Research And Implementation Of Instant Messaging Software Protocol Analysis Technology

With the people’s dependence on the instant messaging software increasingly, security researchers has drawn increasing attention to the communication content security of instant messaging software. Protocol analysis technology has an important role in the communication content security of network applications, but more and more instant messaging software use the encryption protocol, and the encryption techniques hide the original format and semantic information of network data, these all hindering the protocol analysis. So how to reverse encryption protocol is an important and highly exploratory research.The paper introduces the research status, technical background and common method of protocol analysis, and the existing research results are discussed. On this basis, the paper presents a method of protocol analysis for instant messaging software: By positioning the binary software cryptographic function to extract the decrypted plaintext protocol message, and the extraction method used to obtain the format information of the protocol message. The main work of this paper includes:1. Positioning technology research of cryptographic functions. Basis on the instruction feature and I/O parameter information entropy changed of cryptographic algorithm implementations, this paper proposed a feature-based positioning method. Through the study of dependencies between input, output and cryptographic algorithm, this paper proposed a positioning method which based cyclic data flow. From the scope of application, time cost and implementation complexity and other aspects of the two methods were compared.2. Extraction technology research of protocol format. Through dynamic tracking the parsing routines’ trajectory of instant messaging software and summarized the resolution process of the protocol field in each of the protocol message. Proposed the extraction methods for each of the major fields and semantic information, and the extracted information is added to the protocol field tree to complete protocol analysis.3. Designed and implemented a prototype system IMPA based on Intel Pin. First, through research in the field of protocol analysis for dynamic taint analysis techniques, we design and implement an efficient method for tracking the spread of the stain. After that, this paper discusses in detail the design and implementation of each module of IMPA, and then the system were evaluated from functional testing and comparison tests. The results of functional testing illustrate the effectiveness of the proposed method of this paper, and through compared with existing methods, the proposed method of this paper can be more accurately locate the position of cryptographic functions and effective extract the format of protocol messages.