Cerias tech Report 2015-01 The Weakness of Winrar encrypted Archives to Compression Side-channel Attacks
Yüklə 274,97 Kb. Pdf görüntüsü
|
vii LIST OF FIGURES Figure Page
3.1 A RAR5 archive with packed size and compression information highlighted 18
4.1 Box Plot of the distributions of different file types. . . . . . . . . . . . 19
4.2 The original alice29.rar archive with the compression method circled and the total file size inside the rectangle . . . . . . . . . . . . . . . . . . . 24 4.3 The modified alice29-prime.rar with the compression method circled and the total file size inside the rectangle . . . . . . . . . . . . . . . . . . . 25
viii ABSTRACT Arthur-Durett, Kristine MS, Purdue University, December 2014. The weakness of WinRAR encrypted archives to compression side-channel attacks. Major Professor: Eugene Spafford. This paper explores the security of WinRAR encrypted archives. Previous works concerning potential attacks against encrypted archives are studied and evaluated for practical implementation. These attacks include passive actions examining the effects of compression ratios of archives and the files contained, the study of temporary ar tifacts and active man-in-the-middle attacks on communication between individuals. An extensive overview of the WinRAR software and the functions implemented within it is presented to aid in understanding the intricacies of attacks against archives. Several attacks are chosen from the literature to execute on WinRAR v5.10. Select file types are identified through the examination of compression ratios. The appear ance of a file in an archive is determined through both the appearance of substrings in the known area of an archive and the comparison of compression ratios. Finally, the author outlines a revised version of an attack that takes advantage of the independence between the compression and encryption algorithms. While a previous version of this attack only succeeded in removing the encryption from an archive, the revised version is capable of fully recovering an original document from a encrypted compressed archive. The advantages and shortcomings of these attacks are discussed and some countermeasures are briefly mentioned. 1 1. INTRODUCTION Malware droppers are Trojans used as container files to deliver files onto a destination host computer [1]. In the field of digital forensics, a dropper may be implemented to obscure data relevant to a crime. Additionally, individuals can use compressed archives in corporate espionage cases where large amounts of data is removed from a system. Compression software such as WinZip and WinRAR are popular choices for concealing incriminating information. Both software packages offer encryption in addition to data compression, which makes them ideal for these purposes. The use of compression and encryption creates an issue for forensic investigators who may need to access archived files for valuable information. Password search attacks and dictionary attacks are commonly used methods to gain access to an archived file. With some software packages, such as WinZip versions prior to 9.0, the encryption function is weak to these attacks [2]. However, for passwords with length longer than six characters, WinRAR appears secure [3]. Attacks against the encryption itself, such as related-key attacks introduced by Biryukov et al, exist [4,5]. In an effort to provide knowledge about an archive’s content to investigators, this paper will explore alternative attacks against the WinRAR software. These include examination of side-channels and exploitation of the interaction between the compression and encryption functions. While recovering the full contents of an archive may not be possible with these attacks, the intention is to reveal information about the contents. This may provide the knowledge that an investigator needs or assist in determining whether password cracking efforts are worthwhile on an archive.
2 1.1 Related Work Attacks against the encryption of an archive are a natural starting point to con sider. The goal of attacks against the Advanced Encryption Standard (AES) is to recover the key used in the algorithm. The key can then be used to decrypt the contents of an encrypted file or message. There are a variety of methods, such as Meet-in-the-Middle, differential or related-key attacks, that have been introduced to discover the secret key. Meet-in-the-Middle attacks require pairs of plaintexts and their corresponding ciphertexts. The attacker will attempt to decrypt the ciphertext while simultaneously encrypting the plaintext with the hope of finding a key that will cause these operations to converge. Demirci and Sel¸cuk provide an outline to a Meet-in-the-Middle attack on 8-round AES-256 [6]. This attack is shown to have complexity of 2 200
. Another class of attacks are a form of differential analysis called impossible differ entials. In contrast to the original differential attacks which look for characteristics that hold true with a high probability, impossible differentials look for extremely low-probability differentials. Once identified, these characteristics can be used to re cover the key. Lu and Dunkelman introduce an impossible differential attacks that is effective on 8-round AES with a complexity of 2 229.7
[7]. Finally, Biryukov introduces several variations of related-key attacks against AES 256 with considerable improvements in time complexity [4, 5, 8]. In the related-key model, the attacker uses several keys with a known relation between them. When these keys are used in the encryption function, the attacker is able to trace character istics of the function induced by the relationship. From this, the key can be recovered. Biryukov et al present a practical attack that is capable of recovering the key for a 9-round version of AES-256 in only 2 39 time [4]. Biryukov also presents a related-key attack that works in conjunction with a boomerang attack to recover the key from full 14-round AES-256 in 2 99.5 time [5]. Yüklə 274,97 Kb. Dostları ilə paylaş:
|