FirmCCF: Detecting Custom Cryptographic Function Vulnerabilities Through Query-driven Approaches

Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high f...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE internet of things journal s. 1
Hlavní autoři: Huang, Jing, Chen, Jiongyi, Wang, Min, Hu, Yupeng
Médium: Journal Article
Jazyk:angličtina
Vydáno: IEEE 2025
Témata:
CodeT5-cate
Custom cryptographic function
query-driven
ISSN:2327-4662, 2327-4662
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high false alarm rates or low efficiency, as they cannot fully capture the structural and semantic features of cryptographic algorithms. In this paper, we proposed FirmCCF, a vulnerability detection tool for custom cryptographic functions in Internet of Things (IoT) devices. FirmCCF leverages an improved deep learning encoder-decoder classification model, CodeT5-cate, to identify and classify cryptographic functions in source code and decompiled firmware. It then outputs highly structured metalevel attributes of cryptographic functions via a large language model (LLM) and detects vulnerabilities through a query-driven approach. FirmCCF achieves 99.97% accuracy, 99.72% recall, and 99.86% F1-score in detecting cryptographic functions from binary files. We further define 7 security rules, encode them as queries, and use them to uncover seven categories of vulnerabilities. An evaluation on 40,902 function codes revealed 46 vulnerabilities, including 8 previously unknown issues. Our work highlights the urgent need for systematic assessment solutions to detect and mitigate vulnerabilities in custom cryptographic functions.
AbstractList Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high false alarm rates or low efficiency, as they cannot fully capture the structural and semantic features of cryptographic algorithms. In this paper, we proposed FirmCCF, a vulnerability detection tool for custom cryptographic functions in Internet of Things (IoT) devices. FirmCCF leverages an improved deep learning encoder-decoder classification model, CodeT5-cate, to identify and classify cryptographic functions in source code and decompiled firmware. It then outputs highly structured metalevel attributes of cryptographic functions via a large language model (LLM) and detects vulnerabilities through a query-driven approach. FirmCCF achieves 99.97% accuracy, 99.72% recall, and 99.86% F1-score in detecting cryptographic functions from binary files. We further define 7 security rules, encode them as queries, and use them to uncover seven categories of vulnerabilities. An evaluation on 40,902 function codes revealed 46 vulnerabilities, including 8 previously unknown issues. Our work highlights the urgent need for systematic assessment solutions to detect and mitigate vulnerabilities in custom cryptographic functions.
Author Wang, Min
Hu, Yupeng
Huang, Jing
Chen, Jiongyi
Author_xml – sequence: 1
  givenname: Jing
  orcidid: 0009-0006-1062-7482
  surname: Huang
  fullname: Huang, Jing
  email: huangjjing@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering, Hunan University, China
– sequence: 2
  givenname: Jiongyi
  surname: Chen
  fullname: Chen, Jiongyi
  email: chenjiongyi@nudt.edu.cn
  organization: National University of Defense Technology, Changsha, China
– sequence: 3
  givenname: Min
  surname: Wang
  fullname: Wang, Min
  email: s231000691@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering, Hunan University, China
– sequence: 4
  givenname: Yupeng
  orcidid: 0000-0002-7358-7426
  surname: Hu
  fullname: Hu, Yupeng
  email: yphu@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering, the College of Cyberspace Security, Xiangjiang Laboratory, Hunan University, China
BookMark eNpNkM1KAzEUhYNUsNY-gOAiLzD1JpnMj7syOlopFKG6HfPXTqRNhmRG6NvbUkFX98A931l812jkvDMI3RKYEQLl_etitZ5RoHzGMkYKll6gMWU0T9Iso6N_-QpNY_wCgCPGSZmN0Wdtw76q6gf8aHqjeuu2uBpi7_e4Coeu99sgutYqXA_u-PUOfww7Z4KQdmd7ayJet8EP2xa_DSYcEh3st3F43nXBC9WaeIMuN2IXzfT3TtB7_bSuXpLl6nlRzZeJIoz3icyVlgVP9UYroUsqGXAQIMtMs7LMcygKUDpnXFIlaQ4015kgIJVhkjOQbILIeVcFH2Mwm6YLdi_CoSHQnCw1J0vNyVLza-nI3J0Za4z56xOaUkIJ-wFiDGbe
CODEN IITJAU
ContentType Journal Article
DBID 97E
RIA
RIE
AAYXX
CITATION
DOI 10.1109/JIOT.2025.3631834
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 2327-4662
EndPage 1
ExternalDocumentID 10_1109_JIOT_2025_3631834
11242121
Genre orig-research
GroupedDBID 0R~
6IK
97E
AAJGR
AASAJ
AAWTH
ABAZT
ABJNI
ABQJQ
ABVLG
AGQYO
AHBIQ
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
EBS
IFIPE
IPLJI
JAVBF
M43
OCL
PQQKQ
RIA
RIE
4.4
AAYXX
AGSQL
CITATION
EJD
ID FETCH-LOGICAL-c135t-b7cdb854dfdcad92b3050a0b96d399770880cd735b2cb27027d6a10bce3b530b3
IEDL.DBID RIE
ISSN 2327-4662
IngestDate Sat Nov 29 06:53:32 EST 2025
Wed Nov 19 08:27:21 EST 2025
IsPeerReviewed false
IsScholarly true
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c135t-b7cdb854dfdcad92b3050a0b96d399770880cd735b2cb27027d6a10bce3b530b3
ORCID 0009-0006-1062-7482
0000-0002-7358-7426
PageCount 1
ParticipantIDs ieee_primary_11242121
crossref_primary_10_1109_JIOT_2025_3631834
PublicationCentury 2000
PublicationDate 2025-00-00
PublicationDateYYYYMMDD 2025-01-01
PublicationDate_xml – year: 2025
  text: 2025-00-00
PublicationDecade 2020
PublicationTitle IEEE internet of things journal
PublicationTitleAbbrev JIoT
PublicationYear 2025
Publisher IEEE
Publisher_xml – name: IEEE
SSID ssj0001105196
Score 2.327974
Snippet Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine...
