cS

S 

ô
 
is a field that studies how to use cryptography to design

powerful malicious software. The field was born with the observation
that public-key cryptography can be used to break the symmetry
between what an antivirus analyst sees regarding a virus and what the
virus writer sees. The former only sees a public key whereas the latter
sees a public key and corresponding private key. The first attack that
was identified in the field is called "cryptoviral extortion". In this attack
a virus, worm, or trojan hybrid encrypts the victim's files and the user
must pay the malware author to receive the needed session key (which is
encrypted under the author's public key that is contained in the malware)
if the user does not have backups and needs the files back.

The field also encompasses covert attacks in which the attacker secretly
steals private information such as private keys. An example of the latter
type of attack are asymmetric backdoors. An 6

  6 is a
backdoor (e.g., in a cryptosystem) that can be used only by the attacker,
even after it is found. This contrasts with the traditional backdoor that is
symmetric, i.e., anyone that finds it can use it. Kleptography, a subfield
of cryptovirology, is concerned with the study of asymmetric back doors
in key generation algorithms, digital signature algorithms, key
exchanges, and so on.

While viruses in the wild have used cryptography in the past, the only
purpose of such usage of cryptography was to avoid detection by
antivirus software. For example, the tremor virus used polymorphism as
a defensive technique in an attempt to avoid detection by anti-virus
software. Though cryptography does assist in such cases to enhance the
longevity of a virus, the capabilities of cryptography are not used in the
payload. The One-half virus was amongst the first viruses known to
have encrypted affected files. However, the One_half virus was not
ransomware, that is it did not demand any ransom for decrypting the
files that it has encrypted. It also did not use public key cryptography.
 c




 

In computer security, a cryptovirus is defined as a computer virus that
contains and uses a public key.Usually the public key belongs to the
author of the virus, though there are other possibilities as well. For
instance, a virus or worm may generate and use its own key pair at run-
time.Cryptotrojans and cryptoworms are the same as cryptoviruses,
except they are Trojan horses and worms, respectively.

-  

A virus that uses a symmetric key instead of a public key is known as a
polymorphic virus.

-   

- 

 
 6
is a cryptographic approach which involves
the use of asymmetric key algorithms instead of or in addition to
symmetric key algorithms.The asymmetric key algorithms are used to
create a mathematically related key pair: a secret private key and a
published public key.Anyone can encrypt the message using the public
key of the recipient and can only be decrypted using the corresponding
private key.
 [
A 6 in a computer system is a method of bypassing normal
authentication, securing remote access to a computer, obtaining access to
plaintext, and so on, while attempting to remain undetected. The
backdoor may take the form of an installed program, or could be a
modification to an existing program or hardware device.Once a system
has been compomised by trojans and rootkits, one or more backdoors
can be installed in order to allow easier access in future.

r
- -Coder or -Code is a trojan that encrypts files on the infected
computer and then asks for a fee in order to release these files, a type of
behavior dubbed ransomware or cryptovirology.Once installed on a
computer, the trojan creates two registry keys: one to ensure it is run on
every system startup, and the second to monitor the progress of the
trojan in the infected computer, counting the number of files that have
been analyzed by the malicious code.Once it has been run, the trojan
embarks on its mission, which is to encrypt, using a digital encryption
key, all the files it finds on computer drives with extensions
corresponding to those listed in its code. These extensions include .doc,

.html, .jpg, .xls, .zip and .rar. The blackmail is completed with the trojan
dropping a text file in each directory, with instructions to the victim of
what to do. An email address is supplied through which users are
supposed to request for their files to be released after paying a ransom of
$100-200 to a Liberty Reserve account.




A kleptographic attack is an attack in which a malicious designer

deploys an asymmetric backdoor. In a kleptographic attack, there is an
explicit distinction between confidentiality of the messages (e.g., the
private keys of the users) and awareness that the attack is taking place. A
secure kleptographic attack is undetectable as long as the cryptosystem
is a black-box. Also, if the black-box is opened, it may be evident that a
kleptographic attack is underway, but confidentiality is preserved. In
other words, a kleptographic attack is an  
  backdoor that can
only be used by the designer that carries out the attack. This subject of
research is called Kleptography: the study of stealing information
securely and subliminally. Kleptography is a natural extension of the
theory of subliminal channels.

-rior to the advent of asymmetric backdoors, scientific research on

backdoors in cryptosystems was conducted. In hindsight, Anderson's
construction is a symmetric backdoor, meaning that a successful reverse-
engineer will be able to use the backdoor. In contrast, a kleptographic
backdoor is an asymmetric backdoor, meaning that a reverse-engineer
that expends considerable effort breaching the black-box that houses the
backdoor still cannot use the backdoor (in general, the reverse-engineer
finds the attacker's public key, not the needed private decryption key).

The novelty in this kleptographic attack is the following. It can be

deployed in software in a single binary program (that may be code-
signed) such that everyone obtains the same copy. The key pairs that the
program outputs do not reveal that a kleptographic attack is occurring
(they appear to be normal). If a reverse-engineer examines the key
generation code then he or she will learn that a kleptographic attack is
underway. However the reverse-engineer will still be out of luck in
actually learning the private key of anyone who uses the binary.
 c
-
S ! 

S 
It is a denial of resource attack. It is a three-round protocol that is carried
by an attacker against a victim.When the virus activates, it uses a true
random bit generator (TRB ) to generate a symmetric key and
initialization vector (IV) uniformly at random.The virus concatenates the
IV with the symmetric key and then encrypts the resulting string using
the public key of the virus author (e.g., using RSA-OAE-). The
encrypted plaintext is then held ransom.If the victim complies by paying
the ransom and transmitting the asymmetric cipher text to the virus
author then the virus author decrypts the cipher text using the private
key that only the virus author has access to (the one on his or her
smartcard).

