Brussels / 2 & 3 February 2019


How to prevent cryptographic pitfalls by design

Many security vulnerabilities are based on mistakes in integrating cryptographic mechanisms into the application. We argue that this is due to the design of the API of cryptographic libraries, which requires knowledge about cryptographic mechanisms and how to correctly embed them into specific use cases. However, most developers do not possess the required expert knowledge in this area. The lack of expertise in one specialist area is not a bad thing in itself, as developers excel in other areas. Therefore, we argue that the design of APIs of cryptographic libraries have to be substantially improved. We show you how easy it is to make mistakes during the integration of cryptographic mechanisms. We discuss how a few simple and well-known programming techniques can be utilized to make cryptographic APIs more usable for application developers and introduce a free software library which integrates cryptographic functions using an easier API in order to avoid common pitfalls.

The improvement of the correct integration of established cryptographic tools is a quite simple but essential step to achieve a higher level of security in general.


Maximilian Blochberger