The specifics of hash function applications in code obfuscation are considered, as well as the disadvantages of currently existing hash functions for this purpose. Considering these specifics and disadvantages, an automatic hash function generation method is proposed, that is based on a genetic programming approach. Methods of measuring the hash function resilience to automated preimage attacks based on SMT solvers usage and random collision resistance are also proposed. Generated functions were evaluated and a method of weak function detection is proposed, that allows to increase the resilience of generated functions to attacks notably.
Download file
Counter downloads: 69
- Title Automatic generation of hash functions for program code obfuscation
- Headline Automatic generation of hash functions for program code obfuscation
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 50
- Date:
- DOI 10.17223/20710410/50/8
Keywords
obfuscation, hash function, genetic programming, avalanche effect, SMT solverAuthors
References
Banescu S., Collberg C. S., Ganesh V., et al. Code obfuscation against symbolic execution attacks // Proc. 32nd Ann. Conf. Computer Security Appl. 2016. P. 189-200.
Udupa S., Debray S., and Madou M. Deobfuscation: Reverse Engineering Obfuscated Code. 12th Working Conf. WCRE’05. 2005. 10 p.
Junod P., Rinaldini J., Wehrli J., and Michielin J. Obfuscator-LLVM - software protection for the masses // IEEE/ACM 1st Intern. Workshop Software Protection. 2015. P.3-9.
Sharif M., Lanzi A, Giffin J., and Lee W. Impeding malware analysis using conditional code obfuscation // Proc. NDSS. San Diego, California, USA, 2008.
https://www.hex-rays.com/products/ida/lumina/ - IDA: Lumina server. 2020.
Xu D., Ming J., and Wu D. Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping // IEEE Symp. Security Privacy (SP). Los Alamitos, CA, USA, 2017. P.921-937.
Qiu W., Gong Z., Guo Y., et al. GPU-based high performance password recovery technique for hash functions // J. Inform. Sci. Eng. 2016. V. 32. No. 1. P.97-112.
Estebanez C., Hernandez-Castro J., Ribagorda A., and Isasi P. Finding state-of-the-art noncryptographic hashes with genetic programming // LNCS. 2006. V. 4193. P.818-827.
Tapiador J., Hernandez-Castro J., Peris-Lopez P., and Ribagorda A. Automated design of cryptographic hash schemes by evolving highly-nonlinear functions // J. Inform. Sci. Eng. 2008. V. 24. No. 5. P.1485-1504.
Menezes A, van Oorschot P., and Vanstone S. Handbook of Applied Cryptography. CRC Press, 1996. 661 p.
Collberg C.S. and Thomborson C. Watermarking, tamper-proofing, and obfuscation - tools for software protection // IEEE Trans. Software Eng. 2002. V. 28. No. 8. P. 735-746.
Webster A. F. and Tavares S. E. On the design of S-boxes // LNCS. 1985. V. 218. P. 523-534.
Cilibrasi R. and Vitanyi P. M. B. Clustering by compression // IEEE Trans. Inform. Theory. 2005. V. 51. No. 4. P.1523-1545.
Koza J. R. Genetic programming as a means for programming computers by natural selection // Stat. Comput. 1994. V.4. No.2. P.87-112.
Fortin F. A., De Rainville F. M., Gardner M. A. G., et al. DEAP: Evolutionary algorithms made easy // J. Machine Learning Res. 2012. V. 13. No. 1. P.2171-2175.
Dworkin M. J. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. National Institute of Standards and Technology, 2015.
Shoshitaishvili Y., Wang R., Salls C., et al. SOK: (State of) The art of war: Offensive techniques in binary analysis // IEEE Symp. Security Privacy (SP). 2016. P. 138-157.
Chipounov V., Kuznetsov V., and Candea G. S2E: A platform for in-vivo multi-path analysis of software systems // ACM SIGPLAN Notices. 2011. V.46. No.3. P.265-278.
De Moura L. and Bjorner N. Z3: An efficient SMT solver // LNCS. 2008. V. 4963. P. 337-340.
Barrett C. , Conway C. L. , Deters M. , et al. CVC4 // Intern. Conf. Comput. Aided Verification. 2011. P. 171-177.
Dutertre B. Yices 2.2 // Intern. Conf. Comput. Aided Verification. 2014. P. 737-744.
Brummayer R. and Biere A. Boolector: An efficient SMT solver for bit-vectors and arrays // LNCS. 2009. V. 5505. P. 174-177.
Knuth D. E. The Art of Computer Programming. V. 3: Sorting and Searching. 2nd Ed. Addison-Wesley Professional, 1998. 800 p.
Flajolet P., Grabner P. J., Kirschenhofer P., and Prodinger H. On Ramanujan’s Q-function // J. Computat. Appl. Math. 1995. V. 58. No. 1. P.103-116.
http://www.isthe.com/chongo/tech/comp/fnv/ - FNV Hash. 1991.
Automatic generation of hash functions for program code obfuscation | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2020. № 50. DOI: 10.17223/20710410/50/8
Download full-text version
Counter downloads: 195