Initially, the combination of software attacks and cryptographic

techniques appeared to be quite powerful and this has proven to be even
more so today. What has been noticed over the years is that advanced
and provably secure malware attacks are made possible by advances in
cryptographicmodels and algorithmic constructions. Examples of such
advances include: trapdoor functions, semantic security of encryption,
cryptographically strong pseudorandomness, the random oracle model,
and so forth. These are cornerstones for building secure cryptosystems
and proving that they are so. Research has shown that these tools can be
used to devise attacks that are not detectable and that bestow unusual
powers to the attacker. This is not unlike using missiles to take down
missiles, i.e.,fighting fire with fire.
 c S ! - " 
#S r
Consider a typical Trojan horse program that steals the login/password
pairs of users. The Trojan horse program hooks into the system¶s
authentication mechanism and captures such pairs as they are entered by
the users. The login/password pairs are often stored in a file with an
obscure name in a remote location on the file system. In some operating
systems it is even possible to designate the file as being invisible, which
makes it harder to detect. The attacker then accesses the machine at a
later time and downloads the pilfered login/password pairs. From the
attacker¶s perspective this attack is risky for two reason.

1. Someone else may find the hidden file and infiltrate the accounts,
thereby endangering the author of the Trojan horse. The assumption
that others will not read data in the file by virtue of the fact that the
file is hidden is dangerous. It is an instance of security by obscurity,
a discouraged cryptographic practice.

2. The Trojan horse may be discovered by system administrators and

alarms may be put in place that sound whenever the hidden file is
read. So, the Trojan author is sticking his or her neck out by issuing
commands to download the hidden file.

These problems can be solved using cryptovirology.

To solve the first issue, the Trojan horse encrypts each login/password
pair using the public key contained within the virus.

The data can be encrypted using the RSA-based OAE- cryptosystem,

for instance. The resulting ciphertext is stored in a hidden file as before.
The hidden file can be designed to contain M ciphertext values at all
times and hence remain fixed in size. To implement this, an index i is
stored at the beginning of the file. The value i stores the index of the
next ciphertext to be overwritten. It will range from 0 to M í1 inclusive
and when M í 1 is reached the value for i will then wrap back around
to zero. This way, the Trojan will overwrite the oldest entries in the file
when it is full. By doing so the entries will always be kept up-to-date. If
the Trojan is in place for months on end and users change their
passwords, the Trojan will overwrite the old passwords in favor of the
new ones. It is important to keep the file from constantly increasing in
size to keep it from drawing unwanted attention. In the deniable
password-snatching attack the file is initially filled withM ciphertexts
corresponding to the encryptions of M randomly chosen messages. The
starting value for i is a number chosen uniformly at random between 0
and M í 1 inclusive. These starting conditions help obfuscate the
activity of the Trojan immediately upon deployment.

An attacker writes a Trojan that snatches password and puts the Trojan
into a virus. The payload of a virus then installs the Trojan.The Crypto
Trojan uses the public key to encrypt the login password pairs and stores
it in a hidden password file with a data format of a circular linked list. It
always overwrites the asymmetric cipher text, so that the size of
password file is always same.

Every time some one puts a Flash drive, the Trojan unconditionally
writes the encrypted password file to the last few sectors and marks
them as unused. Only that particular person who wrote the Trojan will
be able to extract the sectors and decrypt the password file.

c"#



-
S!r


A cryptovirologist attacks a computer system or network in the same
sense that a cryptanalyst attacks a cryptosystem. By the same token we
should not stop trying to anticipate what attackers might do once they
break into our computers. The justification for doing research in
cryptovirology derives from the proverbial phrase, "It takes a thief to
catch a thief" (English, mid-17th century). The notion is that thieves are
the experts when it comes to thieving, and they would know best
regarding how to catch other thieves. Cryptovirology is a proactive
anticipation of the opponent's next move and suggests that certain
safeguards should be developed and put into place.

If you have confidential information on your computer, your computer is

connected to the Internet, and you have not analyzed the code for the
programs that you run, then cryptovirology could affect you. If this is
true of the company you work for then cryptovirology could affect you.
If you purchase items "securely" on-line then you could be affected as
well. Advanced malware attacks are a general security problem that can
adversely affect the lives of many people.

The potential impact of cryptovirology is especially acute when it comes

to smartcard use. Down the road the private key that an executive (or
military officer) generates and uses may be compromised and the
executive may have to clear up a problem caused by something that he
or she was completely unaware of. Similarly, contracts signed using an
executive's private key may have to be litigated when the executive
disavows them, and asserts that his or her private key was compromised
(e.g., by a kleptographic attack). The only way to prove that a
kleptographic attack did not occur is to reverse-engineer the device 

 . This is likely to be both time consuming and expensive.
Kleptography has the potential to cause serious damage in these
situations, and the potential payoff for embedding kleptographic
backdoors is likely to increase with time. To make matters worse, there
has been a recent trend towards developing commercial off-the-shelf
(COTS) products off-shore. This may affect the likelihood that
backdoors will be present in software and hardware that is used
domestically.

c !S 
Cryptography has traditionally been used for defensive purpose but
Cryptovirology uses cryptography for attacking rather than defending.
Cryptovirology is a proactive anticipation of the opponent's next move
and suggests that certain safeguards should be developed and put into
place.

c    
Ë http://en.wikipedia.org/wiki/Cryptovirology
Ë http://www.cryptovirology.com
Ë Malicious Cryptography Exposing Cryptovirology by Dr. Adam
Young, Dr. Moti Yung.