{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T10:11:06Z","timestamp":1778235066946,"version":"3.51.4"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T00:00:00Z","timestamp":1778198400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T00:00:00Z","timestamp":1778198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"The National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["U25B2026"],"award-info":[{"award-number":["U25B2026"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The correct application of cryptography is crucial for protecting confidentiality, integrity, and sensitive information in modern software systems. However, cryptographic APIs are frequently misused in practice because they are difficult to apply correctly and their security implications are often highly context dependent. Existing misuse detection research mainly targets source code, while binary-level detection remains underexplored despite its ability to access concrete runtime states and validate misuse conditions more directly. Binary analysis for cryptographic misuse faces three major challenges: severe path explosion, difficult parameter provenance recovery, and limited credibility of purely static results. To address these challenges, we present CryptoBinaryRz, a binary-level cryptographic misuse detection framework that combines locality-based region construction, context-aware dynamic provenance, path reuse-aware state management, and constraint-based misuse verification. Our method constrains analysis to sink-centered local regions, recovers parameter influence through symbolic mutation, restores nearby cryptographic calling environments through role abstraction, and reuses semantically equivalent paths during layered provenance expansion. In this way, the framework improves both scalability and semantic precision without relying on full control-flow graph construction. We also reformulate cryptographic misuse rules under a dynamic analysis setting so that runtime contexts and local calling environments can be jointly considered during verification. Experiments on 175 samples with isolated cryptographic behaviors and 11 real-world GitHub projects show that CryptoBinaryRz achieves over 95% detection accuracy and identifies 204 misuse instances, while substantially reducing the analysis cost associated with large binaries. These results suggest that binary-level analysis can provide richer and more trustworthy evidence for cryptographic misuse detection than source-level inspection alone.<\/jats:p>","DOI":"10.1186\/s42400-026-00596-1","type":"journal-article","created":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T09:33:01Z","timestamp":1778232781000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["CryptoBinaryRz: a binary detection framework based on regional centralization dynamic analysis of cryptographic misuse"],"prefix":"10.1186","volume":"9","author":[{"given":"Xi","family":"Luo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zecheng","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lihua","family":"Yin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shijie","family":"Jia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Runda","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haiyang","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,8]]},"reference":[{"key":"596_CR1","doi-asserted-by":"crossref","unstructured":"Ami AS, Cooper N, Kafle K, Moran K, Poshyvanyk D, Nadkarni A (2022) Why crypto-detectors fail: A systematic evaluation of cryptographic misuse detection techniques. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 614\u2013631 . IEEE","DOI":"10.1109\/SP46214.2022.9833582"},{"key":"596_CR2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-67r2","volume-title":"Recommendation for the triple data encryption algorithm (tdea) block cipher","author":"E Barker","year":"2017","unstructured":"Barker E, Mouha N (2017) Recommendation for the triple data encryption algorithm (tdea) block cipher. Technical report, National Institute of Standards and Technology"},{"key":"596_CR3","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-131Ar2","volume-title":"Transitioning the use of cryptographic algorithms and key lengths","author":"E Barker","year":"2019","unstructured":"Barker E, Roginsky A (2019) Transitioning the use of cryptographic algorithms and key lengths. Technical report, National Institute of Standards and