On Variant of Flame Malware

Abstract

The collision attack used by Flame Malware was found to be a variant of chosen prefix collision attack. The chosen prefix collision attack was first presented by Stevens, Lenstra and De Weger in 2007. Later on creation of two colliding certificates by Stevens et al, with different distinguished name fields using chosen prefix collision attack was a major breakthrough in the history of collision attacks against MD5. As the collision attack that is reported to be used for Flame malware is a modification of Stevens et al’s original chosen prefix collision attack, using which attackers tried to make two colliding certificates. Exact algorithm for construction of chosen prefix collision attack used by Flame is not known. Therefore this thesis is an attempt to explore and implement the chosen prefix collision attack that was used for Flame malware. Cost and complexity estimates for the subject attack are also discussed. Furthermore Flame’s collision attack has been simulated to obtain replacement differential paths which are different from the differential paths of actual chosen prefix collision attack. Four starting segments for forward replacement differential paths of Flame’s collision attack are constructed along with ending segments. Four forward replacement differential paths are also constructed by utilizing the observed characteristics of Flame’s differential path from literature. Modern malware evasion techniques are also explored and counter and preventive measures are recommended as well, specifically a paradigm for detection of weak cryptographic primitives is proposed.