Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Part I PS 3 discussion of SPINS paper CS 588 February 22, 2005

Published byAnthony Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Part I PS 3 discussion of SPINS paper CS 588 February 22, 2005"— Presentation transcript:

1 1 Part I PS 3 discussion of SPINS paper CS 588 February 22, 2005 nate@cs.virginia.edu

2 2 Scenario Thousands of small, low-powered devices with sensors and actuators, communicating wirelessly High-power base station

3 3 Message Authentication Code (MAC) Essentially a one-way hash function with a key, k Used for message integrity and authentication –If m is altered to m’ then MAC(m) ≠ MAC(m’) –Only those that know k can create correct MAC

4 4 Cryptographic Hash Chains fff x K 3 = f (x) K 2 = f (f (x))K 1 = f (f (f (x))) Initially store:K 0 = f 4 (x) K 1 = f 3 (x) verify f (K 1 ) = f(f 3 (x)) = K 0 K 2 = f 2 (x) verify f 2 (K 2 ) = f 2 (f 2 (x)) = K 0 time f is a one-way function: easy to calculate f(x), but difficult to invert f. K j = f (K j+1 )

5 5 µTesla [Perrig, et. al., 2002] Initially: sensor nodes know K 0 = f n (x) base station knows x Base station messages encrypted using K 1 = f n-1 (x) Nodes store and time stamp messages, but cannot decrypt them (yet) At time t 1, base station broadcasts K 1 Nodes verify f (K 1 ) = K 0 Nodes use K 1 to decrypt earlier messages Nodes and base station must have loosely synchronized clocks: cannot accept messages encrypted with K 1 after K 1 was revealed

6 6 Part II Viruses and Cryptography Principles and Practise of X-RAYING F. Perriot, P. Ferrie Virus Bulletin, Sept. 2004

7 7 Lessons to Learn Simple methods of encryption are prevalent Viruses provide good applications of things you have seen in this class so far Another security trade-off –Resources in sensornets –Speed in virus scanning

8 8 Introduction Cohen’s definition of a virus –A program that is able to infect other programs by modifying them to include a possibly evolved copy of itself Win32 PE file (.exe) virus

9 9 Historical Glimpse of Malware “Elk Cloner” –1982: First PC virus –Displayed poem after 50 th reset Morris Worm –1988: A network program that attacked many different vulnerabilities to compromise machine Blaster Worm –2004: Typical unpatched UVa CS machine compromised ~1 to 2 minutes

10 10 Virus Infection (PE files) Easiest way is to prepend while overwriting host application beginning –Original application will not work Can append into last section of PE file –Change entry point to beginning of the virus –Insert jmp at entry point to jump to the virus Virus writers need something more to fight detection

11 11 Armored Viruses Encryption –Thwarts disassembly –Can hide virus code ; From W95/Mad.2736 Virus ; movsrc, dest movecx, LENGTH_OF_VIRUS Decrypt: xor[edi], al; key is in al incedi loopDecrypt; decrement ecx

12 12 Detecting Encrypted Viruses Polymorphic viruses mutate decryptors Static decryptors are easier to detect –Advanced polymorphic virus decryptors can still be statically detected MtE has a constant, conditional backwards jump –Use wildcards in matching algorithm (e.g., 0x75 ?? 0xBF)

13 13 More complicated Decryption Decryptor Decryptor n

14 14 Other complicating methods of Decryption Virus can use brute force to decrypt (no key needed) Multiple layers of encryption Key can slide, shift Non-linear decryption (substitution) Debuggers can modify decryption code (e.g., when decryption code is used as key) –Emulators may optimize decryption code

15 15 X-RAY detection X-RAY –Attacking the encryption of the virus code Virus encryption is usually weak Only have a few seconds (make it fast) 7199 c4 e800 5dP C If XOR is only encryption used, how can we quickly determine key?

16 16 Why X-RAY Can be cheaper (faster) than emulation Emulator may not be able to emulate virus Decryptors can be buggy Works on ~50% of recent Win32 viruses

17 17 X-RAY Overview Known-plaintext attack –Assume we know virus body (or variant) –Just need to know if the virus is really present Sliding x-ray C7199 c4 C7199 c425 C7199 c425 …

18 18 X-RAY Approaches Key Recovery –Guess key, then match ciphertext to some part of plaintext Key validation –Recover several keys or pieces of keys –Do the keys match with respect to given encryption method? 7199 c4 e800 5dP C ^^^^ 99

19 19 X-RAY Approaches Invariant scanning –Can reduce ciphertext and then compare against reduced plaintext –Very fast –Check R c == R p 7199 c4e800 5dPC 7199 c4C >> 1 e8005dR c = C ^ (C>>1) e800 5dP >> 1 e8005dR p = P ^ (P>>1)

20 20 P C >> 1 R c = C ^ (C>>1) C P P >> 1 R p = P ^ (P>>1) Reduce Ciphertext Reduce Plaintext Label each plaintext character e800 5d p0p1p2p3 Invariant Example E8^9900^99 5d^99 p0^p1 p1^p2p2^p3 p0p1p2p3 p0p1p2p3 p0^p1p1^p2p2^p3 E8^9900^99 5d^99

21 21 How to apply X-RAYing Want to filter out files for X-RAYing –Use file geometry, positions and sizes of segments that characterize infected objects (e.g., virus decryptor, virus body, min/max size of decryptor, min infected file size, …) –Use frequency analysis Encrypted bytes will have fairly random distribution Look at ratio of zero bytes to non-zero bytes

22 22 How to apply X-RAYing Choice of signatures –Look at segments from begin, middle, and end of last section Length of signatures –Related to unicity distance –If a virus has a max key length of n bits, add n bits to plaintext signature –Want to avoid false positives Misalignment (e.g., sub on 4 bytes instead of single bytes)

