Supercharge Your Innovation With Domain-Expert AI Agents!

Tree structure-based cryptographic algorithm logical expression identification method

A technology of logical expressions and cryptographic algorithms, which is applied in the field of logical expression recognition of cryptographic algorithms based on tree structure, and can solve the problems of not being able to deal with deformation algorithms that do not use constant feature algorithms, not being able to label algorithm names, and misjudging cryptographic functions. Achieve the effect of shortening the analysis cycle, accurately identifying, and solving poor generality

Inactive Publication Date: 2012-11-28
THE PLA INFORMATION ENG UNIV
View PDF2 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method is relatively simple to implement and has high detection efficiency (binary code matching). However, there are certain limitations: First, this method needs to collect constant features used in the implementation of cryptographic algorithms and build a feature library. Deal with deformed algorithms and algorithms that do not use constant features; secondly, static signatures of cryptographic algorithms are usually used in the initialization phase, and further manual analysis is required to find the cryptographic core functions
This method has certain limitations: first, data training is required, and the size of the training set and the rationality of the training directly determine the judgment result; second, the judgment result can only filter out suspected cryptographic core functions, and cannot label the specific algorithm name. Manual further analysis; in addition, some non-cryptographic functions with more logical operations and arithmetic operations will be misjudged as cryptographic functions
[0006] In addition, with the continuous development and improvement of dynamic analysis technology under the Windows platform, some dynamic identification methods of cryptographic algorithms have also appeared, but because dynamic tracking needs to record a large amount of data, identification efficiency is its biggest bottleneck

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Tree structure-based cryptographic algorithm logical expression identification method
  • Tree structure-based cryptographic algorithm logical expression identification method
  • Tree structure-based cryptographic algorithm logical expression identification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Embodiment one: see figure 1 , the present invention is based on the cryptographic algorithm logical expression identification method of tree structure, and the cryptographic algorithm and cryptographic function are identified through the following steps:

[0041] 1) By studying the implementation principles of different cryptographic algorithms, extract the logical expression LE (Logic Expression) used in the cryptographic algorithm implementation, and store it in the cryptographic algorithm logical expression feature database T in a tree structure character middle;

[0042] 2) Perform disassembly analysis on the target program to be identified, and obtain the function sequence P1 , F 2 …F n >, for the function F i Perform local (basic block) data flow analysis and construct an abstract syntax tree set F containing only logical operations i 1 , T 2 …T m >, that is, the target pattern tree; where m is the number of abstract syntax trees, and n is the number of fu...

Embodiment 2

[0046] Embodiment two: see figure 1 , figure 2 , this embodiment is based on a tree-structured method for identifying logical expressions of cryptographic algorithms. The difference from Embodiment 1 is that the pattern tree construction algorithm PTCA (Pattern Tree Create Algorithm) is used to construct a cryptographic algorithm logical expression feature database T character , the specific process is as follows:

[0047] Step 1: Scan the logical expression LE, and record the operator OP with the lowest operation priority min , create an internal node of the feature tree (the internal node created for the first time is the root node), and mount it at the corresponding position of its parent node (except the created root node), and put the OP min saved in internal nodes, OP min Divide LP into left and right parts;

[0048] Step 2: If the left part is an operand, mount it at the corresponding position of the parent node; if it is LE, call the PTCA algorithm for processing...

Embodiment 3

[0052] Embodiment three: see figure 1 , figure 2 , image 3 , this embodiment is based on a tree-structured cryptographic algorithm logic expression recognition method. The difference from Embodiment 1 and Embodiment 2 is that on the basis of object code disassembly, local data flow analysis is performed with functions as the basic granularity, and the construction Target schema tree.

[0053] Object schema tree construction framework such as image 3 As shown, the specific process is as follows:

[0054] Step 1: Disassemble the object code, and the result is recorded as P=(f 1 , f 2 … f n );

[0055] Step 2: In the function f i Inner-scan logical operators, operations with direct logical relations are aggregated into a pattern tree, the function f i The set of pattern subtrees within is T i =(t 1 ,t 2 ...t m );

[0056] Step 3: Repeat step 2 until all functions are processed once, and record the pattern tree set T=(T 1 , T 2 …T m ), the algorithm ends. Where...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a tree structure-based cryptographic algorithm logical expression identification method. A cryptographic algorithm and a cryptographic function are identified by the following steps of: 1) extracting a logical expression used in the realization of cryptographic algorithms by researching a realization principle of different cryptographic algorithms, and storing the logical expression in a cryptographic algorithm logical expression feature database by adopting a tree structure; 2) performing disassembly analysis on a target program to be identified, and establishing an abstract syntax tree set only containing logical operation; 3) matching the function abstract syntax tree set of the target program by using a matching algorithm with the tree structure according to the cryptographic algorithm logical expression feature database, and recording a matching result; 4) repeating the step 3) until all functions are finished matching; and 5) combing and marking matching results. Compared with the conventional methods of static feature code detection, core function discrimination, dynamic analysis and the like, the tree structure-based cryptographic algorithm logical expression identification method has outstanding advantages in identification efficiency and accuracy; and the analysis efficiency of cryptographic function is improved.

Description

technical field [0001] The invention belongs to the technical field of binary reverse engineering and information security, in particular to a tree-structure-based cryptographic algorithm logic expression recognition method. Background technique [0002] With the rapid development of computer science and technology and network communication technology, society has entered the information age, and people exchange information through computer networks more and more frequently. Information security in the process of information exchange has been paid more and more attention by people. The confidential communication, safe storage, integrity protection, authentication, signature and verification of information are all inseparable from the use of cryptographic algorithms. Cryptographic algorithms are the core of information security technology; especially in the military field, the security of cryptographic algorithms is indispensable. In addition, some malicious software also us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00
Inventor 蒋烈辉尹青李继中谢耀滨何红旗常瑞刘铁铭
Owner THE PLA INFORMATION ENG UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com