一种针对分组密码软件的 APT 后门及其防范

With the rapid development of computer technology and information technology, software is used everywhere. Attackers can make use of software backdoors to gain important information and resources, causing severe problems and losses. There are contradictions between the concealment and powerful function of software backdoors. Long codes and complex functionalities bring obvious features of the backdoor. This paper proposes a feasible backdoor injection scheme on the block cipher software. The proposed method is based on differential fault analysis, reverse engineering, and advanced persistent threat. By employing fault ciphertexts from active backdoor and correct ciphertexts from non-active backdoor, it is possible to recover the whole DES key by differential fault analysis. The characteristics of this backdoor include strong concealment, easy to operate, can cause big harm, etc. So, this backdoor can be used as a means of advanced persistent threat. Finally, countermeasures for this type of backdoor are given, and the problems of backdoor injection and defense are dialectically discussed.