," the researchers explain in their paper. "We find that our approach significantly improves code security. Seventy-three per cent of the participants who received the security advice fixed their insecure code."


Java security plagued by crappy docs, complex APIs, bad advice


The boffins judged security by checking key generation (size and randomness), key storage (whether the key was actually encrypted and if it was derived from the provided password), and related metrics like the choice of crypto algorithm.

The survey size was not large – only 53 valid participants were involved – but that's out of almost 39,000 email invitations to participate in the study and 177 people who started working on assigned coding tasks.

The challenge the researchers faced involved not only the presenting the information effectively within the constraints of the text-only terminal, but also describing the risk in sufficient detail, offering a contextually relevant explanation in the source code that triggered the warning, and presenting meaningful options to fix the issue.

API-integrated security advice, the researchers conclude, has a significant effect on code security, though they acknowledge that providing context-sensitive advice is rather complicated and merits future investigation. ®

Biting the hand that feeds IT © 1998–2018