Cryptographic Procedure Analysis Technology Research Based On Cryptographic Library

analyzing static binary code. Cryptographic knowledge should be needed, but cryptographic knowledge have some property of abstract and complexity. So, a cryptographic model is designed for analysts facing this problem. The main work of this article is as follows: As trojan and worm always use cryptographic algorithm to protect their code or network communication, cryptographic algorithm recoginition and analysis is the first thing to do prior to analise them. About 75% binary programm would adopt cryptographic library function to write their cryptographic algorithm. So, it is meaningfull to improve the efficiency and accuracy of cryptographic algorithm recognition and analysis based on cryptographic library. It spend a lot of time to study cryptographic library functions when encountering cryptographic library functions when debugging,analyzing dynamic trace of Dynamic Binary Instrumentation platform orDesigned a Model whitch describes both the property of cryptographic algorithm and cryptographic protocol and cryptographic library’s architecture after fine analyzing the main C language cryptographic function library, the model is called Cryptographic Function Livbrary Describe Model, CFLDM for shortening.A mapping language is given to mapping cryptographic library function’s property to the model, an API is designed to resolve the functions property and mapping language grammer, finally show analysing results.Build some mapping knowledge base for the common C cryptographic function libraries, generated the data strut base and function prototype base for the libraries.Designed a framework to manage the cryptographic procedure analysis based on the knowledge base and CFLDM. The framework resolves both CFLDM and the knowledge base, assisted with two other base data type base and function prototype base, the framework could analysis the traced program running data recorded by dynamic binary instrumentation platform to recover the information of single cryptographic algorithm and the relationship of mamy cryptographic algorithms.The model and mapping method aimed to extract cryptographic algorithm information and cryptographic library framework information when binary program used cryptographic library function to implement their cryptographic algorithm. And resolving the problem such as could’t position a function accurately, couldn’t fully extract the cryptographic algorithm’s information, the relation between cryptographic functions or cryptographic algorithms couldn’t be rationalized using current static and dynamic method.