research-article

K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces

Authors:

Juan Caballero,

Yuanyuan Zhang,

Dawu GuAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 412 - 425

https://doi.org/10.1145/3243734.3243783

Published: 15 October 2018 Publication History

Abstract

The only secrets in modern cryptography (crypto for short) are the crypto keys. Understanding how crypto keys are used in a program and discovering insecure keys is paramount for crypto security. This paper presents K-Hunt, a system for identifying insecure keys in binary executables. K-Hunt leverages the properties of crypto operations for identifying the memory buffers where crypto keys are stored. And, it tracks their origin and propagation to identify insecure keys such as deterministically generated keys, insecurely negotiated keys, and recoverable keys. K-Hunt does not use signatures to identify crypto operations, and thus can be used to identify insecure keys in unknown crypto algorithms and proprietary crypto implementations. We have implemented K-Hunt and evaluated it with 10 cryptographic libraries and 15 applications that contain crypto operations. Our evaluation results demonstrate that K-Hunt locates the keys in symmetric ciphers, asymmetric ciphers, stream ciphers, and digital signatures, regardless if those algorithms are standard or proprietary. More importantly, K-Hunt discovers insecure keys in 22 out of 25 evaluated programs including well-developed crypto libraries such as Libsodium, Nettle, TomCrypt, and WolfSSL.

Supplementary Material

MP4 File (p412-li.mp4)

Download
420.13 MB

References

[1]

Dennis Andriesse, Xi Chen, Victor van~der Veen, Asia Slowinska, and Herbert Bos. 2016. An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Proc. 25th Usenix Security Symposium.

Digital Library

[2]

Axelle Apvrille and Makan Pourzandi. 2005. Secure Software Development by Example. IEEE Security & Privacy bibinfovolume3, 4 (2005), 10--17.

Digital Library

[3]

Jean-Philippe Aumasson. 2013. Should Curve25519 keys be validated? https://research.kudelskisecurity.com/2017/04/25/should-ecdh-keys-be-validated/.

[4]

Elaine Barker and Allen Roginsky. 2012. Recommendation for Cryptographic Key Generation. NIST Special Publication bibinfovolume800, 133 (2012).

[5]

Juan Caballero, Pongsin Poosankam, Christian Kreibich, and Dawn Song. 2009. Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering. In Proc. 16th ACM Conference on Computer and Communications Security (CCS).

Digital Library

[6]

Joan Calvet, José~M Fernandez, and Jean-Yves Marion. 2012. Aligot: Cryptographic Function Identification in Obfuscated Binary Programs Proc. ACM Conference on Computer and Communications Security (CCS).

Digital Library

[7]

Yue Chen, Mustakimur Khandaker, and Zhi Wang. 2017. Secure In-cache Execution. In Proc. 20th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID).

[8]

Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti, and Sophia Antipolis. 2014. A Large Scale Analysis of the Security of Embedded Firmwares Proc. USENIX Security Symposium.

Digital Library

[9]

Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault, Damien Vergniaud, and Daniel Wichs. 2013. Security Analysis of Pseudo-random Number Generators with Input:/dev/random is not Robust. In Proc. ACM Conference on Computer and Communications Security (CCS).

Digital Library

[10]

Thai Duong and Juliano Rizzo. 2011. Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET Proc. IEEE Symposium on Security and Privacy (S&P).

Digital Library

[11]

Zakir Durumeric, James Kasten, David Adrian, J~Alex Halderman, Michael Bailey, Frank Li, Nicolas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, et al. 2014. The matter of heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference. ACM, 475--488.

Digital Library

[12]

Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An Empirical Study of Cryptographic Misuse in Android Applications Proc. ACM Conference on Computer and Communications Security (CCS).

Digital Library

[13]

Adam Everspaugh, Yan Zhai, Robert Jellinek, Thomas Ristenpart, and Michael Swift. 2014. Not-so-random numbers in virtualized Linux and the Whirlwind RNG Security and Privacy (SP), 2014 IEEE Symposium on. IEEE, 559--574.

Digital Library

[14]

fail0verflow. 2010. PS3 Epic Fail. https://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_console_hacking_2010.pdf.

[15]

Felix Gröbert, Carsten Willems, and Thorsten Holz. 2011. Automated Identification of Cryptographic Primitives in Binary Programs Proc. International Symposium on Recent Advances in Intrusion Detection (RAID).

Digital Library

[16]

Le Guan, Jingqiang Lin, Bo Luo, and Jiwu Jing. 2014. Copker: Computing with Private Keys without RAM. In Proc. 21st Annual Network and Distributed System Security Symposium (NDSS).

[17]

Adrien Guinet. 2017. Wannacry in-memory key recovery for WinXP. https://github.com/aguinet/wannakey.

[18]

J~Alex Halderman, Seth~D Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph~A Calandrino, Ariel~J Feldman, Jacob Appelbaum, and Edward~W Felten. 2009. Lest We Remember: Cold Boot Attacks on Encryption Keys. Commun. ACM bibinfovolume52, 5 (2009), 91--98.

Digital Library

[19]

Christopher Hargreaves and Howard Chivers. 2008. Recovery of Encryption Keys from Memory Using a Linear Scan Proc. International Conference on Availability, Reliability and Security (ARES).

Digital Library

[20]

Keith Harrison and Shouhuai Xu. 2007. Protecting Cryptographic Keys from Memory Disclosure Attacks Proc. 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

Digital Library

[21]

Nadia Heninger and Hovav Shacham. 2009. Reconstructing RSA Private Keys from Random Key Bits Halevi S. (eds) Advances in Cryptology - CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg.

Digital Library

[22]

David Lazar, Haogang Chen, Xi Wang, and Nickolai Zeldovich. 2014. Why does cryptographic software fail?: a case study and open problems Proc. Asia-Pacific Workshop on Systems (APSys).

Digital Library

[23]

Pierre Lestringant. 2017. Identification of Cryptographic Algorithms in Binary Programs. Ph.D. Dissertation. Université Rennes.

[24]

Pierre Lestringant, Frédéric Guihéry, and Pierre-Alain Fouque. 2015. Automated Identification of Cryptographic Primitives in Binary Code with Data Flow Graph Isomorphism. In Proc. ACM Symposium on Information, Computer and Communications Security (AsiaCCS).

Digital Library

[25]

Pierre Lestringant, Frédéric Guihéry, and Pierre-Alain Fouque. 2016. Assisted Identification of Mode of Operation in Binary Code with Dynamic Data Flow Slicing. In Proc. International Conference on Applied Cryptography and Network Security (ACNS).

[26]

Xin Li, Xinyuan Wang, and Wentao Chang. 2012. CipherXRay: Exposing Cryptographic Operations and Transient Secrets from Monitored Binary Execution. IEEE Transactions on Dependable and Secure Computing bibinfovolume11, 2 (2012), 101--114.

Digital Library

[27]

Yong Li, Yuanyuan Zhang, Juanru Li, and Dawu Gu. 2014. iCryptoTracer: Dynamic Analysis on Misuse of Cryptography Functions in iOS Applications. In Proc. International Conference on Network and System Security (NSS).

[28]

C.K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, and K. Hazelwood. 2005. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[29]

Carsten Maartmann-Moe, Steffen~E Thorkildsen, and André Årnes. 2009. The persistence of memory: Forensic identification and extraction of cryptographic keys. Digital Investigation bibinfovolume6 (2009), 132--140.

Digital Library

[30]

Felix Matenaar, Andre Wichmann, Felix Leder, and Elmar Gerhards-Padilla. 2012. CIS: The Crypto Intelligence System for Automatic Detection and Localization of Cryptographic Functions in Current Malware. In Proc. International Conference on Malicious and Unwanted Software (Malware).

Digital Library

[31]

James Newsome and Dawn Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proc. 12th Annual Network and Distributed System Security Symposium (NDSS).

[32]

Sazzadur Rahaman and Danfeng Yao. 2017. Program Analysis of Cryptographic Implementations for Security Proc. IEEE Secure Development Conference (SecDev).

[33]

Bruce Schneier. 1999. Cryptography: The Importance of Not Being Different. Computer bibinfovolume32, 3 (1999), 108--109.

Digital Library

[34]

Bruce Schneier. 2006. Schneier on Security: The Doghouse: KRYPTO 2.0. https://www.schneier.com/blog/archives/2006/06/the_doghouse_kr.html.

[35]

Edward~J Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) Proc. 31st IEEE Symposium on Security and Privacy (S&P).

Digital Library

[36]

Adi Shamir and Nicko Van~Someren. 1999. Playing “hide and seek” with stored keys. In Proc. International conference on Financial Cryptography (FC).

Digital Library

[37]

Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2013. Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services Proc. USENIX Security Symposium.

Digital Library

[38]

Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, and Mike Grace. 2009. ReFormat: Automatic reverse engineering of encrypted messages. In Proc. 14th European Symposium on Research in Computer Security.

Digital Library

[39]

Hongjun Wu. 2005. The Misuse of RC4 in Microsoft Word and Excel. IACR Cryptology ePrint Archive (2005).

[40]

Dongpeng Xu, Jiang Ming, and Dinghao Wu. 2017. Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 921--937.

[41]

Zhaomo Yang, Brian Johannesmeyer, Anders~Trier Olesen, Sorin Lerner, and Kirill Levchenko. 2017. Dead Store Elimination (Still) Considered Harmful Proc. 26th Usenix Security Symposium.

Digital Library

[42]

Ruoxu Zhao, Dawu Gu, and Juanru Li. 2011. Detection and Analysis of Cryptographic Data Inside Software Proc. Information Security Conference (ISC).

Digital Library

Cited By

Liu KYang MLing ZZhang YLei CLuo LFu X(2024)Samba: Detecting SSL/TLS API Misuses in IoT Binary ApplicationsIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621138(2029-2038)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621138
Xu JLu KDu ZDing ZLi LWu QPayer MMao BCalandrino JTroncoso C(2023)Silent bugs matterProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620442(3655-3672)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620442
Torres ACosta PAmaral LPastro JBonifácio Rd'Amorim MLegunsen OBodden EDias Canedo E(2023)Runtime Verification of Crypto APIs: An Empirical StudyIEEE Transactions on Software Engineering10.1109/TSE.2023.330166049:10(4510-4525)Online publication date: 1-Oct-2023
https://doi.org/10.1109/TSE.2023.3301660
Show More Cited By

Index Terms

K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Software and application security
    1. Software reverse engineering

Recommendations

A Cryptographic Scavenger Hunt

In this article, the authors present a mathematical scavenger hunt designed to motivate and excite students learning RSA cryptography in an introductory number theory course. The hunt relies on the RSA cryptosystem, in which Maple is used to encipher ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

The Key Program of National Natural Science Foundation of China
The ElasTest project of the European Union
The National Key Research and Development Program of China
The N-GREENS Software-CM project of Madrid
The DEDETIS grant of Spain

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
865
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)5

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu KYang MLing ZZhang YLei CLuo LFu X(2024)Samba: Detecting SSL/TLS API Misuses in IoT Binary ApplicationsIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621138(2029-2038)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621138
Xu JLu KDu ZDing ZLi LWu QPayer MMao BCalandrino JTroncoso C(2023)Silent bugs matterProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620442(3655-3672)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620442
Torres ACosta PAmaral LPastro JBonifácio Rd'Amorim MLegunsen OBodden EDias Canedo E(2023)Runtime Verification of Crypto APIs: An Empirical StudyIEEE Transactions on Software Engineering10.1109/TSE.2023.330166049:10(4510-4525)Online publication date: 1-Oct-2023
https://doi.org/10.1109/TSE.2023.3301660
Qingyang WQuanrui HYuqiao NChenya BZhen GShiwen S(2023)A Survey of Binary Code Security Analysis2023 6th International Conference on Data Science and Information Technology (DSIT)10.1109/DSIT60026.2023.00015(42-49)Online publication date: 28-Jul-2023
https://doi.org/10.1109/DSIT60026.2023.00015
Nezhadian FBranca EStakhanova N(2023)Certificate Reuse in Android ApplicationsInformation Security10.1007/978-3-031-49187-0_12(226-245)Online publication date: 1-Dec-2023
https://doi.org/10.1007/978-3-031-49187-0_12
Liu ZChen CEjaz ALiu DZhang J(2023)Automated Binary Analysis: A SurveyAlgorithms and Architectures for Parallel Processing10.1007/978-3-031-22677-9_21(392-411)Online publication date: 11-Jan-2023
https://doi.org/10.1007/978-3-031-22677-9_21
Li WJia SLiu LZheng FMa YLin J(2022)CryptoGo: Automatic Detection of Go Cryptographic API MisusesProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567989(318-331)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567989
Filho ARodríguez RFeitosa E(2022)Evasion and Countermeasures Techniques to Detect Dynamic Binary Instrumentation FrameworksDigital Threats: Research and Practice10.1145/34804633:2(1-28)Online publication date: 8-Feb-2022
https://dl.acm.org/doi/10.1145/3480463
Sentanoe SFellicious CReiser HGranitzer M(2022)“The Need for Speed”: Extracting Session Keys From the Main Memory Using Brute-force and Machine Learning2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00140(1028-1035)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00140
Jin XXiao XJia SGao WGu DZhang HMa SQian ZLi J(2022)Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833650(650-665)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833650
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents