Abstract:
The collision attack used by Flame Malware was found to be a variant of chosen prefix
collision attack. The chosen prefix collision attack was first presented by Stevens, Lenstra
and De Weger in 2007. Later on creation of two colliding certificates by Stevens et al,
with different distinguished name fields using chosen prefix collision attack was a major
breakthrough in the history of collision attacks against MD5.
As the collision attack that is reported to be used for Flame malware is a modification
of Stevens et al’s original chosen prefix collision attack, using which attackers tried to make
two colliding certificates. Exact algorithm for construction of chosen prefix collision attack
used by Flame is not known. Therefore this thesis is an attempt to explore and implement
the chosen prefix collision attack that was used for Flame malware. Cost and complexity
estimates for the subject attack are also discussed. Furthermore Flame’s collision attack
has been simulated to obtain replacement differential paths which are different from the
differential paths of actual chosen prefix collision attack.
Four starting segments for forward replacement differential paths of Flame’s collision
attack are constructed along with ending segments. Four forward replacement differential
paths are also constructed by utilizing the observed characteristics of Flame’s differential
path from literature.
Modern malware evasion techniques are also explored and counter and preventive
measures are recommended as well, specifically a paradigm for detection of weak cryptographic
primitives is proposed.
