Vulnerability Analysis on the CNG Crypto Library 


Vol. 42,  No. 4, pp. 838-847, Apr.  2017


PDF
  Abstract

CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

K. Lee, I. Oh, S. Lee, K. Yim, "Vulnerability Analysis on the CNG Crypto Library," The Journal of Korean Institute of Communications and Information Sciences, vol. 42, no. 4, pp. 838-847, 2017. DOI: .

[ACM Style]

Kyungroul Lee, Insu Oh, Sun-Young Lee, and Kangbin Yim. 2017. Vulnerability Analysis on the CNG Crypto Library. The Journal of Korean Institute of Communications and Information Sciences, 42, 4, (2017), 838-847. DOI: .

[KICS Style]

Kyungroul Lee, Insu Oh, Sun-Young Lee, Kangbin Yim, "Vulnerability Analysis on the CNG Crypto Library," The Journal of Korean Institute of Communications and Information Sciences, vol. 42, no. 4, pp. 838-847, 4. 2017.

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)






pISSN : 1226 - 4717
eISSN : 2287 - 3880