An Empirical Analysis of Cryptographic Misuse on Different Platforms

Cryptographic misuse is an increasingly common issue in real-world systems. In this paper, we collected and summarized 224 cryptography vulnerabilities in the CVE database over the previous five years and analyzed the implementation of cryptography systems in 131 common Android application packages (APKs), to understand why certain cryptographic misuses are more likely to appear in certain scenarios. We present a systematic analysis about the pertinence between certain cryptographic misuses and the different characteristics of three actual platforms (mobile, embedded and server). Thereafter, we propose several lightweight countermeasures to alleviate cryptographic misuse.