How Usable are Rust Cryptography APIs? Kai Mindermann Philipp Keck Stefan Wagner University of Stuttgart University of Stuttgart University of Stuttgart Institute of Software Technology Institute of Software Technology Institute of Software Technology [email protected] [email protected] Abstract—Context: Poor usability of cryptographic APIs is a The established crypto libraries such as OpenSSL cannot severe source of vulnerabilities. Aim: We wanted to find out make significant changes to their APIs for compatibility what kind of cryptographic libraries are present in Rust and reasons. Consequently, new libraries with a strong focus on how usable they are. Method: We explored Rust’s cryptographic libraries through a systematic search, conducted an exploratory API usability have been developed. Notable examples include study on the major libraries and a controlled experiment on NaCl, its offspring libsodium, Keyczar and the Python library two of these libraries with 28 student participants. Results: cryptography.io. Only half of the major libraries explicitly focus on usability Several major crypto libraries already exist in Rust including and misuse resistance, which is reflected in their current APIs. wrappers for OpenSSL (e.g. rust-openssl) and libsodium, some We found that participants were more successful using rust- crypto which we considered less usable than ring before the plain-Rust implementations like rust-crypto and a BoringSSL- experiment. Conclusion: We discuss API design insights and based library called ring. make recommendations for the design of crypto libraries in We see that cryptographic libraries often have usability Rust regarding the detail and structure of the documentation, problems. This work aims for analyzing how usable and higher-level APIs as wrappers for the existing low-level libraries, misuse-resistant Rusts major crypto libraries are and how they and selected, good-quality example code to improve the emerging cryptographic libraries of Rust. have to be improved. We ask the following research questions: RQ 1: Which are the major cryptographic libraries in Rust? I. INTRODUCTION RQ 2: How usable are the current Rust cryptographic li- braries? Rust is a systems programming language sponsored by Mozilla and was voted the most loved programming language To answer these research questions, we first conducted a in the 2016 StackOverflow developer survey [1]. It rivals other systematic search for Rust crypto libraries. Next we per- systems programming languages like C or C++ and despite formed an exploratory study on the major crypto libraries being only seven years old with its first stable release in May and their usability. Following that, we conducted a controlled 2015, Rust has already been used by Mozilla to build parts of experiment with two of the major libraries. From these we the Firefox browser [2]. Apart from speed and concurrency, gathered insights and derived recommendations for improving one of its main goals is safety, mostly achieved through an the usability which we present at the end. innovative memory management concept that makes it suit- We contribute the following: able for developing security-critical applications. In particular Empirical insights into beginner usage and usability prob- • cryptographic libraries and services are thus likely to become lems of Rust’s cryptographic libraries. widely used in Rust. Recommendations for the design of cryptographic li- • Many applications that use encryption or other crypto- braries in Rust to help improve their usability and misuse graphic services end up being vulnerable because their de- resistance. arXiv:1806.04929v4 [cs.CR] 18 Jul 2018 velopers knowingly or unknowingly misuse cryptographic libraries [3, 4, 5, 6]. While the cryptographic algorithms II. BACKGROUND AND RELATED WORK themselves may not contain severe bugs, their application programming interfaces (APIs) are not resistant to misuse and To the best of our knowledge, the Research question RQ 1 in some cases they are very difficult to use at all without (Which are the major cryptographic libraries in Rust?) has detailed cryptographic knowledge. Such detailed knowledge not been answered scientifically. In comparison, usability is a cannot be expected from application programmers, as it is an common research area. Therefore, we describe related work integral part of software engineering to break down complex for the usability of cryptography APIs. problems into smaller problems such that the person solving There are large bodies of literature regarding API design, one of them does not need detailed knowledge of the other API usability and crypto usability (e.g. the usability of en- solutions. Therefore, many researchers have called for more cryption facilities by end-users). The usability of crypto APIs usable and misuse-resistant crypto APIs [6, 7, 8, 9] and many lies at their intersection, as it is fundamentally about making make concrete recommendations for usable API designs [10, APIs easy to use and misuse-resistant but it also involves 11, 12]. the same difficulty that cryptography is especially hard to c 2018 IEEE. This is the author’s version of the work. It is posted at https://arxiv.org/pdf/1806.04929 by permission of IEEE for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 18th International Conference on Software Quality, Reliability and Security (QRS). IEEE, 2018, pp. 143–154, 2018, doi: 10.1109/QRS.2018.00028. understand and API users should not be faced with security- To answer RQ 1 (Which are the major cryptographic critical decisions unless it is unavoidable and they have been libraries in Rust?), we used a systematic search approach made aware of the consequences. to explore the population of Rust libraries, starting from the Georgiev et al. [3] analyzed SSL certificate validation following places: code in a range of applications and found that the libraries Reddit thread “What crypto library do y’all use?”1, • themselves are correct “for the most part” but developers the crypto and cryptography keywords on crates.io, • often misunderstand the APIs which is the “primary cause” for the “Cryptography” collection on libs.rs2, • vulnerabilities. Egele et al. [5] automatically checked Android the crypto and cryptography topics on GitHub, • apps and found widespread security flaws such as ECB mode, an overview on arewewebyet.org3, • constant keys, constant salts and constant pseudorandom num- asking on the #rust-crypto IRC channel on the Mozilla • ber generator (PRNG) seeds, all of which can be traced IRC network. back to a misuse of the cryptographic APIs in Android. Like Retracted libraries (with “yanked” crates4) were excluded. For many others, they proposed to get rid of insecure defaults every identified library, we also looked at other GitHub repos- (the ECB mode in Java’s Cipher.getInstance(), for itories of the main developers and found a few more libraries. example) to increase misuse resistance, they recommended As we intended to investigate and compare their usability, improving the API documentation and they proposed to build we grouped libraries that offer similar functionality. We first APIs which enforce their semantic contracts by means of the grouped them by the level of the provided algorithms and then API itself. Lazar et al. [6] investigated 269 vulnerabilities subdivided the primitive level to split off smaller libraries with from the CVE database and found that the majority is caused specific purposes from the larger, general-purpose libraries by application code which misuses the properly implemented which we analyze in the remainder of this paper. Through cryptographic libraries. Das and King [7] defined seven prop- our search, we found the following 81 libraries: erties to determine how safe a cryptographic library is and 10 crypto-specific utility libraries for constant-time oper- • applied them to six libraries for the most popular programming ations, secret memory and similar. languages. Nadi et al. [8] empirically investigated the Java 13 larger libraries which offer multiple primitives and • Cryptography Architecture (JCA) by analyzing StackOverflow usually multiple algorithms per primitive. The implemen- posts, GitHub repositories and surveying developers. They tations are either written in Rust or attached through found that the APIs are perceived as being too low-level and wrappers to code in another language. The major libraries recommended task-based API (similar to the cryptography.io in this category are introduced in section III-A. library) and improved documentation as solutions. Acar et al. 35 libraries which implement a single primitive, algo- • [13] compared the usability of cryptographic Python libraries rithm or a small family of them in Rust. in a controlled experiment with several tasks in an online 5 libraries which offer a simpler interface to other imple- • environment. They found that simplicity is not enough, the mentations for specific application scenarios. documentation must be adequate as well. [10] developed 10 18 libraries that implement cryptosystems or protocols • “principles for creating usable and secure crypto APIs” which (mostly Transport Layer Security (TLS)) and usually are more or less directly applicable to Rust crypto libraries. depend on lower-level libraries. On a more technical level, Forler, Lucks, and Wenzel [12] We determined major libraries semi-manually: Any library demonstrated how the Ada language
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages12 Page
-
File Size-