SourceID crossref
ieee
SourceType Index Database
Publisher
StartPage 1
SubjectTerms CodeT5-cate
Custom cryptographic function
query-driven
Title FirmCCF: Detecting Custom Cryptographic Function Vulnerabilities Through Query-driven Approaches
URI https://ieeexplore.ieee.org/document/11242121
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVIEE
  databaseName: IEEE Electronic Library (IEL)
  customDbUrl:
  eissn: 2327-4662
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0001105196
  issn: 2327-4662
  databaseCode: RIE
  dateStart: 20140101
  isFulltext: true
  titleUrlDefault: https://ieeexplore.ieee.org/
  providerName: IEEE
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LS8MwGA86PHhxPibOFzl4EjqTNk0Wb6NaVGQqzLFbbR6FgXvQrcL-e5M0Y3rw4C2UBMr35cv3-94AXOVaM80VDqgojIEScxpwEqpAFjE28D7CymVVDp9Zv98djfirL1Z3tTBaa5d8pjt26WL5aiYr6yq7MdjABjCNsbPNGK2LtTYOFWzRCPWRS4z4zdPjy8BYgGHciai9uuSX7vkxTMXpkrT5z7_YB3seNMJezeUDsKWnh6C5HsgAvXwegY90XE6SJL2Fd9oGB4xagkll4N0EJuVqvqzbU48lTI02sxyBw-rTtp12GbLGZoaDemwPfKt0uQpUad9C2PN9x_WiBd7T-0HyEPgRCoHEUbwMBJNKdGOiCiVzxUNhxBvlSHCqDDJhzLwxSCoWxSKUwpamMUVzjITUkYgjJKJj0JjOpvoEQKKxkShRFN1QkxBRLokte2WSE0Zortrgek3cbF53ysichYF4ZjmRWU5knhNt0LKE3Wz0ND394_sZ2LXHa9_HOWgsy0pfgB35tRwvykt3Eb4Bf2ezQA
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LS8MwGA8yBb04HxPnMwdPQrc-0mTxNqpl0zkV6titNo_CwD3oWmH_vUnaMT148BZKCOX78uX7fW8AbhIpiaTCsTBLlYHiU2xR5AqLp76j4L3nCJNVORqQ4bAzHtPXqljd1MJIKU3ymWzppYnlizkvtKusrbCBDmAqY2fbR8i1y3KtjUvF0XgEV7FLx6btx_5LpGxA1295WF9e9Ev7_BinYrRJWP_nfxyA_Qo2wm7J50OwJWdHoL4eyQArCT0GH-EkmwZBeAfvpQ4PKMUEg0IBvCkMstUiLxtUTzgMlT7TPIGj4lM3njY5sspqhlE5uAe-FTJbWSLTryHsVp3H5bIB3sOHKOhZ1RAFizuen1uMcME6PhKp4ImgLlMCbic2o1gobEKIemVsLojnM5czXZxGBE4cm3HpMd-zmXcCarP5TJ4CiKSjZIqlaceVivqYcqQLXwmniCCciCa4XRM3XpS9MmJjY9g01pyINSfiihNN0NCE3WysaHr2x_drsNuLngfxoD98Ogd7-qjSE3IBanlWyEuww7_yyTK7MpfiG_6ltoc
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=FirmCCF%3A+Detecting+Custom+Cryptographic+Function+Vulnerabilities+Through+Query-driven+Approaches&rft.jtitle=IEEE+internet+of+things+journal&rft.au=Huang%2C+Jing&rft.au=Chen%2C+Jiongyi&rft.au=Wang%2C+Min&rft.au=Hu%2C+Yupeng&rft.date=2025&rft.issn=2327-4662&rft.eissn=2327-4662&rft.spage=1&rft.epage=1&rft_id=info:doi/10.1109%2FJIOT.2025.3631834&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_JIOT_2025_3631834
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2327-4662&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2327-4662&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2327-4662&client=summon