Environmental Authentication in Malware

Malware needs to execute on a target machine while simultaneously keeping its payload confidential from a malware analyst. Standard encryption can be used to ensure the confidentiality, but it does not address the problem of hiding the key. Any analyst can find the decryption key if it is stored in the malware or derived in plain view.

[1]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[2]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[3]  G. Crooks On Measures of Entropy and Information , 2015 .

[4]  Benjamin Livshits,et al.  Rozzle: De-cloaking Internet Malware , 2012, 2012 IEEE Symposium on Security and Privacy.

[5]  Peter Ferrie Attacks on More Virtual Machine Emulators , 2007 .

[6]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[7]  Lorenzo Martignoni,et al.  Testing CPU emulators , 2009, ISSTA.

[8]  Benjamin Kaiser,et al.  A Formal Framework for Environmentally Sensitive Malware , 2016, RAID.

[9]  Xu Chen,et al.  Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[10]  Karen A. Scarfone,et al.  Computer Security Incident Handling Guide , 2004 .

[11]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[12]  Wenke Lee,et al.  Impeding Automated Malware Analysis with Environment-sensitive Malware , 2012, HotSec.

[13]  Min Gyung Kang,et al.  Emulating emulation-resistant malware , 2009, VMSec '09.

[14]  Bruce Schneier,et al.  Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.

[15]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[16]  Martina Lindorfer,et al.  Detecting Environment-Sensitive Malware , 2011, RAID.

[17]  Yevgeniy Dodis,et al.  Fuzzy Extractors A Brief Survey of Results from 2004 to 2006 , 2008 .

[18]  Robert K. Cunningham,et al.  Iris Biometric Security Challenges and Possible Solutions: For your eyes only?Using the iris as a key , 2015, IEEE Signal Processing Magazine.

[19]  Guofei Gu,et al.  GoldenEye: Efficiently and Effectively Unveiling Malware's Targeted Environment , 2014, RAID.

[20]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[21]  Christopher Krügel,et al.  Efficient Detection of Split Personalities in Malware , 2010, NDSS.

[22]  Leonid Reyzin,et al.  When Are Fuzzy Extractors Possible? , 2016, IEEE Transactions on Information Theory.

[23]  Andrew Honig,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[24]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[25]  Heng Yin,et al.  Transparent and precise malware analysis using virtualization: from theory to practice , 2013 .

[26]  Ariel Waissbein,et al.  Foundations and applications for secure triggers , 2006, TSEC.

[27]  Bart Preneel,et al.  White-Box Cryptography: Formal Notions and (Im)possibility Results , 2008, IACR Cryptol. ePrint Arch..

[28]  Lorenzo Martignoni,et al.  A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators , 2009, WOOT.

[29]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[30]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.