AntiPatterns regarding the application of cryptographic primitives by the example of ransomware

Abstract

Cryptographic primitives are the basic building blocks for many cryptographic schemes and protocols. Implementing them incorrectly can lead to flaws, making a system or a product vulnerable to various attacks. As shown in the present paper, this statement also applies to ransomware. The paper surveys common errors occurring during the implementation of cryptographic primitives. Based on already existing research, it establishes a categorization framework to match selected ransomware samples by their respective vulnerabilities and assign them to the corresponding error categories. Subsequently, AntiPatterns are derived from the extracted error categories. These AntiPatterns are meant to support the field of software development by helping to detect and correct errors early during the implementation phase of cryptography.