Automatic Detection and Decryption of AES Using Dynamic Analysis

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F22%3A00359188" target="_blank" >RIV/68407700:21240/22:00359188 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1007/s42979-022-01222-w" target="_blank" >https://doi.org/10.1007/s42979-022-01222-w</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/s42979-022-01222-w" target="_blank" >10.1007/s42979-022-01222-w</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Automatic Detection and Decryption of AES Using Dynamic Analysis

Popis výsledku v původním jazyce

In this paper we propose a set of algorithms that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext, assuming that we can control the code flow of the encrypting program, e.g., when an application is performing encryption without the user’s permission. The first algorithm makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naïve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications. We also discuss the options of recovering the same data when hardware-assisted AES implementations on Intel-compatible architectures are used.

Název v anglickém jazyce

Automatic Detection and Decryption of AES Using Dynamic Analysis

Popis výsledku anglicky

In this paper we propose a set of algorithms that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext, assuming that we can control the code flow of the encrypting program, e.g., when an application is performing encryption without the user’s permission. The first algorithm makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naïve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications. We also discuss the options of recovering the same data when hardware-assisted AES implementations on Intel-compatible architectures are used.

Druh

J_ost - Ostatní články v recenzovaných periodicích

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Výzkumné centrum informatiky</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

SN Computer Science

ISSN

2662-995X

e-ISSN

—

Svazek periodika

2022

Číslo periodika v rámci svazku

338

Stát vydavatele periodika

SG - Singapurská republika

Počet stran výsledku

13

Strana od-do

—

Kód UT WoS článku

—

EID výsledku v databázi Scopus

2-s2.0-85132415486