FirmCCF: Detecting Custom Cryptographic Function Vulnerabilities Through Query-driven Approaches

Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high f...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE internet of things journal s. 1
Hlavní autoři: Huang, Jing, Chen, Jiongyi, Wang, Min, Hu, Yupeng
Médium: Journal Article
Jazyk:angličtina
Vydáno: IEEE 2025
Témata:
CodeT5-cate
Custom cryptographic function
query-driven
ISSN:2327-4662, 2327-4662
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high false alarm rates or low efficiency, as they cannot fully capture the structural and semantic features of cryptographic algorithms. In this paper, we proposed FirmCCF, a vulnerability detection tool for custom cryptographic functions in Internet of Things (IoT) devices. FirmCCF leverages an improved deep learning encoder-decoder classification model, CodeT5-cate, to identify and classify cryptographic functions in source code and decompiled firmware. It then outputs highly structured metalevel attributes of cryptographic functions via a large language model (LLM) and detects vulnerabilities through a query-driven approach. FirmCCF achieves 99.97% accuracy, 99.72% recall, and 99.86% F1-score in detecting cryptographic functions from binary files. We further define 7 security rules, encode them as queries, and use them to uncover seven categories of vulnerabilities. An evaluation on 40,902 function codes revealed 46 vulnerabilities, including 8 previously unknown issues. Our work highlights the urgent need for systematic assessment solutions to detect and mitigate vulnerabilities in custom cryptographic functions.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2025.3631834