Browse > Article
http://dx.doi.org/10.7840/kics.2017.42.4.838

Vulnerability Analysis on the CNG Crypto Library  

Lee, Kyungroul (Soonchunhyang University R&BD Center for Security and Safety Industries (SSI))
Oh, Insu (Soonchunhyang University Department of Information Security Engineering)
Lee, Sun-Young (Soonchunhyang University Department of Information Security Engineering)
Yim, Kangbin (Soonchunhyang University Dept. of Information Security Engineering)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.42, no.4, 2017 , pp. 838-847 More about this Journal
Abstract
CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.
Keywords
CNG library; Crypto library; Crypto API; Vulnerability; Analysis;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Microsoft, Cryptography Next Generation, Retrieved Jan., 23, 2017, from http://technet.microsoft.com/en-us/library/cc730763(v=ws.10).aspx
2 Microsoft, Business Productivity at Its Best - Office 2010 and SharePoint 2010 white paper, Retrieved Jan., 23, 2017, from http://technet.microsoft.com/en-us/library/ff384150(v=office.14).aspx
3 Microsoft, CNG DPAPI, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/hh706794(v=vs.85).aspx
4 A. Young, "Cryptoviral extortion using Microsoft's Crypto API," J. IJIS, vol. 5, no. 2, pp. 67-76, Apr. 2006.   DOI
5 Symantec, How Trojan.Zbot.B!inf Uses Crypto API, Retrieved Jan., 23, 2017, from http://www.symantec.com/connect/blogs/how-trojanzbotbinf-uses-crypto-api
6 A. Young and M. Yung, An implementation of cryptoviral extortion using microsoft's crypto api, Retrieved Jan., 23, 2017, from http://www.cryptovirology.com/cryptovfiles/newbook/Chapter2.pdf
7 J. Song and I. Hwang, "A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool," J. KIISC, vol. 21, no. 2, pp. 111-117, Apr. 2011.
8 K. Lee, Y. Lee, J. Park, I. You, and K. Yim, "Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)," in Proc. IMIS, pp. 709-713, Taichung, Taiwan, Jul. 2013.
9 W.-N. Kim, M.-S. Jang, J. Seo, and S. Kim, "Vulnerability discovery method based on control protocol fuzzing for a railway SCADA system," J. KICS, vol. 39, no. 4, pp. 362-369, Apr. 2014.
10 H. J. Kwon and S. J. Kim, "RFID distance bounding protocol secure against mafia and terroist fraud," J. KICS, vol 39, no. 11, pp. 660-674, Nov. 2014.
11 Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, and M.-S. Kim, "Tracking the source of cascading cyber attack traffic using network traffic analysis," J. KICS, vol. 41, no. 12, pp. 1771-1779, Dec. 2016.   DOI
12 K. Lee, I. You, and K. Yim, "Vulnerability analysis on the CNG crypto library," in Proc. IMIS, pp. 221-224, Blumenau, Brazil, Jul. 2015.