基于动态二进制插桩的密钥安全性检测

doi:10.11959/j.issn.2096-109x.2017.00213

摘要/Abstract

摘要：

针对加密软件中的密钥安全性问题，提出一种基于动态二进制插桩的密钥安全性检测方法。该方法面向CryptoAPI加密应用程序，首先通过对CryptoAPI密钥应用模式的分析，指出潜在的密钥安全性漏洞；然后以动态二进制分析平台Pin为支撑，动态记录程序运行期间的加解密过程信息；在此基础上设计关联性漏洞检测算法，实现对密钥安全性的检测。测试结果表明，该方法能够有效检测出两大类密钥安全性漏洞。

关键词: 密钥安全性检测, 动态二进制插桩, Pin平台, CryptoAPI加密应用程序

Abstract:

For the key security problem in the cryptographic software,the method of key security detection based on dynamic binary instrumentation was proposed.Aimed at CryptoAPI cryptographic software,the method firstly pointed out the potential key security vulnerabilities by analyzing the key applying patterns of CryptoAPI.Then it recorded cryptographic data information during the execution of the program dynamically using Pin platform.On this basis,a relevance vulnerability detection algorithm was designed to detect the key security.Test result indicated that it can effectively detect the two kinds of key security vulnerabilities.

Key words: key security detection, dynamic binary instrumentation, Pin platform, CryptoAPI cryptographic software

中图分类号:

TP309

林昊,康绯,光焱. 基于动态二进制插桩的密钥安全性检测[J]. 网络与信息安全学报, 2017, 3(11): 50-58.

Hao LIN,Fei KANG,Yan GUANG. Key security detection based on dynamic binary instrumentation[J]. Chinese Journal of Network and Information Security, 2017, 3(11): 50-58.

图/表 9

图1

图2

图3

图4

图5

表1

图6

图7

表2

参考文献 19

[1]	段钢 . 加密与解密(第三版)[M]. 北京：电子工业出版社. 2008.
	DUAN G . Encryption and decryption(Third Edition)[M]. Beijing: Electronic Industry Press. 2008.
[2]	李舟军，张俊贤，廖湘科，等. 软件安全漏洞检测技术[J]. 计算机学报， 2015,38(4): 717-732.
	LI Z J , ZHANG J X , LIAO X K , et al. Software security vulnerability detection technology[J]. Chinese Journal of Computers. 2015,38(4): 717-732.
[3]	EGELE M , BRUMLEY D , FRATANTONIO Y , et al. An empirical study of cryptographic misuse in android applications[C]// ACM Sigsac Conference on Computer ＆ Communications Security. 2013:73-84.
[4]	SHAO S , DONG G , GUO T , et al. Modelling analysis and au-to-detection of cryptographic misuse in android applications[C]// IEEE International Conference on Dependable,Autonomic and Secure Computing. 2014:75-80.
[5]	LI Y , ZHANG Y , LI J , et al. iCryptoTracer:Dynamic Analysis on Misuse of Cryptography Functions in iOS Applications[C]// Interna-tional Conference on Network and System Security. 2014:349-362.
[6]	MA S , LO D , LI T , et al. CDRep:automatic repair of cryptographic misuses in android applications[C]// ACM on Asia Conference on Computer and Communications Security. 2016:711-722.
[7]	CHATZIKONSTANTINOU A , NTANTOGIAN C , KAROPOU-LOS G , et al. Evaluation of cryptography usage in android applica-tions[C]// Eai International Conference on Bio-Inspired Information and Communications Technologies. 2016:83-90.
[8]	ALMEIDA J B , BARBOSA M , FILLI?TRE J C , et al. CAOVerif:an open-source deductive verification platform for cryptographic software implementations[J]. Science of Computer Programmin, 2014,91(91): 216-333.
[9]	FAHL S , HARBACH M , MUDERS T , et al. Why eve and mallory love Android:an analysis of android SSL (in)security[C]// ACM Confe-rence on Computer and Communications Security. 2012:50-61.
[10]	RIZZO J , DUONG T . Practical padding oracle attacks[C]// Usenix Conference on Offensive Technologies. 2010:1-8.
[11]	BARENGHI A , BREVEGLIERI L , KOREN I , et al. Fault injection attacks on cryptographic devices:theory,practice,and countermeasures[C]// Proceedings of the IEEE. 2012:3056-3076.
[12]	Automated testing of crypto software using differential fuzz-ing[EB/OL]. .
[13]	LAZAR D , CHEN H , WANG X , et al. Why does cryptographic software fail?case study and open problems[C]// Asia-Pacific Workshop. 2014:1-7.
[14]	安天针对勒索蠕虫“魔窟”(WannaCry)的深度分析报告[EB/OL]. .
[15]	NEWSOME J , SONG D . Dynamic taint analysis for automatic detection,analysis,and signature generation of exploits on com-modity software[C]// Conference on NDSS. 2015.
[16]	NETHERCOTE N . Dynamic binary analysis and instrumentation or building tools is easy[D]. Trinity Lane,Cambridge:University of Cambridge. 2004.
[17]	LUK C K , COHN R , MUTH R , et al. Pin:building customized program analysis tools with dynamic instrumentation[J]. ACM Sig-plan Notices, 2005,40(6): 190-200.
[18]	BRUENING D L . Efficient,transparent,and comprehensive run-time code manipulation[C]// Massachusetts Institute of Technolo-gy. 2004.
[19]	NETHERCOTE N , SEWARD J . Valgrind:a framework for heavyweight dynamic binary instrumentation[C]// ACM Sigplan Conference on Pro-gramming Language Design ＆ Implementation. 2007:89-100.

漏洞类型	加解密过程信息
漏洞类型	调用点	函数名称	参数信息
Key-Weak	sqlite3.dll 0x102B1	CryptHashData	RTX!
Predicable	sqlite3.dll 0x102D2	CryptDeriveKey	Null

工具	技术手段	目标漏洞类型
本文方法	动态二进制分析	密钥安全性漏洞
CryptoLint	静态程序切片	6条漏洞经验规则
CMA	静态与动态混合分析	简单密码学误用
iCryptoTracer	静态扫描与动态跟踪	敏感数据泄露
POET	Fuzzing	Padding Oracle Attacks
FIAT	Fault Injection	Side Channel Attacks
CDF	Differential Fuzzing	逻辑漏洞