Playing "Hide and Seek" with Stored Keys
FC '99 Proceedings of the Third International Conference on Financial Cryptography
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Framework for instruction-level tracing and analysis of program executions
Proceedings of the 2nd international conference on Virtual execution environments
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
The persistence of memory: Forensic identification and extraction of cryptographic keys
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Aligot: cryptographic function identification in obfuscated binary programs
Proceedings of the 2012 ACM conference on Computer and communications security
Detecting encryption functions via process emulation and IL-based program analysis
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Hi-index | 0.03 |
Cryptographic algorithms are widely used inside software for data security and integrity. The search of cryptographic data (include algorithms, input-output data and intermediated states of operation) is important to security analysis. However, various implementations of cryptographic algorithms lead the automatic detection and analysis to be very hard. This paper proposes a novel automatic cryptographic data detection and analysis approach. This approach is based on execution tracing and data pattern extraction techniques, searching the data pattern of cryptographic algorithms, and automatically extracting detected Cryptographic algorithms and input-output data. We implement and evaluate our approach, and the result shows our approach can detect and extract common symmetric ciphers and hash functions in most kinds of programs with accuracy, effectiveness and universality.