通过循环枚举发现二进制代码中的加密算法

D. Buhov, Patrick Kochberger, Richard Thron, S. Schrittwieser
{"title":"通过循环枚举发现二进制代码中的加密算法","authors":"D. Buhov, Patrick Kochberger, Richard Thron, S. Schrittwieser","doi":"10.1109/ICSSA.2017.22","DOIUrl":null,"url":null,"abstract":"In benign programs, encryption is used to prevent sensitive data from being exposed. Malware, on the other hand, uses encryption to hide from analysis or perform malicious activities, e.g. ransomware. The challenge in detecting the presence of these cryptographic algorithms lies in the fact that it is generally not possible to identify the entire functionality of binary programs through static analysis. In this paper we present a novel approach for detecting specific cryptographic algorithms through control flow analysis based on symbolic execution. The control flow graph generated and symbolic execution done by the angr framework is used to search for loops. Nodes that are executed a certain number of times and in a specific order let us point out possible cryptographic activities. In the proof-of-concept implementation we were able to identify and differentiate DES, TripleDES and several variants of the AES algorithm. Our solution is able to detect the presence of these algorithms without access to the source code of the program. It also eliminates the need for a skilled operator to perform the analysis.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Discovering Cryptographic Algorithms in Binary Code Through Loop Enumeration\",\"authors\":\"D. Buhov, Patrick Kochberger, Richard Thron, S. Schrittwieser\",\"doi\":\"10.1109/ICSSA.2017.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In benign programs, encryption is used to prevent sensitive data from being exposed. Malware, on the other hand, uses encryption to hide from analysis or perform malicious activities, e.g. ransomware. The challenge in detecting the presence of these cryptographic algorithms lies in the fact that it is generally not possible to identify the entire functionality of binary programs through static analysis. In this paper we present a novel approach for detecting specific cryptographic algorithms through control flow analysis based on symbolic execution. The control flow graph generated and symbolic execution done by the angr framework is used to search for loops. Nodes that are executed a certain number of times and in a specific order let us point out possible cryptographic activities. In the proof-of-concept implementation we were able to identify and differentiate DES, TripleDES and several variants of the AES algorithm. Our solution is able to detect the presence of these algorithms without access to the source code of the program. It also eliminates the need for a skilled operator to perform the analysis.\",\"PeriodicalId\":307280,\"journal\":{\"name\":\"2017 International Conference on Software Security and Assurance (ICSSA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Software Security and Assurance (ICSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSSA.2017.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Software Security and Assurance (ICSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSSA.2017.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

在良性程序中,加密用于防止敏感数据暴露。另一方面,恶意软件使用加密来隐藏分析或执行恶意活动,例如勒索软件。检测这些加密算法存在的挑战在于,通常不可能通过静态分析来识别二进制程序的全部功能。本文提出了一种基于符号执行的控制流分析来检测特定密码算法的新方法。使用angr框架生成的控制流图和符号执行来搜索循环。以特定顺序执行一定次数的节点可以让我们指出可能的加密活动。在概念验证实现中,我们能够识别和区分DES、TripleDES和AES算法的几个变体。我们的解决方案能够检测这些算法的存在,而无需访问程序的源代码。它还消除了对熟练操作员执行分析的需要。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Discovering Cryptographic Algorithms in Binary Code Through Loop Enumeration
In benign programs, encryption is used to prevent sensitive data from being exposed. Malware, on the other hand, uses encryption to hide from analysis or perform malicious activities, e.g. ransomware. The challenge in detecting the presence of these cryptographic algorithms lies in the fact that it is generally not possible to identify the entire functionality of binary programs through static analysis. In this paper we present a novel approach for detecting specific cryptographic algorithms through control flow analysis based on symbolic execution. The control flow graph generated and symbolic execution done by the angr framework is used to search for loops. Nodes that are executed a certain number of times and in a specific order let us point out possible cryptographic activities. In the proof-of-concept implementation we were able to identify and differentiate DES, TripleDES and several variants of the AES algorithm. Our solution is able to detect the presence of these algorithms without access to the source code of the program. It also eliminates the need for a skilled operator to perform the analysis.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信