Technique of cryptographic function filtration based on dynamic loop information entropy

doi:10.11772/j.issn.1001-9081.2014.04.1025

Journal of Computer Applications ›› 2014, Vol. 34 ›› Issue (4): 1025-1028.DOI: 10.11772/j.issn.1001-9081.2014.04.1025

Previous Articles Next Articles

Technique of cryptographic function filtration based on dynamic loop information entropy

LI Jizhong¹,²,JIANG Liehui¹,²,SHU Hui¹,²,CHANG Rui¹,²

1. Information Engineering University, Zhengzhou Henan 450001, China
2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450001, China

Received:2013-09-29 Revised:2013-12-13 Online:2014-04-01 Published:2014-04-29
Contact: LI Jizhong

基于动态循环信息熵的密码函数筛选技术

李继中¹,²,蒋烈辉¹,²,舒辉¹,²,常瑞¹,²

1. 数学工程与先进计算国家重点实验室,郑州 450001
2. 信息工程大学,郑州 450001;

通讯作者: 李继中
作者简介:李继中(1983-),男,河南上蔡人,博士研究生,CCF会员,主要研究方向:信息安全、二进制逆向、密码学;
蒋烈辉(1967-),男,浙江东阳人,教授,博士,主要研究方向;嵌入式设备逆向、系统结构;
舒辉(1974-),男,浙江盐城人,副教授,博士,主要研究方向;信息安全、二进制逆向、漏洞挖掘;
常瑞(1982-),女,河南郑州人,讲师,博士研究生,主要研究方向;固件代码逆向、信息安全。
基金资助:
国家自然科学基金资助项目

Abstract

Abstract:

For malware analysis and cipher application security validating, identification and filtration of cryptographic function from binary code has great significance. The memory operation and basic block loop characters were analyzed from cryptographic functions. According to the theory of binary data's information entropy, the characteristic of high-entropy of cryptographic algorithms was verified, a cryptographic functions filtration model was constructed based on dynamic loop entropy, and the hybrid (dynamic and static) method was adopted to reconstruct dynamic memory data in basic block loop. The experimental result shows that the filtration model has reliability and veracity.

摘要：

二进制代码中的密码算法识别与筛选对于恶意软件分析、密码算法应用安全性验证有着重要意义。分析了密码函数代码实现中内存数据操作特征和基本块循环结构特征，根据二进制数据的信息熵理论，实验验证了密码算法内存操作数据的高熵值特性，构建了基于动态循环信息熵的密码函数筛选模型，并采用动静结合的方法重构基本块循环中的动态读写内存数据。测试结果表明了筛选模型的可靠性和准确性。

CLC Number:

TP309

LI Jizhong JIANG Liehui SHU Hui CHANG Rui. Technique of cryptographic function filtration based on dynamic loop information entropy[J]. Journal of Computer Applications, 2014, 34(4): 1025-1028.

李继中蒋烈辉舒辉常瑞. 基于动态循环信息熵的密码函数筛选技术[J]. 计算机应用, 2014, 34(4): 1025-1028.

References

［1］SCHNEIER B. Applied cryptography protocols algorithms and source code in C ［M］. 2nd ed. WU S, ZHU S, ZHANG W, et al.translated. Beijing: China Machine Press, 2000. (BRUCE S.应用密码学(协议、算法与C源程序)［M］.2版.吴世忠,祝世雄,张文政,等译.北京:机械工业出版社,2000.)
［2］FILIOL E. Malicious cryptography techniques for unreversable (malicious or not) binaries ［C］// H2HC'10: Proceedings of the 2010 Hacker to Hacker Conference. New York: ACM, 2010.
［3］HARVEY I. Cipher hunting: how to find cryptographic algorithms in large binaries ［M］. Cambridge: nCipher Corporation Ltd,2001.
［4］WRIGHT J L, MANIC M. Neural network approach to locating cryptography in object code ［C］// ETFA 2009: Proceedings of the 2009 IEEE Conference on Emerging Technologies & Factory Automation. Piscataway: IEEE, 2009: 1-4.
［5］LEDER F, MARTINI P, WICHMANN A. Finding and extracting crypto routines from malware ［C］// Proceedings of the 2009 IEEE 28th International Performance Computing and Communications Conference. Piscataway: IEEE, 2009: 394-401.
［6］LUTZ N. Towards revealing attackers' intent by automatically decrypting network traffic ［D］. Zürich, Switzerland: ETH Zürich, 2008.
［7］WANG Z, JIANG X, CUI W, et al.ReFormat: automatic reverse engineering of encrypted messages ［C］// ESORICS '09: Proceedings of the 14th European Conference on Research in Computer Security, LNCS 5789. Berlin: Spring, 2009: 200-215.
［8］ZHAO R, GU D, LI J, et al.Detection and analysis of cryptographic data inside software ［C］// ISC'11: Proceeding of the 14th International Conference on Information Security, LNCS 7001. Berlin: Springer, 2011: 182-196.
［9］CALVET J, FERNANDEZJ M, MARION J-Y. Aligot: cryptographic function identification in obfuscated binary programs ［C］// CCS '12: Proceedings of the 2012 ACM Conference on Computer and Communication Security. New York: ACM, 2012: 169-182.
［10］LYDA R, HAMROCK J. Using entropy analysis to find encrypted and packed malware ［J］. IEEE Security & Privacy, 2007, 5(2): 40-45.
［11］EAGLE C. The IDA Pro book: the unofficial guide to the world's most popular disassembler ［M］. SHI H, DUAN G, translated. Beijing: Posts & Telecom Press, 2010. (EAGLE C. IDA Pro权威指南［M］.石华耀,段桂菊,译.北京:人民邮电出版社,2010.)
［12］LUK C-K, COHN R, MUTH R, et al.Pin: building customized program analysis tools with dynamic instrumentation ［C］// PLDI '05: Proceeding of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, New York: ACM, 2005: 190-200.
［13］PETTERSSON T. Cryptographic key recovery from Linux memory dumps ［R］. Berlin: Chaos Communication Camp, 2007.
［14］MAARTMANN-MOEA C, THORKILDSENB S E, RNES A. The persistence of memory: forensic identification and extraction of cryptographic keys ［J］. Digital Investigation, 2009, 6(Supp.): 132-140.

