V-DIFT: Vector-based dynamic information flow tracking with application to locating cryptographic keys for reverse engineering

Antonio M. Espinoza, Jeffrey Knockel, Jedidiah R. Crandall, Pedro Comesaña-Alfaro

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Dynamic Information Flow Tracking (DIFT) is a technique for tracking information as it flows through a program's execution. DIFT systems track information by tainting data and propagating the taint marks throughout execution. These systems are designed to have minimal overhead and thus often miss indirect flows. If indirect flows were propagated naively overtainting would result, whereas propagating them effectively causes overhead. We describe the design and evaluation of a system intended for offline analysis, such as reverse engineering, that can track information through indirect flows. Our system, V-DIFT, uses a vector of floating point values for each taint mark. The use of vectors enables us to track a taint's provenance and handle indirect flows, trading off some performance for these abilities. These indirect flows via control and address dependencies are thought to be critical to tracking information flow of cryptographic programs. Therefore we tested V-DIFT's effectiveness by automatically locating keys in simple programs that use a variety of symmetric cryptographic algorithms found in three common libraries. This application does not require that the program run in real time, just that it be much faster than a manual approach. Our V-DIFT implementation tests average 3.6 seconds, and with the right parameters can identify memory locations that contain keys for 24 out of 27 algorithms tested. Our results show that many cryptographic algorithm implementations' address and/or control dependencies must be tracked for DIFT to be effective.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages266-271
Number of pages6
ISBN (Electronic)9781509009909
DOIs
StatePublished - Dec 14 2016
Externally publishedYes
Event11th International Conference on Availability, Reliability and Security, ARES 2016 - Salzburg, Austria
Duration: Aug 31 2016Sep 2 2016

Publication series

NameProceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016

Conference

Conference11th International Conference on Availability, Reliability and Security, ARES 2016
CountryAustria
CitySalzburg
Period8/31/169/2/16

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'V-DIFT: Vector-based dynamic information flow tracking with application to locating cryptographic keys for reverse engineering'. Together they form a unique fingerprint.

Cite this