Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)

This paper introduces structure, features, and programming techniques of CNG (Cryptography API: Next Generation), which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft. Because it is constructed with individual modules based on plug-in architecture, we can reconfigure the incorporated functions in CNG at any time. This means CNG is exceedingly helpful in the cost of development as well as the facility of extension. In addition, specific characteristics of recent new cryptography algorithms and audit policies can be easily embedded into existing library and even supported by the kernel mode expansion for cryptographic services at all points in companies, public government and so on. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, research on security assurance is strongly required in the environment of distributing and utilizing the CNG library. In this paper, we introduce current security issues of CNG and the related considerations on it.

Перевод пока недоступен