Not only since the major data protection scandals, the security of software for their users is an important criterion for selection. Because of this, many are careful that the applications they use offer encryption, for example. Even encryption is no guarantee for data security: software developers usually have no experience with cryptography - and therefore incorporate the crypto modules incorrectly. The result: The data is insecure despite allegedly integrated encryption.

In order to improve the protection of user data in the future, researchers at the DFG CROSSING Collaborative Research Center are now presenting CogniCrypt, a "cryptography assistant" for software developers. CogniCrypt helps them integrate cryptographic components into their software and verifies that everything is properly installed and configured.

Now for the first time developers all over the world have access to CogniCrypt. To make using it as easy as possible, CogniCrypt has been set up so that it can be seamlessly integrated into the developers' workflow. The Crypto Assistant can be installed in the widely used development software Eclipse, which is used by many programmers, and is also available directly from the Eclipse Marketplace.

"CogniCrypt allows developers to not only to detect crypto misses in their code, but also gives advice on how to fix those vulnerabilities, and even allows them to automatically generate code for the secure integration of cryptography. This is sorely needed: in a large-scale study with CogniCrypt, we found that a good three-quarters of all applications embed cryptography in an insecure manner, "explains Prof. Mira Mezini from TU Darmstadt.

"For CogniCrypt we have developed our own description language - Crypto Specification Language (CrySL) - with which cryptographers can define the usage rules of their developed crypto components, so that CogniCrypt provides the application developers with hints about the correct use text-based and provide an output without dealing with the source code components of the cryptosystem. In the future we even plan the automated generation of these text notes. This makes it easier for researchers to integrate their developed crypto components into CogniCrypt ", explains Prof. Eric Bodden from the Heinz Nixdorf Institute of the University of Paderborn and from the Fraunhofer Institute for Design Technology Mechatronics (IEM) and one of the scientists involved in the Collaborative Research Center CROSSING of the TU Darmstadt.

CogniCrypt is available as an Eclipse open source project. For example, cryptographers from other universities or research institutes can check whether CogniCrypt correctly implements the required checks of the application code. Also new crypto-building blocks can be added. Along with the feedback from the software developers, who can also suggest and add new features, it's hoped to create a vibrant community around CogniCrypt. Thus, the Crypto Assistant remains up-to-date with the power of the community and is constantly improving.

CogniCrypt was developed in the Collaborative Research Center CROSSING at the TU Darmstadt in cooperation with the University of Paderborn and the Fraunhofer IEM. More than 65 scientists from cryptography, quantum physics, system security and software engineering work together in CROSSING and carry out both basic and application-oriented research. The goal is to develop security solutions that will enable secure and trusted IT systems in the future. CROSSING has been funded since 2014 as a Collaborative Research Center of the German Research Foundation (DFG) and was extended by additional four years in May 2018.

Further Information:
Website CogniCrypt: www.cognicrypt.de
Twitteraccount CogniCrypt: @cognicrypt
Website CROSSING: www.crossing.tu-darmstadt.de
Press releases of TU Darmstadt

show all news