FirmCCF: Detecting Custom Cryptographic Function Vulnerabilities Through Query-driven Approaches

Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high f...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal p. 1
Main Authors: Huang, Jing, Chen, Jiongyi, Wang, Min, Hu, Yupeng
Format: Journal Article
Language:English
Published: IEEE 2025
Subjects:
CodeT5-cate
Custom cryptographic function
query-driven
ISSN:2327-4662, 2327-4662
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cryptographic techniques are widely used to safeguard software against privacy breaches. Efficiently detecting encryption algorithms in software to determine whether they meet security requirements is a critical task. However, traditional static and dynamic detection methods often suffer from high false alarm rates or low efficiency, as they cannot fully capture the structural and semantic features of cryptographic algorithms. In this paper, we proposed FirmCCF, a vulnerability detection tool for custom cryptographic functions in Internet of Things (IoT) devices. FirmCCF leverages an improved deep learning encoder-decoder classification model, CodeT5-cate, to identify and classify cryptographic functions in source code and decompiled firmware. It then outputs highly structured metalevel attributes of cryptographic functions via a large language model (LLM) and detects vulnerabilities through a query-driven approach. FirmCCF achieves 99.97% accuracy, 99.72% recall, and 99.86% F1-score in detecting cryptographic functions from binary files. We further define 7 security rules, encode them as queries, and use them to uncover seven categories of vulnerabilities. An evaluation on 40,902 function codes revealed 46 vulnerabilities, including 8 previously unknown issues. Our work highlights the urgent need for systematic assessment solutions to detect and mitigate vulnerabilities in custom cryptographic functions.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2025.3631834