Detection and analysis of cryptographic data inside software

Authors:
Ruoxu Zhao;Dawu Gu;Juanru Li;Ran Yu
Affiliations:
Lab of Cryptology and Computer Security, Dept. of Computer Science, Shanghai Jiao Tong University, Shanghai, China;Lab of Cryptology and Computer Security, Dept. of Computer Science, Shanghai Jiao Tong University, Shanghai, China;Lab of Cryptology and Computer Security, Dept. of Computer Science, Shanghai Jiao Tong University, Shanghai, China;Lab of Cryptology and Computer Security, Dept. of Computer Science, Shanghai Jiao Tong University, Shanghai, China
Venue:
ISC'11 Proceedings of the 14th international conference on Information security
Year:
2011

Citing 7
Cited 2

Playing "Hide and Seek" with Stored Keys

FC '99 Proceedings of the Third International Conference on Financial Cryptography
Pin: building customized program analysis tools with dynamic instrumentation

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Framework for instruction-level tracing and analysis of program executions

Proceedings of the 2nd international conference on Virtual execution environments
Understanding data lifetime via whole system simulation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Polyglot: automatic extraction of protocol message format using dynamic binary analysis

Proceedings of the 14th ACM conference on Computer and communications security
Tupni: automatic reverse engineering of input formats

Proceedings of the 15th ACM conference on Computer and communications security
The persistence of memory: Forensic identification and extraction of cryptographic keys

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Aligot: cryptographic function identification in obfuscated binary programs

Proceedings of the 2012 ACM conference on Computer and communications security
Detecting encryption functions via process emulation and IL-based program analysis

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security

Quantified Score

Hi-index	0.03

Visualization

Abstract

Cryptographic algorithms are widely used inside software for data security and integrity. The search of cryptographic data (include algorithms, input-output data and intermediated states of operation) is important to security analysis. However, various implementations of cryptographic algorithms lead the automatic detection and analysis to be very hard. This paper proposes a novel automatic cryptographic data detection and analysis approach. This approach is based on execution tracing and data pattern extraction techniques, searching the data pattern of cryptographic algorithms, and automatically extracting detected Cryptographic algorithms and input-output data. We implement and evaluate our approach, and the result shows our approach can detect and extract common symmetric ciphers and hash functions in most kinds of programs with accuracy, effectiveness and universality.