{"id":"https://openalex.org/W4402957840","doi":"https://doi.org/10.1145/3678890.3678914","title":"CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning","display_name":"CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402957840","doi":"https://doi.org/10.1145/3678890.3678914"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678914","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3678890.3678914","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050806799","display_name":"J. P. Wang","orcid":"https://orcid.org/0009-0004-9917-1527"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Jianing Wang","raw_affiliation_strings":["National University of Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0004-9917-1527","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084460856","display_name":"Shanqing Guo","orcid":"https://orcid.org/0000-0003-3367-0951"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanqing Guo","raw_affiliation_strings":["Shandong University, China"],"raw_orcid":"https://orcid.org/0000-0003-3367-0951","affiliations":[{"raw_affiliation_string":"Shandong University, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080378687","display_name":"Wenrui Diao","orcid":"https://orcid.org/0000-0003-0916-8806"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Diao","raw_affiliation_strings":["Shandong University, China"],"raw_orcid":"https://orcid.org/0000-0003-0916-8806","affiliations":[{"raw_affiliation_string":"Shandong University, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009049370","display_name":"Yue Liu","orcid":"https://orcid.org/0000-0002-3065-0165"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]},{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Yue Liu","raw_affiliation_strings":["Indiana University Bloomington, USA","Southeast University, China and QI-ANXIN Group, China"],"raw_orcid":"https://orcid.org/0000-0002-3065-0165","affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, USA","institution_ids":["https://openalex.org/I4210119109"]},{"raw_affiliation_string":"Southeast University, China and QI-ANXIN Group, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University, China; Zhongguancun Laboratory, China and Quancheng Laboratory, China"],"raw_orcid":"https://orcid.org/0000-0003-0083-733X","affiliations":[{"raw_affiliation_string":"Tsinghua University, China; Zhongguancun Laboratory, China and Quancheng Laboratory, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yichen Liu","orcid":"https://orcid.org/0000-0002-9506-102X"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]},{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Yichen Liu","raw_affiliation_strings":["Indiana University Bloomington, USA","Southeast University, China and QI-ANXIN Group, China"],"raw_orcid":"https://orcid.org/0000-0002-9506-102X","affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, USA","institution_ids":["https://openalex.org/I4210119109"]},{"raw_affiliation_string":"Southeast University, China and QI-ANXIN Group, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084611756","display_name":"Zhenkai Liang","orcid":"https://orcid.org/0000-0001-7138-5030"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zhenkai Liang","raw_affiliation_strings":["National University of Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7138-5030","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5050806799"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":0.9865,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.75624238,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"579","last_page":"593"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.7756891250610352},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7466278672218323},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6046813726425171},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5596491694450378},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5020272731781006},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.41697216033935547},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10043138265609741}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.7756891250610352},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7466278672218323},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6046813726425171},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5596491694450378},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5020272731781006},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.41697216033935547},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10043138265609741}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3678890.3678914","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3678890.3678914","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1726499989","display_name":null,"funder_award_id":"NRF-NCR25-Fuzz-0001","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G6855559198","display_name":null,"funder_award_id":"62372268","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W2008810193","https://openalex.org/W2043118292","https://openalex.org/W2045057497","https://openalex.org/W2084864601","https://openalex.org/W2091939272","https://openalex.org/W2180970301","https://openalex.org/W2269664735","https://openalex.org/W2357927175","https://openalex.org/W2493901872","https://openalex.org/W2576376563","https://openalex.org/W2698406033","https://openalex.org/W2742429299","https://openalex.org/W2759023773","https://openalex.org/W2791018263","https://openalex.org/W2890042297","https://openalex.org/W2897859437","https://openalex.org/W2914982603","https://openalex.org/W2964144088","https://openalex.org/W2985320478","https://openalex.org/W2986938475","https://openalex.org/W3015383024","https://openalex.org/W3039516369","https://openalex.org/W3099168646","https://openalex.org/W3138838255","https://openalex.org/W3153576810","https://openalex.org/W4206729439","https://openalex.org/W4226498484","https://openalex.org/W4244726870","https://openalex.org/W4391724777"],"related_works":["https://openalex.org/W2060145807","https://openalex.org/W4248806346","https://openalex.org/W2289378658","https://openalex.org/W1531360494","https://openalex.org/W2093529019","https://openalex.org/W87530933","https://openalex.org/W4240432851","https://openalex.org/W154233216","https://openalex.org/W2626486901","https://openalex.org/W2026856585"],"abstract_inverted_index":{"Cryptographic":[0],"techniques":[1],"form":[2],"the":[3,6,33,90,112,155,159,171,184],"foundation":[4],"of":[5,10,92,111,151],"security":[7,26],"and":[8,80,118,181],"privacy":[9],"computing":[11],"solutions.":[12,145],"However,":[13],"if":[14],"cryptographic":[15,124],"APIs":[16],"are":[17,140],"not":[18,141],"invoked":[19],"correctly,":[20],"they":[21],"can":[22],"result":[23],"in":[24],"significant":[25],"problems.":[27],"In":[28,126],"this":[29,45],"paper,":[30],"we":[31,47,94,128,161],"abstract":[32],"intricate":[34],"crypto":[35,56,132],"misuse":[36,86],"detection":[37,74],"problem":[38],"as":[39,84],"a":[40,50,96,166],"data-flow":[41],"reasoning":[42,59],"task.":[43],"Towards":[44],"end,":[46],"propose":[48],"CrypTody,":[49,93],"novel":[51],"logic-inference-based":[52],"framework":[53],"for":[54,170],"detecting":[55],"misuses":[57,117,138],"via":[58],"about":[60],"data":[61],"flows":[62],"on":[63,99],"multi-architecture":[64],"IoT":[65],"firmware":[66,101,113],"images.":[67],"It":[68],"carries":[69],"out":[70],"cross-architecture":[71],"analysis,":[72],"with":[73,134],"strategies":[75],"to":[76,154],"reduce":[77],"false":[78,81],"positives":[79],"negatives,":[82],"such":[83],"cross-flow":[85,137],"inference.":[87],"To":[88],"evaluate":[89],"effectiveness":[91],"conducted":[95],"large-scale":[97],"experiment":[98],"1,431":[100],"images":[102,114],"from":[103],"16":[104],"vendors.":[105,157,185],"Our":[106],"evaluation":[107],"shows":[108],"that":[109,139,163],"46%":[110],"have":[115,120,147,177],"high-risk":[116],"95%":[119],"at":[121],"least":[122],"one":[123],"misuse.":[125],"total,":[127],"find":[129],"6,624":[130],"potential":[131],"misuses,":[133],"760":[135],"being":[136],"detected":[142],"by":[143,183],"existing":[144],"We":[146],"responsibly":[148],"disclosed":[149],"portions":[150],"our":[152],"findings":[153],"relevant":[156],"From":[158],"feedback,":[160],"note":[162],"CrypTody":[164],"has":[165],"low":[167],"false-positive":[168],"rate":[169],"confirmed":[172],"misuses.":[173],"Some":[174],"typical":[175],"cases":[176],"been":[178],"assigned":[179],"CVEs":[180],"fixed":[182]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}