|
|
Vulnerabilities and security proofs of communication protocols used by malware
Med, Ondřej ; Středa, Adolf (advisor) ; Boháček, Milan (referee)
Cryptographic games with their transitions are a useful tool for proving cryptographic properties of various security protocols. We have explored together the notions of neg- ligible functions, cryptographic games and their transitions, computational, and perfect security. This served as our basis when analyzing malware protocols, we translated each into a game that tested the property we were trying to expose. Then, using transitions based on negligible functions, we simplified said games to reach desired results. We have decided to employ Cryptoverif as our tool for implementing these games, it is designed to create sequences of games that lead to games exposing specified properties. We translated the games into series of primitives that form an interface of this tool. Using the theory described above we anchored individual transitions in mathematical arguments and documented the proof strategy Cryptoverif employs. To illustrate the usage, we have selected a few communication protocols used by several malware families (Emotet, Mirai, Lockcrypt) and used the tooling to prove a few characteristic properties. While this has been challenging for a few cases (especially when the techniques were not entirely inside Cryptoverif's scope) we have managed to design our games accordingly to reach the desired...
|
|
|
Boomerang attacks
Procházka, Martin ; Göloglu, Faruk (advisor) ; Středa, Adolf (referee)
In 2020 Dunkelman et al. introduced the Retracing Boomerang Attack as an extension of the Boomerang attack introduced in 1999 by Wagner. Both of these attacks are presented in this thesis. In the thesis we also study in detail the independences of the differential characteristics of the Boomerang attack as an element affecting the success probability of the attack. All this, together with background information and detail explanation of the differential cryptanalysis is presented in the well understandable form even for reader with just an elementary cryptography experience. Finally, in the last chapter we show idea and theoretical description of the best currently known differential attack on 5-round AES, which is based on the Retracing Boomerang Attack. 1
|
|
|
MQ problem
Středa, Adolf ; Žemlička, Jan (advisor) ; Šťovíček, Jan (referee)
The aim of this thesis is to describe a general MQ Problem with a focus on its variant called HFE, outline several attacks on a basic scheme based on HFE and describe a new attack on HFEz, a cryptosystem based on special polynomials over finite fields with a modification, which discards a portion of the output from the initial transformation. This ensures a dependency on more variables while keeping the same size of the field. The attack starts with a translation of HFE into HFE with branches, followed by a branch separating algorithm described in [Fel06]. The separation algorithm uses the public key to derive an operation, which induces (with addition) a non-associative algebra. Utilising some properties of non-associative algebras, a matrix, which can separate variables into distinct sets according to branches, is calculated. This leads to stripping off the HFEz modification and thus allowing us to attack directly the HFE polynomial. Powered by TCPDF (www.tcpdf.org)
|
|
|
Analysis of Virtual Machine based obfuscation
Středa, Adolf ; Boháček, Milan (advisor) ; Bálek, Martin (referee)
Software systems may contain sensitive data that should be protected. In a scenario, where an analyst has full access to the system, it may be desirable to transform the program to become harder to understand and reverse-engineer, while preserving the original functionality of the program. Machine code obfuscation tackles this problem by adding complexity to the pro- gram's control flow, a programming idiom removal, and various abstractions. Specifically, WProtect is an obfuscation engine that utilises a stack virtual ma- chine and its own instruction set to achieve these properties. In this thesis, I will analyse WProtect obfuscation engine, its obfuscation algo- rithms and present a generic approach to an extraction of a code protected by WProtect. Furthermore, I will design a generic framework for a static code ex- traction that is tweakable in order to support different WProtect configurations. Several improvements to WProtect, both in terms of configuration and design, will also be proposed. These proposals mostly intend to mitigate vulnerabilities that are exploited in the code extraction, however, several proposals shall also include improvements specifically targeting static analysis prevention. 1
|
|
|
MQ problem
Středa, Adolf ; Žemlička, Jan (advisor) ; Šťovíček, Jan (referee)
The aim of this thesis is to describe a general MQ Problem with a focus on its variant called HFE, outline several attacks on a basic scheme based on HFE and describe a new attack on HFEz, a cryptosystem based on special polynomials over finite fields with a modification, which discards a portion of the output from the initial transformation. This ensures a dependency on more variables while keeping the same size of the field. The attack starts with a translation of HFE into HFE with branches, followed by a branch separating algorithm described in [Fel06]. The separation algorithm uses the public key to derive an operation, which induces (with addition) a non-associative algebra. Utilising some properties of non-associative algebras, a matrix, which can separate variables into distinct sets according to branches, is calculated. This leads to stripping off the HFEz modification and thus allowing us to attack directly the HFE polynomial. Powered by TCPDF (www.tcpdf.org)
|
guest ::
