English
Related papers

Related papers: A "Final" Security Bug

200 papers

This paper reports security problems with improper implementations of an improved version of FEA-M (fast encryption algorithm for multimedia). It is found that an implementation-dependent differential chosen-plaintext attack or its…

Cryptography and Security · Computer Science 2007-05-23 Shujun Li , Kwok-Tung Lo

The security of the Elliptic Curve Digital Signature Algorithm (ECDSA) depends on the uniqueness and secrecy of the nonce, which is used in each signature. While it is well understood that nonce $k$ reuse across two distinct messages can…

Cryptography and Security · Computer Science 2025-04-21 Jamie Gilchrist , William J. Buchanan , Keir Finlow-Bates

Android is nowadays the most popular operating system in the world, not only in the realm of mobile devices, but also when considering desktop and laptop computers. Such a popularity makes it an attractive target for security attacks, also…

Designing a quantum key agreement (QKA) protocol is always a challenging task, because both the security and the fairness properties have to be considered simultaneously. Recently, Zhu et al. (Quantum Inf Process 14(11): 4245-4254) pointed…

Quantum Physics · Physics 2015-10-29 Jun Gu , Tzonelih Hwang

Numeric truncation is a widely spread error in software written in languages with static data typing, such as C/C++ or Java. It occurs when the significant bits of the value with a bigger type size are truncated during value conversion to…

Cryptography and Security · Computer Science 2024-05-06 Timofey Mezhuev , Ilay Kobrin , Alexey Vishnyakov , Daniil Kuts

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

Token-inconsistency bugs (TIBs) involve the misuse of syntactically valid yet incorrect code tokens, such as misused variables and erroneous function invocations, which can often lead to software bugs. Unlike simple syntactic bugs, TIBs…

Cryptography and Security · Computer Science 2025-10-14 Hongbo Chen , Yifan Zhang , Xing Han , Tianhao Mao , Huanyao Rong , Yuheng Zhang , XiaoFeng Wang , Luyi Xing , Xun Chen , Hang Zhang

This paper presents a technique for deadlock detection of Java programs. The technique uses typing rules for extracting infinite-state abstract models of the dependencies among the components of the Java intermediate language -- the Java…

Programming Languages · Computer Science 2017-09-14 Abel Garcia , Cosimo Laneve

Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as…

Cryptography and Security · Computer Science 2021-05-21 Fadi Mohsen , Loran Oosterhaven , Fatih Turkmen

To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its…

Cryptography and Security · Computer Science 2019-10-09 Klaus v. Gleissenthall , Rami Gökhan Kıcı , Deian Stefan , Ranjit Jhala

Security bugs in the Linux kernel emerge endlessly and have attracted much attention. However, fixing security bugs in the Linux kernel could be incomplete due to human mistakes. Specifically, an incomplete fix fails to repair all the…

Cryptography and Security · Computer Science 2025-11-25 Qiang Liu , Wenlong Zhang , Muhui Jiang , Lei Wu , Yajin Zhou

ECDSA has become a popular choice as lightweight alternative to RSA and classic DL based signature algorithms in recent years. As standardized, the signature produced by ECDSA for a pair of a message and a key is not deterministic. This…

Cryptography and Security · Computer Science 2015-01-05 Stephan Verbücheln

Hardware security is an important concern of system security as vulnerabilities can arise from design errors introduced throughout the development lifecycle. Recent works have proposed techniques to detect hardware security bugs, such as…

Cryptography and Security · Computer Science 2024-02-02 Joey Ah-kiow , Benjamin Tan

Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized…

Cryptography and Security · Computer Science 2019-03-28 Sazzadur Rahaman , Ya Xiao , Sharmin Afrose , Fahad Shaon , Ke Tian , Miles Frantz , Danfeng , Yao , Murat Kantarcioglu

Temporal Key Integrity Protocol (TKIP) is the IEEE TaskGroupi solution for the security loop holes present in the already widely deployed 802.11 hardware. It is a set of algorithms that wrap WEP to give the best possible solution given…

Cryptography and Security · Computer Science 2012-08-29 M. Razvi Doomun , KM Sunjiv Soyjaudah

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

This paper reports a deliberately small executable proof for a DAG-TOML contract: six "Hello, world!" implementations in Rust, Go, C, Java, TypeScript, and AWK are linked to one observable-output contract, one implementation DAG, one…

Software Engineering · Computer Science 2026-05-28 Werner Kasselman

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers…

Cryptography and Security · Computer Science 2022-01-20 Miles Frantz

Data security and privacy is an important but challenging problem in cloud computing. One of the security concerns from cloud users is how to efficiently verify the integrity of their data stored on the cloud server. Third Party Auditing…

Cryptography and Security · Computer Science 2019-12-05 Faen Zhang , Xinyu Fan , Pengcheng Zhou , Wenfeng Zhou

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon