| Cryptographic algorithms are an important part of modern software systems.They effectively protect the security of network communication in the system through various methods such as encryption,signature,and hashing,and play a pivotal role in the security of the entire system.Analyzing the security and standardization of cryptographic algorithms in software is an important aspect for security analyst to conduct security analysis.However,in many cases,security analyst cannot obtain the source code of the software,and can only analyze the binary files through reverse analysis.How to effectively locate and analyze the cryptographic algorithms in the binary files has always been a widely concerned issue.Among the current cryptographic algorithms identification methods,the identification method characterized by cryptographic constants is the most widely used method.However.the current constant identification methods are based on the fact that the constants in the binary file are the same as the constants in the standard document.They directly match cryptographic constants in the binary file without considering the coding habits of developers and the optimization of compilers,and thus,still have some limitations.On the other hand,most of the existing research works on cryptography misuse in IoT firmware focuses on the analysis of the API of the standard cryptographic library,and cannot analyze the anonymous cryptographic functions implemented by developers themselves,so the analysis results are not quite comprehensive.Based on the above situation,this paper systematically studies the constants in common cryptographic algorithms,analyzes their existence forms in binary files,and divides the forms of cryptographic constants in binary files into standard constants,compiler-split constants and uninitialized constants.Then,aiming at the three existing forms of constants,this paper proposes a new constant-based cryptographic algorithm identification method,which uses different strategies to recover different types of constants in binary files.Finally,this paper implements a prototype CryptoIdentifier of the method,and proves the effectiveness of the method through experiment.Based on the cryptographic algorithm identification method,this paper proposes a new method for analyzing the misuse of cryptographic algorithms in IoT firmware.This method can realize automatic misuse rule generation by identifying the cryptographic algorithm in the binary file,thereby getting rid of the dependence on the API of standard cryptographic library,and can effectively conduct cryptographic misuse analysis on all cryptographic functions including the anonymous cryptographic function in the IoT firmware,which effectively improves the coverage of the analysis.This paper evaluates the above method on actual IoT firmware and finds a large number of high-risk cryptographic misuse points such as constant keys that cannot be found in existing works. |
PDF Full Text Request