Background: Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security...
详细信息
ISBN:
(纸本)9781728129686
Background: Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common. Aims and method: We analyzed 2,324 open-source java projects that rely on java cryptography Architecture (JCA) to understand how crypto APIs are used in practice, and what factors account for the performance of developers in using these APIs. Results: We found that, in general, the experience of developers in using JCA does not correlate with their performance. In particular, none of the factors such as the number or frequency of committed lines of code, the number of JCA APIs developers use, or the number of projects they are involved in correlate with developer performance in this domain. Conclusions: We call for qualitative studies to shed light on the reasons underlying the success of developers who are expert in using cryptography. Also, detailed investigation at API level is necessary to further clarify a developer obstacles in this domain.
cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using java cryptography Architecture (JCA) for symmetric encryption. ...
详细信息
cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using java cryptography Architecture (JCA) for symmetric encryption. We investigated security risks that are disseminated in these posts, and we examined whether ChatGPT helps avoid cryptography issues. We found that developers frequently struggle with key and IV generations, as well as padding. Security is a top concern among developers, but security issues are pervasive in code snippets. ChatGPT can effectively aid developers when they engage with it properly. Nevertheless, it does not substitute human expertise, and developers should remain alert.
A number of security protocols have been designed for mobile transactions using Near Field Communication technology in the last few years. However, the component architectures of these protocols are rarely implemented...
详细信息
A number of security protocols have been designed for mobile transactions using Near Field Communication technology in the last few years. However, the component architectures of these protocols are rarely implemented in java for further evaluation. In this paper, we briefly discuss our previously proposed mobile transaction authentication protocol and extend our work by presenting its java implementation. This implementation provides a detailed analysis based on a number of factors with respect to the security considerations of the protocol, particularly in its design stage. Thus, it provides a broad verification as well as step-by-step evaluation of the protocol specifications from its implementation point of view.
暂无评论