ChatGPT's Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools

ChatGPT's Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools

The correct adoption of cryptography APIs is challenging for mainstream developers, often resulting in widespread API misuse. Meanwhile, cryptography misuse detectors have demonstrated inconsistent performance and remain largely inaccessible to most developers. We investigated the extent to which Ch...

Full description

Saved in:
Bibliographic Details
Main Authors: Firouzi, Ehsan, Ghafari, Mohammad, Ebrahimi, Mike
Format: Journal Article
Language:English
Published: 10-09-2024
Subjects:
Computer Science - Artificial Intelligence
Computer Science - Cryptography and Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The correct adoption of cryptography APIs is challenging for mainstream developers, often resulting in widespread API misuse. Meanwhile, cryptography misuse detectors have demonstrated inconsistent performance and remain largely inaccessible to most developers. We investigated the extent to which ChatGPT can detect cryptography misuses and compared its performance with that of the state-of-the-art static analysis tools. Our investigation, mainly based on the CryptoAPI-Bench benchmark, demonstrated that ChatGPT is effective in identifying cryptography API misuses, and with the use of prompt engineering, it can even outperform leading static cryptography misuse detectors.
DOI:10.48550/arxiv.2409.06561