Rechercher
Fermer ce champ de recherche.

Vous êtes victime d’un incident de sécurité ? Contactez notre CERT

07/05/2015

Publications

ASIACCS15 / Automated Identification of Cryptographic Primitives in Binary Code with Data Flow Graph Isomorphism

Pierre Lestringant, Frédéric Guihéry / Amossys & Pierre-Alain Fouque, Université de Rennes 1

Abstract

Softwares use cryptographic algorithms to secure their communications and to protect their internal data. However the algorithm choice, its implementation design and the generation methods of its input parameters may have dramatic consequences on the security of the data it was initially supposed to protect. Therefore to assess the security of a binary program involving cryptography, analysts need to check that none of these points will cause a system vulnerability. It implies, as a first step, to precisely identify and locate the cryptographic code in the binary program. Since binary analysis is a difficult and cumbersome task, it is interesting to devise a method to automatically retrieve cryptographic primitives and their parameters.

In this paper, we present a novel approach to automatically identify symmetric cryptographic algorithms and their parameters inside binary code. Our approach is static and based on DFG (Data Flow Graph) isomorphism. To cope with binary codes produced from different source codes and by different compilers and options, the DFGs is normalized using code rewrite mechanisms. Our approach differs from previous works, that either use statistical criteria leading to imprecise results, or rely on heavy dynamic instrumentation. To validate our approach, we present experimental results on a set of synthetic samples including several cryptographic algorithms, binary code of well-known cryptographic libraries and reference source implementation compiled using different compilers and options.

Voir les dernières Publications

18 novembre 2021
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
26 janvier 2021
Persistent Threats (APT) since only pre-registered and well-characterized attacks can be catched. Some recent systems use unsupervised ML algorithms [...]
15 décembre 2020
Cet article expose la mise en oeuvre du leurrage dans un but de renseignement sur les attaquants (outils et méthodes).
23 novembre 2018
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
28 août 2018
Understanding data distributions is one of the most fundamentalresearch topic in data analysis. The literature provides a great dealof powerful statistical learning algorithms [...]
21 août 2017
Anomaly detection in time series has attracted considerable attention due to its importance in many real-world applications including intrusion detection, energy management and finance [...]
22 mai 2017
Le langage C++ s’est imposé comme une référence dans les domaines où la modularité du développement ne doit pas empiéter sur les performances du logiciel final [...]
5 juillet 2016
Verification of software security properties, when conducted at the binary code level, is a difficult and cumbersome task. This paper is focused on [...]
20 juin 2016
Depuis le début du premier semestre 2016, six CVE permettant l’exécution de code arbitraire ont été déposées. Ces CVE ont toutes en commun l’exploitation d’une vulnérabilité encore peu considérée la confusion de type [...]
27 décembre 2013
We will present Netzob, an Open Source tool, and show how it helps to semi-automatically reverse undocumented communication protocols [...]