Sciweavers

ESORICS
2009
Springer

ReFormat: Automatic Reverse Engineering of Encrypted Messages

15 years 1 days ago
ReFormat: Automatic Reverse Engineering of Encrypted Messages
Automatic protocol reverse engineering has recently received significant attention due to its importance to many security applications. However, previous methods are all limited in analyzing only plain-text communications wherein the exchanged messages are not encrypted. In this paper, we propose ReFormat, a system that aims at deriving the message format even when the message is encrypted. Our approach is based on the observation that an encrypted input message will typically go through two phases: message decryption and normal protocol processing. These two phases can be differentiated because the corresponding instructions are significantly different. Further, with the help of data lifetime analysis of run-time buffers, we can pinpoint the memory locations that contain the decrypted message generated from the first phase and are later accessed in the second phase. We have developed a prototype and evaluated it with several real-world protocols. Our experiments show that ReFormat can...
Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang,
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where ESORICS
Authors Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, Mike Grace
Comments (0)