Encryption/Decryption Bugs (ENC) Class

Definition

We define Encryption/Decryption Bugs (ENC) as:

Encryption Bugs: The software does not properly transform sensitive data (plaintext) into unintelligible form (ciphertext) using a cryptographic algorithm and key(s).

Decryption Bugs: The software does not properly transform ciphertext into plaintext using a cryptographic algorithm and key(s).

Note that "transform" is for confidentiality.

See also the Model of Cryptographic Store or Transfer.

Type

High (semantic).

Taxonomy

Fig. 1 depicts ENC causes, attributes and consequences.

Attributes

Sensitive Data – Credentials, System Data, State Data, Cryptographic Data, Digital Documents.

This is secret (confidential) data. Credentials include Password, Token, Smart Card, Digital Certificate, Biometrics (fingerprint, hand configuration, retina, iris, voice.) System Data could be configurations, logs, Web usage. Cryptographic Data is hashes, keys, keying material. Keying material is cryptographic keys, initialization vectors, shared secrets, domain parameters, random bits (seeds, salts, nonces).

Data State – Stored, Transferred.

This reflects if data is in rest or use, or if data is in transit. Secure store is needed for data that is in rest or use from files (e.g. ini, temp, configuration, log server, debug, cleanup, email attachment, login buffer, executable, backup, core dump, access control list, private data index), directories (Web root, FTP root, CVS repository), registry, cookies, source code & comments, GUI, environmental variables. Secure transfer is needed also for data in transit between processes or over a network.

Algorithm – Symmetric, Asymmetric.

This is the key encryption scheme used to securely store/transfer sensitive data. Symmetric (secret) key algorithms (e.g. Serpent, Blowfish) use one shared key. Asymmetric (public) key algorithms (e.g. Diffie-Hellman, RSA) use two keys (public, private).

Security Service(s) – Confidentiality (and in some modes of encryption Integrity and Identity Authentication).

This is the security service that was failed by the encryption process. Confidentiality is the main security service provided by encryption. Those marked with ‘~’ are only for some specific modes of encryption.

Causes

In the graph of causes, modification of algorithm is remove/change or add a cryptographic step. Improper algorithm or step could be missing, inadequate, weak, risky/broken. Insecure mode of operation leads to weak encryption algorithm. Consequences

Sites

ENC is a high level class, so sites do not apply.

Related BF Classes

BF classes related to ENC are: KMN, RND, and IEX.

Related CWEs and SFP

CWEs related to Encryption (although some are not ENC) are: CWE-256, CWE-257, CWE-261, CWE-311, CWE-312, CWE-313, CWE-314, CWE-315, CWE-316, CWE-317, CWE-318, CWE-325, CWE-326, CWE-327, CWE-329, CWE-780.

Related SFP clusters are SFP 17.1 Broken Cryptography and SFP 17.2 Weak Cryptography under Primary Cluster: Cryptography.

BF Descriptions of ENC Related CWEs are provided here.

Application

Application examples are provided here.

References

[1] Bojanova, I., Black, P. E., Yesha, Y., Cryptography Classes in Bugs Framework (BF): Encryption Bugs (ENC), Verification Bugs (VRF), and Key Management Bugs (KMN). IEEE Software Technology Conference (STC 2017), NIST, Gaithersburg, USA. September 25-28, 2017.