| Title: |
'These results must be false': A usability evaluation of constant-time analysis tools |
| Authors: |
Fourné, Marcel; de Almeida Braga, Daniel; Jancar, Jan; Sabt, Mohamed; Schwabe, Peter; Barthe, Gilles; Fouque, Pierre-Alain; Acar, Yasemin |
| Contributors: |
University of Paderborn; Applied Cryptography and Implementation Security (CAPSULE); Inria Rennes – Bretagne Atlantique; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-SYSTÈMES LARGE ÉCHELLE (IRISA-D1); Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA); Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes); Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique); Institut Mines-Télécom Paris (IMT)-Institut Mines-Télécom Paris (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes); Institut Mines-Télécom Paris (IMT)-Institut Mines-Télécom Paris (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA); Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique); Institut Mines-Télécom Paris (IMT)-Institut Mines-Télécom Paris (IMT); Masaryk University Brno (MUNI); Université de Rennes (UR); Security & PrIvaCY (SPICY); SYSTÈMES LARGE ÉCHELLE (IRISA-D1); Radboud University Nijmegen; Max Planck Institute for Security and Privacy Bochum (MPI SP); Institute IMDEA Software Madrid; Universität Paderborn (UPB); The George Washington University (GW); MV AI-SecTools (VJ02010010); Red Hat Czech; Pôle de Recherche CYBER; European Project: 805031,EPOQUE |
| Source: |
2024 - 33rd USENIX Security Symposium; https://inria.hal.science/hal-04712302; 2024 - 33rd USENIX Security Symposium, Aug 2024, Philadelphia, Pennsylvania, USA, United States. pp.1-18 |
| Publisher Information: |
HAL CCSD |
| Publication Year: |
2024 |
| Collection: |
Université de Rennes 1: Publications scientifiques (HAL) |
| Subject Terms: |
usablity; constant time; cryptography; analysis tools; [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
| Subject Geographic: |
Pennsylvania; USA; United States |
| Description: |
International audience ; Cryptography secures our online interactions, transactions, and trust. To achieve this goal, not only do the cryptographic primitives and protocols need to be secure in theory, they also need to be securely implemented by cryptographic library developers in practice. However, implementing cryptographic algorithms securely is challenging, even for skilled professionals, which can lead to vulnerable implementations, especially to side-channel attacks. For timing attacks, a severe class of side-channel attacks, there exist a multitude of tools that are supposed to help cryptographic library developers assess whether their code is vulnerable to timing attacks. Previous work has established that despite an interest in writing constant-time code, cryptographic library developers do not routinely use these tools due to their general lack of usability. However, the precise factors affecting the usability of these tools remain unexplored. While many of the tools are developed in an academic context, we believe that it is worth exploring the factors that contribute to or hinder their effective use by cryptographic library developers [61]. To assess what contributes to and detracts from usability of tools that verify constant-timeness (CT), we conducted a two-part usability study with 24 (post) graduate student participants on 6 tools across diverse tasks that approximate real-world use cases for cryptographic library developers. We find that all studied tools are affected by similar usability issues to varying degrees, with no tool excelling in usability, and usability issues preventing their effective use. Based on our results, we recommend that effective tools for verifying CT need usable documentation, simple installation, easy to adapt examples, clear output corresponding to CT violations, and minimal noninvasive code markup. We contribute first steps to achieving these with limited academic resources, with our documentation, examples, and installation scripts 1 . 1. Timing attacks. Since ... |
| Document Type: |
conference object |
| Language: |
English |
| Relation: |
info:eu-repo/grantAgreement//805031/EU/ERC Starting Grant 805031 (EPOQUE)/EPOQUE |
| Availability: |
https://inria.hal.science/hal-04712302; https://inria.hal.science/hal-04712302v1/document; https://inria.hal.science/hal-04712302v1/file/usenix24.pdf |
| Rights: |
http://creativecommons.org/licenses/by/ ; info:eu-repo/semantics/OpenAccess |
| Accession Number: |
edsbas.BF1AEB07 |
| Database: |
BASE |