More Web Proxy on the site http://driver.im/

research-article

cryptolib: Comparing and selecting cryptography libraries

Authors:

Jan Wohlwender,

Andreas Heinemann,

Alexander WiesmaierAuthors Info & Claims

EICC '22: Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference

Pages 6 - 11

https://doi.org/10.1145/3528580.3528582

Published: 21 July 2022 Publication History

Abstract

Selecting a library out of numerous candidates can be a laborious and resource-intensive task. We present the cryptolib index, a tool for decision-makers to choose the best fitting cryptography library for a given context. To define our index, 15 library attributes were synthesized from findings based on a literature review and interviews with decision-makers. These attributes were afterwards validated and weighted via an online survey. In order to create the index value for a given library, the individual attributes are assessed using given evaluation criteria associated with the respective attribute. As a proof of concept and to give a practical usage example, the derivation of the cryptolib values for the libraries Bouncy Castle and Tink are shown in detail. Overall, by tailoring the weighting of the cryptolib attributes to their current use case, decision-makers are enabled to systematically select a cryptography library fitting best to their software project at hand in a guided, repeatable and reliable way.

References

[1]

Y. Acar, M. Backes, S. Fahl, S. Garfinkel, D. Kim, M. Mazurek, and C. Stransky. 2017. Comparing the Usability of Cryptographic APIs. In 2017 IEEE Sym. on Security and Privacy (SP). IEEE, NY, 154–171.

[2]

Joshua Bloch. 2006. How to design a good API and why it matters. In Proc. 21st ACM SIGPLAN Conference (OOPSLA). ACM, Portland, Oregon, 506–507.

Digital Library

[3]

BSI. 2021. Kryptographische Verfahren: Empfehlungen und Schlüssellängen. Technical Report BSI TR-02102-1. BSI, Bonn, Germany. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf

[4]

Steven Clarke. 2004. Measuring API Usability. http://www.drdobbs.com/windows/measuring-api-usability/184405654

[5]

Wei Gao, Liang Chen, Jian Wu, and Honghao Gao. 2015. Manifold-Learning Based API Recommendation for Mashup Creation. In 2015 IEEE International Conference on Web Services. IEEE, New York, USA, 432–439.

[6]

Thomas Grill, Ondrej Polacek, and Manfred Tscheligi. 2012. Methods towards API usability: a structural analysis of usability problem categories. In International conference on human-centred software engineering. Springer, Berlin, 164–180.

Digital Library

[7]

Jürgen Hedderich and Lothar Sachs. 2016. Angewandte Statistik. Springer, Berlin.

[8]

Rohde & Schwarz GmbH & Co. KG. 2015. Sichere Implementierung einer allgemeinen Kryptobibliothek: Arbeitspaket 1: Sichtung und Analyse bestehender Kryptobibliotheken. https://media.frag-den-staat.de/files/foi/89304/Analyse_geschNANAMEErzt_Vorblatt.pdf

[9]

Andrew J Ko, Brad A Myers, and Htet Htet Aung. 2004. Six learning barriers in end-user programming systems. In 2004 IEEE Symposium on Visual Languages-Human Centric Computing. IEEE, New York, USA, 199–206.

Digital Library

[10]

Udo Kuckartz. 2018. Qualitative Inhaltsanalyse: Methoden, Praxis, Computerunterstützung (4. auflage ed.). Beltz Juventa, Weinheim Basel.

[11]

Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research Methods in Human-Computer Interaction. Morgan Kaufmann, Burlington, Massachusetts.

[12]

Philipp Mayring. 2000. Qualitative Inhaltsanalyse. In Forum: Qualitative Social Research, Vol. 1. Institut für Qualitative Forschung, Berlin.

[13]

Brad A Myers and Jeffrey Stylos. 2016. Improving API usability. Commun. ACM 59, 6 (2016), 62–69.

Digital Library

[14]

B. Rohrmann. 1978. Empirische Studien zur Entwicklung von Antwortskalen für die sozialwissenschaftliche Forschung. Zs. für Sozialpsychologie 9 (1978).

[15]

Thomas Scheller and Eva Kuehn. 2015. Automated measurement of API usability: The API Concepts Framework. Information and Software Technology 61 (02 2015).

[16]

Erik Wilde and Mike Amundsen. 2019. The Challenge of API Management: API Strategies for Decentralized API Landscapes. In Companion Proceedings of The 2019 World Wide Web Conference. ACM, San Francisco, USA, 1327–1328.

[17]

Fenfang Xie, Jianxun Liu, Mingdong Tang, Dong Zhou, Buqing Cao, and Min Shi. 2016. Multi-relation Based Manifold Ranking Algorithm for API Recommendation. In Advances in Services Computing. Springer, Cham, 15–32.

[18]

A. Zghidi, I. Hammouda, B. Hnich, and E. Knauss. 2017. On the Role of Fitness Dimensions in API Design Assessment - An Empirical Investigation. In 2017 IEEE/ACM 1st International Workshop on API Usage and Evolution (WAPI). IEEE, New York, USA, 19–22.

Cited By

Firouzi EMansuri AGhafari MKaveh M(2024)From Struggle to Simplicity with a Usable and Secure API for Encryption in JavaProceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3695405(556-565)Online publication date: 24-Oct-2024
https://dl.acm.org/doi/10.1145/3674805.3695405
Rasslan MNasreldin MAbdelrahman DElshobaky AAslan H(2023)Networking and cryptography library with a non-repudiation flavor for blockchainJournal of Computer Virology and Hacking Techniques10.1007/s11416-023-00482-120:1(1-14)Online publication date: 5-Aug-2023
https://doi.org/10.1007/s11416-023-00482-1

Recommendations

Discover Digital Libraries: Theory and Practice
Users' evaluation of digital libraries (DLs): Their uses, their criteria, and their assessment

Millions of dollars have been invested into the development of digital libraries. There are many unanswered questions regarding their evaluation, in particular, from users' perspectives. This study intends to investigate users' use, their criteria and ...
Digital Libraries

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

EICC '22: Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference

June 2022

114 pages

ISBN:9781450396035

DOI:10.1145/3528580

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

EICC 2022

EICC 2022: European Interdisciplinary Cybersecurity Conference

June 15 - 16, 2022

Barcelona, Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
96
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Firouzi EMansuri AGhafari MKaveh M(2024)From Struggle to Simplicity with a Usable and Secure API for Encryption in JavaProceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3695405(556-565)Online publication date: 24-Oct-2024
https://dl.acm.org/doi/10.1145/3674805.3695405
Rasslan MNasreldin MAbdelrahman DElshobaky AAslan H(2023)Networking and cryptography library with a non-repudiation flavor for blockchainJournal of Computer Virology and Hacking Techniques10.1007/s11416-023-00482-120:1(1-14)Online publication date: 5-Aug-2023
https://doi.org/10.1007/s11416-023-00482-1

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents