K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces

The only secrets in modern cryptography (crypto for short) are the crypto keys. Understanding how crypto keys are used in a program and discovering insecure keys is paramount for crypto security. This paper presents K-Hunt, a system for identifying insecure keys in binary executables. K-Hunt leverages the properties of crypto operations for identifying the memory buffers where crypto keys are stored. And, it tracks their origin and propagation to identify insecure keys such as deterministically generated keys, insecurely negotiated keys, and recoverable keys. K-Hunt does not use signatures to identify crypto operations, and thus can be used to identify insecure keys in unknown crypto algorithms and proprietary crypto implementations. We have implemented K-Hunt and evaluated it with 10 cryptographic libraries and 15 applications that contain crypto operations. Our evaluation results demonstrate that K-Hunt locates the keys in symmetric ciphers, asymmetric ciphers, stream ciphers, and digital signatures, regardless if those algorithms are standard or proprietary. More importantly, K-Hunt discovers insecure keys in 22 out of 25 evaluated programs including well-developed crypto libraries such as Libsodium, Nettle, TomCrypt, and WolfSSL.

[1]  Juanru Li,et al.  iCryptoTracer: Dynamic Analysis on Misuse of Cryptography Functions in iOS Applications , 2014, NSS.

[2]  Xi Wang,et al.  Why does cryptographic software fail?: a case study and open problems , 2014, APSys.

[3]  Michael M. Swift,et al.  Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG , 2014, 2014 IEEE Symposium on Security and Privacy.

[4]  Thai Duong,et al.  Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Jean-Yves Marion,et al.  Aligot: cryptographic function identification in obfuscated binary programs , 2012, CCS.

[6]  Elaine B. Barker,et al.  Recommendation for cryptographic key generation , 2012 .

[7]  Pierre Lestringant,et al.  Identification of cryptographic algorithms in binary programs , 2017 .

[8]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[9]  Dawn Xiaodong Song,et al.  Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering , 2009, CCS.

[10]  Jingqiang Lin,et al.  Copker: Computing with Private Keys without RAM , 2014, NDSS.

[11]  Pierre-Alain Fouque,et al.  Assisted Identification of Mode of Operation in Binary Code with Dynamic Data Flow Slicing , 2016, ACNS.

[12]  Zhi Wang,et al.  ReFormat: Automatic Reverse Engineering of Encrypted Messages , 2009, ESORICS.

[13]  Carsten Willems,et al.  Automated Identification of Cryptographic Primitives in Binary Programs , 2011, RAID.

[14]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[15]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[16]  Pierre-Alain Fouque,et al.  Automated Identification of Cryptographic Primitives in Binary Code with Data Flow Graph Isomorphism , 2015, AsiaCCS.

[17]  Bruce Schneier,et al.  Cryptography: The Importance of Not Being Different , 1999, Computer.

[18]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[19]  Christopher James Hargreaves,et al.  Recovery of Encryption Keys from Memory Using a Linear Scan , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[20]  Sorin Lerner,et al.  Dead Store Elimination (Still) Considered Harmful , 2017, USENIX Security Symposium.

[21]  Elmar Gerhards-Padilla,et al.  CIS: The Crypto Intelligence System for automatic detection and localization of cryptographic functions in current malware , 2012, 2012 7th International Conference on Malicious and Unwanted Software.

[22]  Juanru Li,et al.  Detection and Analysis of Cryptographic Data Inside Software , 2011, ISC.

[23]  Carsten Maartmann-Moe,et al.  The persistence of memory: Forensic identification and extraction of cryptographic keys , 2009, Digit. Investig..

[24]  Danfeng Yao,et al.  Program Analysis of Cryptographic Implementations for Security , 2017, 2017 IEEE Cybersecurity Development (SecDev).

[25]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[26]  Christopher Krügel,et al.  Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services , 2013, USENIX Security Symposium.

[27]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[28]  David Pointcheval,et al.  Security analysis of pseudo-random number generators with input: /dev/random is not robust , 2013, CCS.

[29]  Hongjun Wu The Misuse of RC4 in Microsoft Word and Excel , 2005, IACR Cryptol. ePrint Arch..

[30]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[31]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[32]  Hovav Shacham,et al.  Available from the IACR Cryptology ePrint Archive as Report 2008/510. Reconstructing RSA Private Keys from Random Key Bits , 2022 .

[33]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[34]  Xin Li,et al.  CipherXRay: Exposing Cryptographic Operations and Transient Secrets from Monitored Binary Execution , 2014, IEEE Transactions on Dependable and Secure Computing.

[35]  Xi Chen,et al.  An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries , 2016, USENIX Security Symposium.

[36]  Yue Chen,et al.  Secure In-Cache Execution , 2017, RAID.

[37]  Jiang Ming,et al.  Cryptographic Function Detection in Obfuscated Binaries via Bit-Precise Symbolic Loop Mapping , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[38]  Shouhuai Xu,et al.  Protecting Cryptographic Keys from Memory Disclosure Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).