期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

加密通信协议的一种逆向分析方法 被引量:6

Method of encrypted protocol reverse engineering
下载PDF
导出
摘要 研究未知通信协议逆向解析技术在网络安全中具有重要意义,现有方法局限于分析明文的通信协议。基于此,提出一种基于动态污点分析的加密通信协议逆向分析方法,以动态二进制插桩平台Pin为支撑,跟踪记录程序的指令轨迹,采用数据流分析构建指令级和函数级的污点传播流图,再根据解密过程的特征定位数据包解密后的明文,最后解析协议明文的格式。实验表明,该方法能够准确定位加密协议数据解密后的明文,还原加密协议原有的格式。 Research on unknown network protocol reverse engineering is of great significance in many network security appli- cations. However, current methods are all limited in analyzing plain-text protocols. This paper proposed a method of encrypted protocol reverse engineering based on dynamic taint analysis. The method used Pin to record executed instructions, and then conducted off-line analysis of the data dependencies to build two taint propagation graphs at instruction and function level. Then according to the feature of the decrypting process the decrypted plaintext could be poisoned, and further the format of protocol could be parsed. Experiments show that the method can accurately locate the decrypted protocol data, and restore the original format.
作者 石小龙 祝跃飞 刘龙 林伟
机构地区 数学工程与先进计算国家重点实验室
出处 《计算机应用研究》 CSCD 北大核心 2015年第1期214-217,221,共5页 Application Research of Computers
基金 国家自然科学基金资助项目(61309007) 郑州市科技创新团队资助项目(10CXTD150)
关键词 协议逆向 动态污点分析 加密协议解析 protocol reverse engineering dynamic taint analysis encrypted protocol parsing
分类号 TN915.08 [电子电信—通信与信息系统]
  • 相关文献

参考文献8

  • 1CUI Wei-dong, KANNAN J, WANG H J. Discoverer: automatic pro- tocol reverse engineering from network traces [ C ]//Proc of the 16th USENIX Security Symposium. 2007 : 199-212.
  • 2CABALLERO J, YIN Heng, LIANG Zhen-kai, et al. Polyglot: auto- matic extraction of protocol message format using dynamic binary anal-ysis[ C]//Proc of the 14th ACM Conference on Computer and Com- munications Security. 2007 : 317-329.
  • 3LIN Zhi-qiang, JIANG Xu-xian, XU Dong-yan, et al. Automatic pro- tocol format reverse engineering through context-aware monitored exe- cution[ C ]//Proc of the 15th Symposium on Network and Distributed System Security. 2008 : 1-15.
  • 4WANG Zhi, JIANG Xuan-xian, CUI Wei-dong, et al. ReFormat: automatic reverse engineering of encrypted messages [ M ]. Berlin: Springer, 2009: 200-215.
  • 5CABALLERO J, SONG D. Automatic protocol reverse-engineering: message format extraction and field semantics inference [ J ]. Com- puter Networks, 2012, 57(2) : 451-474.
  • 6LUK C K, COHN R, MUTH R, et al. Pin: building customized pro- gram analysis tools with dynamic instrumentation [ J ]. ACM SIGP- LAN Notices, 2005, 40(6) : 190-200.
  • 7SONG D, BRUMLEY D, YIN H, et al. BitBlaze: a new approach to computer security via binary analysis[ M ]//Information Systems Secu- rity. Berlin: Springer, 2008: 1-25.
  • 8李洋,康绯,舒辉.基于动态二进制分析的密码算法识别[J].计算机工程,2012,38(17):106-109. 被引量:6

二级参考文献9

  • 1GrObert F. Automatic Identification of Cryptographic Primitives in Software[D]. Bochum, Germany: Ruhr-University Bochum, 2010.
  • 2Zhao Ruoxu, Gu Dawu, Li Juanru, et al. Detection and Analysis of Cryptographic Data Inside Software[C]//Proc. of ISC'll. Xi'an, China: Is. n.], 2011.
  • 3Caballero J, Heng Yin, Liang Zhenkai, et al. Polyglot: Automatic Extraction of Protocol Message Format Using Dynamic Binary Analysis[C]//Proc. of CCS'07. New York, USA: ACM Press,.2007.
  • 4Lutz N. Towards Revealing Attackers' Intent by Automatically Decrypting Network Traffic[D]. Ztirich, Switzerland: ETH Zttrich, 2008.
  • 5Bruening D L. Efficient, Transparent, and Comprehensive Runtime Code Manipulation[D]. Cambridge, USA: Massachusetts Institute of Technology, 2004.
  • 6Harvey I. Cipher Hunting: How to Find Cryptographic Algorithms In Large Binaries[M]. Cambridge, UK: nCipher Corporation Ltd., 2001.
  • 7Newsome J, Song D. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software[C]//Proc. of NDSS'05. San Diego, USA: [s. n.], 2005.
  • 8Wang Zhi, Jiang Xuxian, Cui Weidong, et al. ReFormat: Automatic Reverse Engineering of Encrypted Messages[D]. Raleigh, USA: NC State University, 2008.
  • 9李继中,蒋烈辉,尹青,刘铁铭,郭佳.基于Bayes决策的密码算法识别技术[J].计算机工程,2008,34(20):159-160. 被引量:9

共引文献5

同被引文献62

引证文献6

二级引证文献25

计算机应用研究
2015年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部