23 23 W95/Perenast XOR cipher To encrypt: 1.XOR dword (32 bits) of virus with a key 2.Add encrypted value to key to produce next key 3.Rotate key i times (later variants did this) 1011 rotated 1 time to right: 1101 4.Jump to step 1 if virus not encrypted To X-RAY: –XOR first 2 dwords of ciphertext with first 2 dwords of plaintext –Compute the difference (may need to rotate second dword value if key was rotated)

24 24 W32/Efish.A Substitution Cipher Uses a 256 byte substitution table –Key size of XOR: 256 bits –Key size of 16x16 byte substitution table: 256! possible tables Use geometry of file –If a duplicate byte value occurs within 256 bytes of its duplicate, then the 256 bytes cannot be the key –Have to do this fast!

25 25 X-RAY Problems Multiple layers of encryption with a changing key are too expensive to X-RAY If each layer of encryption uses a fixed key with simple operations (e.g., XOR, ROR, etc.), then X-RAYing can be done Unaligned layers cause too much diffusion

26 26 W32/Magistr More Advanced X-RAY techniques Many operations such as XOR, ADD, shifts, etc. are often used to modify the key each round (“running keys”) Can X-RAY by trying each possible operation, but it needs more data For i = 0 to VIRUS_SIZE p[i] = c[i] ^ k1 k1 = k1 + k2 (these 2 lines can k1 = k1 rol k3 can be swapped) end for

27 27 W32/Magistr Assume order is ADD then ROL XOR 2nd encrypted dword (try all 31 ROL arguments) For some i in the 31 ROL results, result - k1 yields ADD value (k2) Check by encrypting 3rd dword of plaintext // encrypting virus code For i = 0 to VIRUS_SIZE p[i] = c[i] ^ k1 k1 = k1 + k2 (these 2 lines can k1 = k1 rol k3 can be swapped) end for

28 28 Homophonic Cipher NOON could encrypt to ERTY Notice N and O encrypt to 2 different ciphertext letters Will work as long as each ciphertext symbol maps to a unique plaintext symbol Hides frequency distribution

29 29 W32/Efish.C Homophonic Cipher Build decryption keys –For each c i and p i, record decryption key –If 2 distinct plaintext values map to the same decryption key, cipher is not substitution or homophonic –If there are multiple encrypted values for a given plaintext element, it’s homophonic –Brute force for this is SLOW

30 30 W32/Efish.C Attacking PRNG Using timestamps, C rand() function is bad Take care to seed PRNG well Efish.C uses a PRNG named the Mersenne Twister –With 94% chance, a random substitution table is used, or –6% of the time, it searches for an unused plaintext byte

31 31 W32/Efish.C Attacking PRNG After ~350 bytes, the chance of an unused byte is less than 10 -9 –So after the 350th byte, it’s just a substitution cipher Use frequency analysis, determine if a virus uses a simple substitution cipher –If frequencies are not preserved, we know it’s not a substitution cipher

32 32 Questions? (Make sure you got leaked document on midterm and copy of X-RAY paper)

33 33 W32/Efish.A Scanning for duplicate bytes Naïve solution –Consider first 5 bytes, if duplicate found, slide 5- byte window one position down –It takes 4 bytes to stop the scan on first scan –It takes 3 bytes to stop for the next scan, and it’s the first 2 bytes –End up looking at same bytes multiple times 52f2cef209… 01234…

34 34 W32/Efish.A More Efficient Scanning Better solution –Start from end –If duplicate seen, slide window down 256 – examined bytes If positions 442 and 431 are the first duplicates, we can start scanning at position 432 On average, it takes ~20 bytes to find duplicate … 52f2ce…08… 012431… 08 442 … …

35 35 Other X-RAY Options For W95/Perenast, the encryption is encrypt:c = p ^ k k = k – c loop encrypt If p == 0, then k becomes 0 If any bits in p are 0, then those bits become 0 in k

36 36 W32/Bagif Used 2 layers of encryption –First layer is a polymorphic decryptor that builds a second layer decryptor that decrypts virus body For 2nd layer, to encrypt: 1.Initialize counter to VIRUS_SIZE 2.XOR byte with last 8 bits of 32-bit key 3.Rotate key right by one bit 4.Subract counter from key, decrement counter 5.Jump to step 2 if counter not 0

37 37 X-RAYing W32/Bagif To X-RAY, do reverse: 1.We can quickly get last 8 bits of key, k, from last byte of virus body last encrypted virus byte XOR last plaintext virus byte (set c = 2) 2.Set k = c + k, then increment c 3.Rotate k left by one bit 4.XOR ciphertext byte with known 7 bits of key plus 1 unknown bit 5.Jump to step 2 if counter not VIRUS_SIZE

38 38 Multiple Layers of Encryption Recover code and data keys from decryptor Recover code key to X-RAY data key (check for often-used opcodes in decryptor) Data key usually spread through many instructions –May need emulator

Download ppt "1 Part I PS 3 discussion of SPINS paper CS 588 February 22, 2005"

Similar presentations

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Smita Thaker 1 Polymorphic & Metamorphic Viruses Presented By : Smita Thaker Dated : Nov 18, 2003.

Smita Thaker 1 Polymorphic & Metamorphic Viruses Presented By : Smita Thaker Dated : Nov 18, 2003.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Dr. Richard Ford  Szor 7  Another way viruses try to evade scanners.

Dr. Richard Ford  Szor 7  Another way viruses try to evade scanners.
Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.

Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.

Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.

Similar presentations

Ads by Google