Ô Is A Field That Studies How To Use Cryptography To Design
Ô Is A Field That Studies How To Use Cryptography To Design
The field also encompasses covert attacks in which the attacker secretly
steals private information such as private keys. An example of the latter
type of attack are asymmetric backdoors. An 6
6 is a
backdoor (e.g., in a cryptosystem) that can be used only by the attacker,
even after it is found. This contrasts with the traditional backdoor that is
symmetric, i.e., anyone that finds it can use it. Kleptography, a subfield
of cryptovirology, is concerned with the study of asymmetric back doors
in key generation algorithms, digital signature algorithms, key
exchanges, and so on.
While viruses in the wild have used cryptography in the past, the only
purpose of such usage of cryptography was to avoid detection by
antivirus software. For example, the tremor virus used polymorphism as
a defensive technique in an attempt to avoid detection by anti-virus
software. Though cryptography does assist in such cases to enhance the
longevity of a virus, the capabilities of cryptography are not used in the
payload. The One-half virus was amongst the first viruses known to
have encrypted affected files. However, the One_half virus was not
ransomware, that is it did not demand any ransom for decrypting the
files that it has encrypted. It also did not use public key cryptography.
c
r
- -Coder or -Code is a trojan that encrypts files on the infected
computer and then asks for a fee in order to release these files, a type of
behavior dubbed ransomware or cryptovirology.Once installed on a
computer, the trojan creates two registry keys: one to ensure it is run on
every system startup, and the second to monitor the progress of the
trojan in the infected computer, counting the number of files that have
been analyzed by the malicious code.Once it has been run, the trojan
embarks on its mission, which is to encrypt, using a digital encryption
key, all the files it finds on computer drives with extensions
corresponding to those listed in its code. These extensions include .doc,
.html, .jpg, .xls, .zip and .rar. The blackmail is completed with the trojan
dropping a text file in each directory, with instructions to the victim of
what to do. An email address is supplied through which users are
supposed to request for their files to be released after paying a ransom of
$100-200 to a Liberty Reserve account.
1. Someone else may find the hidden file and infiltrate the accounts,
thereby endangering the author of the Trojan horse. The assumption
that others will not read data in the file by virtue of the fact that the
file is hidden is dangerous. It is an instance of security by obscurity,
a discouraged cryptographic practice.
To solve the first issue, the Trojan horse encrypts each login/password
pair using the public key contained within the virus.
An attacker writes a Trojan that snatches password and puts the Trojan
into a virus. The payload of a virus then installs the Trojan.The Crypto
Trojan uses the public key to encrypt the login password pairs and stores
it in a hidden password file with a data format of a circular linked list. It
always overwrites the asymmetric cipher text, so that the size of
password file is always same.
Every time some one puts a Flash drive, the Trojan unconditionally
writes the encrypted password file to the last few sectors and marks
them as unused. Only that particular person who wrote the Trojan will
be able to extract the sectors and decrypt the password file.
c !S
Cryptography has traditionally been used for defensive purpose but
Cryptovirology uses cryptography for attacking rather than defending.
Cryptovirology is a proactive anticipation of the opponent's next move
and suggests that certain safeguards should be developed and put into
place.
c
Ë http://en.wikipedia.org/wiki/Cryptovirology
Ë http://www.cryptovirology.com
Ë Malicious Cryptography Exposing Cryptovirology by Dr. Adam
Young, Dr. Moti Yung.