[1]	Ping ZHANG, Yiqiao JIA, Jiechang WANG, Nianfeng SHI. Three-factor anonymous authentication and key agreement protocol [J]. Journal of Computer Applications, 2021, 41(11): 3281-3287.
[2]	Xiaoqiong PANG, Ting YANG, Wenjun CHEN, Yunting WANG, Tianye LIU. Digital rights management scheme based on secret sharing in blockchain environment [J]. Journal of Computer Applications, 2021, 41(11): 3257-3265.
[3]	Guangfu WU, Ziheng DAI. Cascaded quasi-cyclic moderate-density parity-check code based public key scheme for resisting reaction attack [J]. Journal of Computer Applications, 2021, 41(11): 3274-3280.
[4]	Li LI, Hongfei YANG, Xiuze DONG. Hierarchical file access control scheme with identity-based multi-conditional proxy re-encryption [J]. Journal of Computer Applications, 2021, 41(11): 3251-3256.
[5]	Lifeng GUO, Qianli WANG. Adaptive secure outsourced attribute-based encryption scheme with keyword search [J]. Journal of Computer Applications, 2021, 41(11): 3266-3273.
[6]	Xiaoling SUN, Guang YANG, Yanping SHEN, Qiuge YANG, Tao CHEN. Searchable encryption scheme based on splittable inverted index [J]. Journal of Computer Applications, 2021, 41(11): 3288-3294.
[7]	. Key Rcovery Attack of Blow-CAST-Fish Based on Differential Tables [J]. Journal of Computer Applications, 0, (): 0-0.
[8]	. Deep robust watermarking algorithm based on multiscale knowledge learning [J]. Journal of Computer Applications, 0, (): 0-0.
[9]	SHEN Ziyi, WANG Weiya, JIANG Donghua, RONG Xianwei. Visual image encryption algorithm based on Hopfield chaotic neural network and compressive sensing [J]. Journal of Computer Applications, 2021, 41(10): 2893-2899.
[10]	WU Guangfu, WANG Yingjun. Secure storage and sharing scheme of internet of vehicles data based on hybrid architecture of blockchain and cloud-edge computing [J]. Journal of Computer Applications, 2021, 41(10): 2885-2892.
[11]	. Efficient robust zero watermarking algorithm for 3D medical images based on ray-casting sampling and quaternion orthogonal moments [J]. Journal of Computer Applications, 0, (): 0-0.
[12]	XU Liyun, YAN Tao, QIAN Yuhua. Audio encryption algorithm in fractional domain based on cascaded chaotic system [J]. Journal of Computer Applications, 2021, 41(9): 2623-2630.
[13]	CHEN Hengheng, NI Zhiwei, ZHU Xuhui, JIN Yuanyuan, CHEN Qian. Differential privacy high-dimensional data publishing method via clustering analysis [J]. Journal of Computer Applications, 2021, 41(9): 2578-2585.
[14]	ZHANG Yongbin, CHANG Wenxin, SUN Lianshan, ZHANG Hang. Detection method of domains generated by dictionary-based domain generation algorithm [J]. Journal of Computer Applications, 2021, 41(9): 2609-2614.
[15]	GE Jihong, SHEN Tao. Energy data access control method based on blockchain [J]. Journal of Computer Applications, 2021, 41(9): 2615-2622.

Technique of cryptographic function filtration based on dynamic loop information entropy

基于动态循环信息熵的密码函数筛选技术

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics