基于密码库函数的程序加解密过程分析

doi:10.11772/j.issn.1001-9081.2014.07.1929

计算机应用 ›› 2014, Vol. 34 ›› Issue (7): 1929-1935.DOI: 10.11772/j.issn.1001-9081.2014.07.1929

基于密码库函数的程序加解密过程分析

张彦文¹,尹青²,李政廉²,舒辉¹,³,常瑞²

1. 信息工程大学,郑州 450000
2. 数学工程与先进计算机国家重点实验室，郑州 450000
3. 数学工程与先进计算国家重点实验室,郑州 450001

收稿日期:2014-01-03 修回日期:2014-02-21 出版日期:2014-07-01 发布日期:2014-08-01
通讯作者: 张彦文
作者简介:张彦文(1987-)，男，湖南娄底人，硕士研究生，主要研究方向：逆向工程；尹青(1968-)，女，江苏徐州人，教授，博士，主要研究方向：网络与信息安全；舒辉(1974-)，男，江苏盐城人，副教授，博士，主要研究方向：网络与信息安全；李政廉(1987-)，男，北京人，硕士研究生，主要研究方向：网络与信息安全；常瑞 (1981-)，女，河南郑州人，讲师，博士研究生，主要研究方向：逆向工程、嵌入式安全。

Cryptographic procedure analysis based on cryptographic library function

ZHANG Yanwen¹,YIN Qing²,LI Zhenglian²,SHU Hui³,⁴,CHANG Rui²

1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University，Zhengzhou Henan 450001, China
2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450000, China
3. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450001, China
4. Information Engineering University, Zhengzhou Henan 450000, China;

Received:2014-01-03 Revised:2014-02-21 Online:2014-07-01 Published:2014-08-01
Contact: ZHANG Yanwen

摘要/Abstract

摘要：

针对常见密码算法种类多及实现方式不同，采用现有特征扫描和动态调试的方法分析程序中的加解密过程非常困难的问题。提出一种基于库函数原型分析和库函数调用链构造的加解密过程分析方法，库函数原型分析是分析常见密码库函数所包含的密码算法知识和库框架知识，并记录形成知识库，库函数调用链是根据密码库函数调用时参数值的相等关系构建的库函数调用的先后关系链，最后根据知识库在链上提取展示密码库及密码算法相关知识。该方法对运用到常见库的程序中的算法的识别精确度达到近100%，能详细分析算法调用时的数据、密钥、模式，并有助于对多个算法的协同处理关系作分析。该方法有助于辅助分析木马、蠕虫之类恶意程序，也可用于检测程序对库密码算法的运用是否正确。

Abstract:

Since it's hard to analyze the cryptographic procedure using method of property scan or debugging for the variety and different implementation of cryptographic algorithms, a method was proposed based on library function prototype analysis and their calling-graph building. Library functions prototype analysis is analyzing cryptographic algorithm knowledge and library frame knowledge to form a knowledge base. Calling-graph building is building a calling-graph that reflects the function calling order according to parameter value of the functions. Finally cryptographic algorithm knowledge and library frame knowledge on the calling-graph were extracted. The method discriminated common cryptographic algorithm almost 100%, and it could not only recover cryptographic data, key and cryptographic mode, but also help to analyze the relationship between more than two cryptographic algorithms dealing with the same data. The method could be used to analyze Trojan, worm and test whether the library is used correctly.

中图分类号:

TP309

张彦文尹青李政廉舒辉常瑞. 基于密码库函数的程序加解密过程分析[J]. 计算机应用, 2014, 34(7): 1929-1935.

ZHANG Yanwen YIN Qing LI Zhenglian SHU Hui CHANG Rui. Cryptographic procedure analysis based on cryptographic library function[J]. Journal of Computer Applications, 2014, 34(7): 1929-1935.

参考文献

［1］LI J, SHU H. The research of crypto algorithm recognition technology［J］. Netinfo Security, 2012(11): 46-49. (李继中, 舒辉. 密码算法识别技术研究［J］. 信息网络安全, 2012(11): 46-49.)
［2］HALDERMAN J A, SCHOEN S D, HENINGER N, et al. Lest we remember: cold-boot attacks on encryption keys［J］. Communications of the ACM, 2009, 52(5): 91-98.
［3］MAARTMANN-MOE C, THORKILDSEN S E, ARNES A. The persistence of memory: Forensic identification and extraction of cryptographic keys［J］. Digital Investigation, 2009(6): 132-140.
［4］FLIRT: Fast library acquisition for identification and recognition［EB/OL］. ［2013-10-10］.https://www.hex-rays.com/products/ida/tech/flirt/in_depth.shtml.
［5］NETHERCOTE N. Dynamic binary analysis and instrumentation［D］. Cambridge: University of Cambridge, 2004.
［6］GROBERT F, WILLEMS C, HOLZ T. Automated identification of cryptographic primitives in binary rograms［C］// Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection. Berlin: Springer-Verlag, 2011: 41-60.
［7］CALVET J, FERNANDEZ J M, MARION J Y. Aligot: cryptographic function identification in obfuscated binary programs［C］// Proceedings of the 2012 ACM Conference on Computer and Communications Security. New York: ACM, 2012: 169-182.
［8］OKSANEN K. Detecting algorithms using dynamic analysis［C］// Proceedings of the 9th International Workshop on Dynamic Analysis. New York: ACM, 2011: 1-6.
［9］ZHAO R, GU D, LI J, et al. Detection and analysis of cryptographic data inside software: Information security［C］// Proceedings of the 14th International Conference on Information Security. Berlin: Springer-Verlag, 2011: 182-196.
［10］REEK K A. Pointers on C［M］.XU B, translated. Beijing: Posts and Telecommunications Press, 2008.(REEK K A. C和指针［M］.徐波,译.北京:人民邮电出版社, 2008.)
［11］EAGER M J. Introduction to the DWARF debugging format［EB/OL］.［2013-10-10］. http://dwarfstd.org/.
［12］LI Y, KANG F, SHU H. Cryptographic algorithm recognition based on dynamic binary analysis［J］ . Computer Engineering, 2012, 38(17): 106-109.(李洋, 康绯, 舒辉. 基于动态二进制分析的密码算法识别［J］. 计算机工程, 2012, 38(17):106-109.)
［13］KHEDKER U, SANYAL A, SATHE B. Data flow analysis: theory and practice［M］.New York: CRC Press, 2009.

[1]	孙晓玲李姗姗杨光杨秋格. 基于差分表的Blow-CAST-Fish的密钥恢复攻击[J]. 计算机应用, 0, (): 0-0.
[2]	樊缤李智高健. 基于多尺度知识学习的深度鲁棒水印算法[J]. 计算机应用, 0, (): 0-0.
[3]	郭丽峰王倩丽. 自适应安全的带关键字搜索的外包属性基加密[J]. 计算机应用, 0, (): 0-0.
[4]	沈子懿, 王卫亚, 蒋东华, 荣宪伟. 基于Hopfield混沌神经网络和压缩感知的可视化图像加密算法[J]. 计算机应用, 2021, 41(10): 2893-2899.
[5]	巫光福, 王影军. 基于区块链与云-边缘计算混合架构的车联网数据安全存储与共享方案[J]. 计算机应用, 2021, 41(10): 2885-2892.
[6]	高健李智樊缤姜传贤. 基于光线投射采样和四元数正交矩的高效三维医学图像鲁棒零水印算法 [J]. 计算机应用, 0, (): 0-0.
[7]	徐丽云, 闫涛, 钱宇华. 基于级联混沌系统的分数域语音加密算法[J]. 计算机应用, 2021, 41(9): 2623-2630.
[8]	陈恒恒, 倪志伟, 朱旭辉, 金媛媛, 陈千. 基于聚类分析的差分隐私高维数据发布方法[J]. 计算机应用, 2021, 41(9): 2578-2585.
[9]	张永斌, 常文欣, 孙连山, 张航. 基于字典的域名生成算法生成域名的检测方法[J]. 计算机应用, 2021, 41(9): 2609-2614.
[10]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[11]	张师鹏, 李永忠, 杜祥通. 基于半监督学习和三支决策的入侵检测模型[J]. 计算机应用, 2021, 41(9): 2602-2608.
[12]	李莉杨鸿飞董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 计算机应用, 0, (): 0-0.
[13]	郭媛王学文王充姜津霖. 基于动态网络的非线性置乱扩散同步图像加密[J]. 计算机应用, 0, (): 0-0.
[14]	陈葳葳, 曹利, 顾翔. 基于区块链的车联网电子取证模型[J]. 计算机应用, 2021, 41(7): 1989-1995.
[15]	卿欣艺, 陈玉玲, 周正强, 涂园超, 李涛. 基于中国剩余定理的区块链存储扩展模型[J]. 计算机应用, 2021, 41(7): 1977-1982.

基于密码库函数的程序加解密过程分析

Cryptographic procedure analysis based on cryptographic library function

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics