From Struggle to Simplicity with a Usable and Secure API for Encryption   in Java

Ehsan Firouzi; Ammar Mansuri; Mohammad Ghafari; Maziar Kaveh

arXiv:2409.05128·cs.CR·September 10, 2024

From Struggle to Simplicity with a Usable and Secure API for Encryption in Java

Ehsan Firouzi, Ammar Mansuri, Mohammad Ghafari, Maziar Kaveh

PDF

TL;DR

This paper introduces SafEncrypt, a user-friendly and secure Java API that simplifies encryption tasks, reduces cryptography misuse, and is effective across different developer experience levels.

Contribution

The paper presents SafEncrypt, a novel Java API that enhances usability and security in cryptography by abstracting complexities and preventing common misuses.

Findings

01

SafEncrypt reduces cryptography misuse among developers.

02

It is effective for users with varying experience levels.

03

Experiments confirm its suitability and ease of use.

Abstract

Cryptography misuses are prevalent in the wild. Crypto APIs are hard to use for developers, and static analysis tools do not detect every misuse. We developed SafEncrypt, an API that streamlines encryption tasks for Java developers. It is built on top of the native Java Cryptography Architecture, and it shields developers from crypto complexities and erroneous low-level details. Experiments showed that SafEncrypt is suitable for developers with varying levels of experience.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.