한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

  • 제42권4호
  • /
  • Pages.838-847
  • /
  • 2017
  • /
  • 1226-4717(pISSN)
  • /
  • 2287-3880(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

CNG 암호 라이브러리의 보안 취약점 분석

Vulnerability Analysis on the CNG Crypto Library

  • Lee, Kyungroul (Soonchunhyang University R&BD Center for Security and Safety Industries (SSI)) ;
  • Oh, Insu (Soonchunhyang University Department of Information Security Engineering) ;
  • Lee, Sun-Young (Soonchunhyang University Department of Information Security Engineering) ;
  • Yim, Kangbin (Soonchunhyang University Dept. of Information Security Engineering)
  • 투고 : 2017.02.27
  • 심사 : 2017.03.29
  • 발행 : 2017.04.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 마이크로소프트사의 CAPI를 대체하기 위해 제안된 CNG는 플러그인 구조 기반의 독립된 모듈들로 구성되어 있기 때문에 개발비용과 확장 용이성 부분에서 우수하다. 하지만 이러한 이점과 반대로 보안성에 대한 고려는 다소 부족하며, 현재 CNG가 배포되어 활용되고 있는 상황에서 이와 관련된 연구는 반드시 필요하다. 이에 본 논문에서는 CNG에서 발생 가능한 보안 취약점을 분석하였다. 분석된 취약점을 토대로 개념 검증 도구를 구현하여 이를 검증하였다. 검증 결과는 CNG를 활용하는 Outlook 프로그램과 Internet Explorer 프로그램에서 메일 및 계정정보의 탈취, Amazon, E-bay, Google, Facebook 웹 사이트의 계정정보의 탈취가 가능하였다. 본 논문의 결과는 CNG를 활용하는 다양한 응용의 보안성을 향상시키는데 기여할 것으로 사료된다.

CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.

키워드

참고문헌

  1. Microsoft, Cryptography Next Generation, Retrieved Jan., 23, 2017, from http://technet.microsoft.com/en-us/library/cc730763(v=ws.10).aspx
  2. Microsoft, Business Productivity at Its Best - Office 2010 and SharePoint 2010 white paper, Retrieved Jan., 23, 2017, from http://technet.microsoft.com/en-us/library/ff384150(v=office.14).aspx
  3. Microsoft, CNG DPAPI, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/hh706794(v=vs.85).aspx
  4. A. Young, "Cryptoviral extortion using Microsoft's Crypto API," J. IJIS, vol. 5, no. 2, pp. 67-76, Apr. 2006. https://doi.org/10.1007/s10207-006-0082-7
  5. Symantec, How Trojan.Zbot.B!inf Uses Crypto API, Retrieved Jan., 23, 2017, from http://www.symantec.com/connect/blogs/how-trojanzbotbinf-uses-crypto-api
  6. A. Young and M. Yung, An implementation of cryptoviral extortion using microsoft's crypto api, Retrieved Jan., 23, 2017, from http://www.cryptovirology.com/cryptovfiles/newbook/Chapter2.pdf
  7. J. Song and I. Hwang, "A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool," J. KIISC, vol. 21, no. 2, pp. 111-117, Apr. 2011.
  8. K. Lee, Y. Lee, J. Park, I. You, and K. Yim, "Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)," in Proc. IMIS, pp. 709-713, Taichung, Taiwan, Jul. 2013.
  9. W.-N. Kim, M.-S. Jang, J. Seo, and S. Kim, "Vulnerability discovery method based on control protocol fuzzing for a railway SCADA system," J. KICS, vol. 39, no. 4, pp. 362-369, Apr. 2014.
  10. H. J. Kwon and S. J. Kim, "RFID distance bounding protocol secure against mafia and terroist fraud," J. KICS, vol 39, no. 11, pp. 660-674, Nov. 2014.
  11. Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, and M.-S. Kim, "Tracking the source of cascading cyber attack traffic using network traffic analysis," J. KICS, vol. 41, no. 12, pp. 1771-1779, Dec. 2016. https://doi.org/10.7840/kics.2016.41.12.1771
  12. K. Lee, I. You, and K. Yim, "Vulnerability analysis on the CNG crypto library," in Proc. IMIS, pp. 221-224, Blumenau, Brazil, Jul. 2015.