Where’s Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code Carlo Meijer Veelasha Moonsamy Jos Wetzels Radboud University Ruhr University Bochum Midnight Blue Labs The Netherlands Germany The Netherlands
[email protected] [email protected] [email protected] Abstract procurement or individual research since it requires resorting to highly labor-intensive reverse-engineering in order to deter- The continuing use of proprietary cryptography in embed- mine the presence and nature of these algorithms before they ded systems across many industry verticals, from physical can be evaluated. In addition, when a proprietary algorithm access control systems and telecommunications to machine- gets broken, details might not be published immediately as to-machine authentication, presents a significant obstacle a result of NDAs or court injunctions [5] leaving other po- to black-box security-evaluation efforts. In-depth security tentially affected parties to repeat such expensive efforts and analysis requires locating and classifying the algorithm in hampering effective vulnerability management. As such, there often very large binary images, thus rendering manual inspec- is a real need for practical solutions to automatically scan bi- tion, even when aided by heuristics, time consuming. naries for the presence of as-of-yet unknown cryptographic In this paper, we present a novel approach to automate algorithms. the identification and classification of (proprietary) crypto- graphic primitives within binary code. Our approach is based Criteria In order to support the analysis of closed-source on Data Flow Graph (DFG) isomorphism, previously pro- embedded systems for the use of proprietary cryptography, posed by Lestringant et al.