Technology"},{"key":"596_CR4","unstructured":"Bernstein DJ (2008) Chacha, a variant of salsa20. In: Workshop Record of SASC, vol. 8, pp. 3\u20135 . Citeseer"},{"key":"596_CR5","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978423","volume-title":"On the practical (in-)security of 64-bit block ciphers: Collision attacks on http over tls and openvpn","author":"K Bhargavan","year":"2016","unstructured":"Bhargavan K, Leurent G (2016) On the practical (in-)security of 64-bit block ciphers: Collision attacks on http over tls and openvpn. IACR Cryptology ePrint Archive, IACR Cryptology ePrint Archive"},{"key":"596_CR6","doi-asserted-by":"crossref","unstructured":"Bhargavan K, Leurent G (2016) On the practical (in-) security of 64-bit block ciphers: Collision attacks on http over tls and openvpn. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 456\u2013467","DOI":"10.1145\/2976749.2978423"},{"issue":"4","key":"596_CR7","doi-asserted-by":"publisher","first-page":"1384","DOI":"10.1109\/TR.2019.2937214","volume":"68","author":"A Braga","year":"2019","unstructured":"Braga A, Dahab R, Antunes N, Laranjeiro N, Vieira M (2019) Understanding how to use static analysis tools for detecting cryptography misuse in software. IEEE Trans Reliab 68(4):1384\u20131403","journal-title":"IEEE Trans Reliab"},{"key":"596_CR8","doi-asserted-by":"crossref","unstructured":"Chen Y, Liu Y, Wu KL, Le DV, Chau SY (2024) Towards precise reporting of cryptographic misuses. In: Proceedings 2024 Network and Distributed System Security Symposium","DOI":"10.14722\/ndss.2024.241032"},{"key":"596_CR9","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/3-540-44577-3_12","volume-title":"Informatics: 10 years back, 10 Years ahead","author":"E Clarke","year":"2001","unstructured":"Clarke E, Grumberg O, Jha S, Lu Y, Veith H (2001) Progress on the state explosion problem in model checking. In: Wilhelm R (ed) Informatics: 10 years back, 10 Years ahead. Springer, Berlin, pp 176\u2013194"},{"key":"596_CR10","doi-asserted-by":"crossref","unstructured":"Dillig I, Dillig T, Aiken A (2008) Sound, complete and scalable path-sensitive analysis. In: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 270\u2013280","DOI":"10.1145\/1375581.1375615"},{"key":"596_CR11","doi-asserted-by":"crossref","unstructured":"Fan H, Zheng F, Lin J, Meng L, Wang M, Wang Q, Jia S, Ma Y (2023) Hydamc: A hybrid detection approach for misuse of cryptographic algorithms in closed-source software. In: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 796\u2013803. IEEE","DOI":"10.1109\/TrustCom60117.2023.00116"},{"issue":"5","key":"596_CR12","doi-asserted-by":"publisher","first-page":"1118","DOI":"10.1109\/TSE.2024.3377182","volume":"50","author":"M Frantz","year":"2024","unstructured":"Frantz M, Xiao Y, Pias TS, Meng N, Yao D (2024) Methods and benchmark for detecting cryptographic api misuses in python. IEEE Trans Software Eng 50(5):1118\u20131129","journal-title":"IEEE Trans Software Eng"},{"key":"596_CR13","unstructured":"https:\/\/pkg.go.dev\/crypto\/rand.Technical report"},{"key":"596_CR14","unstructured":"https:\/\/pkg.go.dev\/math\/rand. Technical report"},{"key":"596_CR15","unstructured":"Li K (2021) Static and dynamic analysis in cryptographic-api misuse detection of mobile application"},{"issue":"11","key":"596_CR16","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1145\/2555670.2466483","volume":"48","author":"L Li","year":"2013","unstructured":"Li L, Cifuentes C, Keynes N (2013) Precise and scalable context-sensitive pointer analysis via value flow graph. ACM SIGPLAN Notices 48(11):85\u201396","journal-title":"ACM SIGPLAN Notices"},{"key":"596_CR17","doi-asserted-by":"crossref","unstructured":"Li W, Jia S, Liu L, Zheng F, Ma Y, Lin J (2022) Cryptogo: Automatic detection of go cryptographic api misuses. In: Proceedings of the 38th Annual Computer Security Applications Conference, pp. 318\u2013331","DOI":"10.1145\/3564625.3567989"},{"key":"596_CR18","doi-asserted-by":"crossref","unstructured":"Ma S, Lo D, Li T, Deng RH (2016) Cdrep: Automatic repair of cryptographic misuses in android applications. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 711\u2013722","DOI":"10.1145\/2897845.2897896"},{"key":"596_CR19","doi-asserted-by":"crossref","unstructured":"Mendel F, Pramstaller N, Rechberger C, Rijmen V (2006) On the collision resistance of ripemd-160. In: Information Security: 9th International Conference, ISC 2006, Samos Island, Greece, August 30-September 2, 2006. Proceedings 9, pp. 101\u2013116 . Springer","DOI":"10.1007\/11836810_8"},{"key":"596_CR20","doi-asserted-by":"crossref","unstructured":"Nir Y, Langley A (2018) Chacha20 and poly1305 for ietf protocols. Technical report","DOI":"10.17487\/RFC8439"},{"key":"596_CR21","unstructured":"Nist sp 800-57 part 1 rev. 5 recommendation for key management: Part 1 \u2013 general. Technical report"},{"key":"596_CR22","doi-asserted-by":"crossref","unstructured":"Piccolboni L, Di Guglielmo G, Carloni LP, Sethumadhavan S (2021) Crylogger: Detecting crypto misuses dynamically. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1972\u20131989 . IEEE","DOI":"10.1109\/SP40001.2021.00010"},{"key":"596_CR23","doi-asserted-by":"crossref","unstructured":"Popov A (2015) Prohibiting rc4 cipher suites. Technical report","DOI":"10.17487\/rfc7465"},{"issue":"6","key":"596_CR24","doi-asserted-by":"publisher","first-page":"3790","DOI":"10.1109\/TDSC.2021.3108031","volume":"19","author":"S Rahaman","year":"2021","unstructured":"Rahaman S, Cai H, Chowdhury O, Yao D (2021) From theory to code: identifying logical flaws in cryptographic implementations in c\/c++. IEEE Trans Dependable Secure Comput 19(6):3790\u20133803","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"596_CR25","doi-asserted-by":"crossref","unstructured":"Rahaman S, Xiao Y, Afrose S, Shaon F, Tian K, Frantz M, Kantarcioglu M, Yao D (2019) Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2455\u20132472","DOI":"10.1145\/3319535.3345659"},{"key":"596_CR26","doi-asserted-by":"crossref","unstructured":"Rizvi S, Hussain SZ, Wadhwa N (2011) Performance analysis of aes and twofish encryption schemes. In: 2011 International Conference on Communication Systems and Network Technologies, pp. 76\u201379 . IEEE","DOI":"10.1109\/CSNT.2011.160"},{"issue":"3","key":"596_CR27","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/2094091.2094094","volume":"45","author":"S Saha","year":"2012","unstructured":"Saha S, Lawall J, Muller G (2012) Finding resource-release omission faults in linux. ACM SIGOPS Oper Syst Rev 45(3):5\u20139","journal-title":"ACM SIGOPS Oper Syst Rev"},{"issue":"5","key":"596_CR28","first-page":"31","volume":"153","author":"A Satapathy","year":"2016","unstructured":"Satapathy A, Livingston J (2016) A comprehensive survey on ssl\/tls and their vulnerabilities. Int J Comput Appl 153(5):31\u201338","journal-title":"Int J Comput Appl"},{"key":"596_CR29","doi-asserted-by":"crossref","unstructured":"Turner S, Chen L (2011) Updated security considerations for the md5 message-digest and the hmac-md5 algorithms. Technical report","DOI":"10.17487\/rfc6151"},{"key":"596_CR30","doi-asserted-by":"crossref","unstructured":"Valmari A (1996) The state explosion problem. In: Advanced course on petri nets, pp. 429\u2013528. Springer","DOI":"10.1007\/3-540-65306-6_21"},{"key":"596_CR31","unstructured":"Wang X, Feng D, Lai X, Yu H (2004) Collisions for hash functions md4, md5, haval-128 and ripemd. Cryptology ePrint Archive"},{"key":"596_CR32","doi-asserted-by":"crossref","unstructured":"Wang J, Guo S, Diao W, Liu Y, Duan H, Liu Y, Liang Z (2024) Cryptody: Cryptographic misuse analysis of iot firmware via data-flow reasoning. In: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 579\u2013593","DOI":"10.1145\/3678890.3678914"},{"key":"596_CR33","doi-asserted-by":"crossref","unstructured":"Wang X, Yin YL, Yu H (2005) Finding collisions in the full sha-1. In: Advances in Cryptology\u2013CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005. Proceedings 25, pp. 17\u201336 . Springer","DOI":"10.1007\/11535218_2"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00596-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-026-00596-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00596-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T09:33:41Z","timestamp":1778232821000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-026-00596-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,8]]},"references-count":33,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["596"],"URL":"https:\/\/doi.org\/10.1186\/s42400-026-00596-1","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,8]]},"assertion":[{"value":"2 February 2026","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 April 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 May 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"163"}}