Sciweavers

ASIACRYPT
2015
Springer

Reverse-Engineering of the Cryptanalytic Attack Used in the Flame Super-Malware

8 years 7 months ago
Reverse-Engineering of the Cryptanalytic Attack Used in the Flame Super-Malware
In May 2012, a highly advanced malware for espionage dubbed Flame was found targeting the Middle-East. As it turned out, it used a forged signature to infect Windows machines by MITM-ing Windows Update. Using counter-cryptanalysis, Stevens found that the forged signature was made possible by a chosen-prefix attack on MD5 [Ste13]. He uncovered some details that prove that this attack differs from collision attacks in the public literature, yet many questions about techniques and complexity remained unanswered. In this paper, we demonstrate that significantly more information can be deduced from the example collision. Namely, that these details are actually sufficient to reconstruct the collision attack to a great extent using some weak logical assumptions. In particular, we contribute an analysis of the differential path family for each of the four near-collision blocks, the chaining value differences elimination procedure and a complexity analysis of the near-collision block attac...
Max Fillinger, Marc Stevens
Added 16 Apr 2016
Updated 16 Apr 2016
Type Journal
Year 2015
Where ASIACRYPT
Authors Max Fillinger, Marc Stevens
Comments (0)