Cryptovirology

From Wikipedia, the free encyclopedia

Cryptovirology
Cryptovirology

Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. It encompasses overt attacks such as cryptoviral extortion where a cryptovirus, cryptoworm, or cryptotrojan hybrid encrypts the victim's files and the user must pay the malware author to receive the needed session key (that is encrypted under the author's public key that is contained in the malware).

The field also encompasses covert attacks in which the attacker secretly steals private information such as private keys. An example of the latter type of attack are asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can only be used by the attacker even after it is found. This contrasts with the traditional backdoor that is symmetric, i.e., anyone that finds it can use it. Kleptography, a subfield of Cryptovirology, is concerned with the study of asymmetric backdoors in key generation algorithms, digital signature algorithms, key exchanges, and so on.

Cryptovirology also encompasses the notion of a "questionable encryption scheme" which was introduced by Young and Yung. Informally speaking, a questionable encryption scheme is a public key cryptosystem (3-tuple of algorithms) with two supplementary algorithms, forming a 5-tuple of algorithms. It includes a deliberately bogus yet carefully designed key pair generation algorithm that produces a "fake" public key. The corresponding private key cannot be used to decipher data "encrypted" using the fake public key. By supplying the key pair to an efficient verification predicate (the 5th algorithm in the 5-tuple) it is proven whether the public key is real or fake. When the public key is fake it follows that no one can decipher data "enciphered" using the fake public key (this includes the person that generated the key pair). A questionable encryption scheme has the property that real public keys are computationally indistinguishable from fake public keys when the private key is not available. The private key forms a poly-sized witness of encryption or decryption, whichever may be the case.

An application of a questionable encryption scheme is a cryptotrojan that gathers plaintext from the host, "encrypts" it using the public key (which is real or fake) of the cryptotrojan and then exfiltrates the resulting "ciphertext". In this attack it is thoroughly intractable to prove that data theft has occurred. This holds even when all core dumps of the cryptotrojan and all covert information that it secretly broadcasts is entered into evidence. An analyst that jumps to the conclusion that the cryptotrojan "encrypts" data risks being proven wrong by the malware author (e.g., anonymously).

When the public key is fake the attacker gets no plaintext from the cryptotrojan. So what's the use? A spoofing attack is possible in which some cryptotrojans steal data and some provably do not, thereby casting doubt on the true nature of future strains of cryptotrojans, cryptoviruses, and cryptoworms. This attack implies a fundamental limitation on proving data theft.

There are many other attacks in the field of cryptovirology that are not mentioned here.

  • A. Young, M. Yung. "Cryptovirology: Extortion-Based Security Threats and Countermeasures". IEEE Symposium on Security & Privacy, May 6-8, 1996: 129 – 141.  [1]
  • A. Young, M. Yung (1996). "The Dark Side of Black-Box Cryptography, or: Should we trust Capstone?". Neal Koblitz Proceedings of Crypto '96: 89 – 103, Springer-Verlag. LNCS 1109. 
  • A. Young, M. Yung (1997). "Kleptography: Using Cryptography Against Cryptography". W. Fumy Proceedings of Eurocrypt '97: 62 – 74, Springer-Verlag. LNCS 1233. 
  • A. Young, M. Yung (2004). Malicious Cryptography: Exposing Cryptovirology. Wiley. ISBN 0-7645-4975-8. 
  • A. Young, M. Yung (2006). "On Fundamental Limitations of Proving Data Theft". IEEE Transactions on Information Forensics and Security, 1(4): 524 – 531.  [2]

 This cryptography-related article is a stub. You can help Wikipedia by expanding it.
Malware logo    This malware-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org../../../c/r/y/Cryptovirology.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.