CISPA
Browse
- No file added yet -

"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards.

Download (225.59 kB)
conference contribution
posted on 2024-08-26, 10:50 authored by Nicolas Huaman, Jacques Suray, Jan KlemmerJan Klemmer, Marcel Fourné, Sabrina AmftSabrina Amft, Ivana Trummová, Yasemin Acar, Sascha FahlSascha Fahl
Implementing cryptographic standards is a critical process for the cryptographic ecosystem. Cryptographic standards aim to support developers and engineers in implementing cryptographic primitives and protocols. However, past security incidents suggest that implementing cryptographic standards can be challenging and might jeopardize software and hardware security. We need to understand and mitigate the pain points of those implementing cryptographic standards to support them better. To shed light on the challenges and obstacles of implementing cryptographic standards, we conducted 20 semi-structured interviews with experienced cryptographers and cryptographic software engineers. We identify common practices when implementing standards, including the criticality of reference and third-party implementations, test vectors to verify implementations, and the open standard community as central support for questions and reviews of implementations. Based on our findings, we recommend transparent standardization processes, strong (ideally formal) verification, improved support for comparing implementations, and covering updates and error handling in the standardization process.

History

Editor

Balzarotti D ; Xu W

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

Usenix Security Symposium (USENIX-Security)

Journal

USENIX Security Symposium

Publisher

USENIX Association

BibTeX

@conference{Huaman:Suray:Klemmer:Fourné:Amft:Trummová:Acar:Fahl:2024, title = {"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards.}, author = "Huaman, Nicolas" AND "Suray, Jacques" AND "Klemmer, Jan H" AND "Fourné, Marcel" AND "Amft, Sabrina" AND "Trummová, Ivana" AND "Acar, Yasemin" AND "Fahl, Sascha", editor = "Balzarotti, Davide" AND "Xu, Wenyuan", year = 2024, month = 8, journal = "USENIX Security Symposium", publisher = "USENIX Association" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC