Security Analysis of the W3C Web Cryptography API

Cairns, Kelsey; Halpin, Harry; Steel, Graham

doi:10.1007/978-3-319-49100-4_5

Cited by 11 publications

(11 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• JavaScript -the application core was written with the use of several external libraries and built-in tools like WebCrypto [1] (provides cryptographical tools) and TaffyDB (provides database support). Encryption, decryption, the execution of queries, and the preparation of a user interface are done in JavaScript.…”

Section: The Implementationmentioning

confidence: 99%

A client-based encryption model for secure data storing in publicly available storages

Retinger

2019

csci

View full text Add to dashboard Cite

This document presents a conceptual model of a system for protecting the data stored in publicly available data storage systems. The main idea was to apply encryption on both the client and server sides that would consequently have a significant impact on data security. The compatibility with existing systems allows us to deploy the solution fast and at a low cost. The tests conducted on a simplified implementation have confirmed the solution's validity, and they have shown some possible performance issues as compared to the classical system (which can be easily bypassed).

show abstract

Section: The Implementationmentioning

confidence: 99%

A client-based encryption model for secure data storing in publicly available storages

Retinger

2019

csci

View full text Add to dashboard Cite

show abstract

“…In general, the methodology of formal veri cation would be more productively applied during the development of a new protocol itself, so that the standard's speci cation is assured to ful ll its security and privacy requirements. There has been work on API analysis like the W3C Web Cryptography API [10], but this analysis was done after the standard itself was completed, although e orts in TLS 1.3 have incorporated formal veri cation into the standardization process [5].…”

Section: The Science Of Security and Formal Verificationmentioning

confidence: 99%

Formal verification of the W3C web authentication protocol

Guirat

Halpin

2018

Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security

Self Cite

View full text Add to dashboard Cite

The science of security can be set on rm foundations via the formal veri cation of protocols. New protocols can have their design validated in a mechanized manner for security aws, allowing protocol designs to be scienti cally compared in a neutral manner. Given that these techniques have discovered critical aws in protocols such as TLS 1.2 and are now being used to re-design protocols such as TLS 1.3, we demonstrate how formal veri cation can be used to analyze new protocols such as the W3C Web Authentication API. We model W3C Web Authentication with the formal veri cation language ProVerif, showing that the protocol itself is secure. However, we also stretch the boundaries of formal veri cation by trying to verify the privacy properties of W3C Web Authentication given in terms of the same origin policy. We use ProVerif to show that without further mandatory requirements in the specication, the claimed privacy properties do not hold. Next steps on how formal veri cation can be further integrated into standards and the further development of the privacy properties of W3C Web Authentication is outlined.

show abstract

“…For example, one would hope that an API like PKCS#11 that provides access to key material in hardware tokens would prevent any private key material from being tampered with, regardless of the application [10]. These kinds of security properties are particularly critical in many applications, and classically security APIs have been studied in the realm of hardware security modules [5] and increasingly in developer-facing APIs such as the W3C WebCrypto API for Javascript [7]. Most early work did not use generalizable formal techniques, but customized each technique for the API at hand [5], although some work allowed the automatic discovery of common errors in key management [15].…”

Section: A Developer-resistant Apimentioning

confidence: 99%

“…These account for the vast majority of errors in code and the "top errors" in APIs that have recently been collated by Google's Project Wycheproof 6 . Key management is often underspecified in APIs, and is a common source of errors in systems relying for example on PKCS#11 [10] and the WebCrypto API [7], and simply putting the key material in "trusted hardware" such as hardware tokens may end up having little effect, as shown by errors discovered via formal analysis Yubico's YubiHSM. 7 APIs created by standards committees seem to fare no better: implementations of standardized APIs such as PKCS#11 are often susceptible to multiple attacks.…”

Section: A Developer-resistant Apimentioning

confidence: 99%

“…Key management is often underspecified in APIs, and is a common source of errors in systems relying for example on PKCS#11 [10] and the WebCrypto API [7], and simply putting the key material in "trusted hardware" such as hardware tokens may end up having little effect, as shown by errors discovered via formal analysis Yubico's YubiHSM. 7 APIs created by standards committees seem to fare no better: implementations of standardized APIs such as PKCS#11 are often susceptible to multiple attacks. 8 Even worse, when APIs such as PKCS#11 and OpenSSL are used in hardware tokens, errors in the API can cause expensive withdrawal of hardware tokens [14].…”

Section: A Developer-resistant Apimentioning

confidence: 99%

See 1 more Smart Citation

A Roadmap for High Assurance Cryptography

Halpin

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Although an active area of research for years, formal verification has still not yet reached widespread deployment. We outline the steps needed to move from low-assurance cryptography, as given by libraries such as OpenSSL, to high assurance cryptography in deployment. In detail, we outline the need for a suite of high-assurance cryptographic software with per-microarchitecture optimizations that maintain competitive speeds with existing hand-optimized assembly and the bundling of these cryptographic primitives in a new API that prevents common developer mistakes. A new unified API with both formally verified primitives and an easy-to-use interface is needed to replace OpenSSL in future security-critical applications.1. first defining clear security goals; 2. then identifying the so-called trusted code base (TCB) i.e., the part of the software system that is critical to achieving these goals; 3. isolating the TCB from the rest of the code, and implementing well-defined interfaces between the TCB and the rest of the code; and 4. assuring that the code in the TCB (including the interfaces) achieves the security goals.Unfortunately, almost none of the above-listed trusted systems are systematically built according to this recipe; they are historically grown, without a clear separation between TCB and "non-critical" code; often even without a clear definition of security goals, and essentially everywhere without high-assurance software in the TCB. As a consequence, we are realizing that our society has trust in untrustworthy low-assurance software.

show abstract

Security Analysis of the W3C Web Cryptography API

Cited by 11 publications

References 37 publications

A client-based encryption model for secure data storing in publicly available storages

A client-based encryption model for secure data storing in publicly available storages

Formal verification of the W3C web authentication protocol

A Roadmap for High Assurance Cryptography

Contact Info

Product

Resources

About