Cryptovirology
Part of a series on |
Computer hacking |
---|
Cryptovirology refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors.[citation needed] Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.[1]
The field was born with the observation that
Overview
The field encompasses covert malware attacks in which the attacker securely steals private information such as symmetric keys, private keys, PRNG state, and the victim's data. Examples of such covert attacks are asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can be used only by the attacker, even after it is found. This contrasts with the traditional backdoor that is symmetric, i.e., anyone that finds it can use it. Kleptography, a subfield of cryptovirology, is the study of asymmetric backdoors in key generation algorithms, digital signature algorithms, key exchanges, pseudorandom number generators, encryption algorithms, and other cryptographic algorithms. The NIST Dual EC DRBG random bit generator has an asymmetric backdoor in it. The EC-DRBG algorithm utilizes the discrete-log kleptogram from kleptography, which by definition makes the EC-DRBG a cryptotrojan. Like ransomware, the EC-DRBG cryptotrojan contains and uses the attacker's public key to attack the host system. The cryptographer Ari Juels indicated that NSA effectively orchestrated a kleptographic attack on users of the Dual EC DRBG pseudorandom number generation algorithm and that, although security professionals and developers have been testing and implementing kleptographic attacks since 1996, "you would be hard-pressed to find one in actual use until now."[2] Due to public outcry about this cryptovirology attack, NIST rescinded the EC-DRBG algorithm from the NIST SP 800-90 standard.[3]
Covert information leakage attacks carried out by cryptoviruses, cryptotrojans, and cryptoworms that, by definition, contain and use the public key of the attacker is a major theme in cryptovirology. In "deniable password snatching," a cryptovirus installs a cryptotrojan that asymmetrically encrypts host data and covertly broadcasts it. This makes it available to everyone, noticeable by no one (except the attacker),[citation needed] and only decipherable by the attacker. An attacker caught installing the cryptotrojan claims to be a virus victim.[citation needed] An attacker observed receiving the covert asymmetric broadcast is one of the thousands, if not millions of receivers, and exhibits no identifying information whatsoever. The cryptovirology attack achieves "end-to-end deniability." It is a covert asymmetric broadcast of the victim's data. Cryptovirology also encompasses the use of private information retrieval (PIR) to allow cryptoviruses to search for and steal host data without revealing the data searched for even when the cryptotrojan is under constant surveillance.[4] By definition, such a cryptovirus carries within its own coding sequence the query of the attacker and the necessary PIR logic to apply the query to host systems.
History
The first cryptovirology attack and discussion of the concept was by Adam L. Young and
Examples
Tremor virus
While viruses in the wild have used cryptography in the past, the only purpose of such usage of cryptography was to avoid detection by antivirus software. For example, the tremor virus[8] used polymorphism as a defensive technique in an attempt to avoid detection by anti-virus software. Though cryptography does assist in such cases to enhance the longevity of a virus, the capabilities of cryptography are not used in the payload. The One-half virus was amongst the first viruses known to have encrypted affected files.
Tro_Ransom.A virus
An example of a virus that informs the owner of the infected machine to pay a ransom is the virus nicknamed Tro_Ransom.A.[9] This virus asks the owner of the infected machine to send $10.99 to a given account through Western Union.
CAPI
It has been demonstrated that using just 8 different calls to
Other uses of cryptography-enabled malware
Apart from cryptoviral extortion, there are other potential uses of cryptoviruses,[4] such as deniable password snatching, cryptocounters, private information retrieval, and in secure communication between different instances of a distributed cryptovirus.
See also
References
- ^ from the original on 8 October 2022. Retrieved 8 October 2022.
- ^ Larry Greenemeier (18 September 2013). "NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard". Scientific American. Archived from the original on 18 August 2016. Retrieved 4 August 2016.
- ^ "NIST Removes Cryptography Algorithm from Random Number Generator Recommendations". National Institute of Standards and Technology. 21 April 2014. Archived from the original on 29 August 2016. Retrieved 13 July 2017.
- ^ ISBN 0-7645-4975-8.
- ^ Korsakov, Alexey (2014). Cryptovirology and malicious software (PDF) (Master's thesis thesis). University of Eastern Finland, department of computer science.
- ^ "FACT SHEET: Ransomware and HIPAA" (PDF). HHS. Archived (PDF) from the original on 13 April 2018. Retrieved 22 July 2016.
- ^ SB-1137 that amends Section 523 of the Penal Code.
- ^ "Tremor Description | F-Secure Labs". www.f-secure.com. Archived from the original on 24 June 2021. Retrieved 2 March 2021.
- ^ "Sophos Security Labs: Real-Time Malware Threat Prevention". Archived from the original on 10 May 2008. Retrieved 23 May 2008.
- ^ "Securelist". securelist.com. Archived from the original on 7 April 2015. Retrieved 2 March 2021.
- S2CID 12990192.
External links
- "Cryptovirology Labs – Site maintained by Adam Young and Moti Yung". Archived from the original on 18 September 2020.
- "Cryptography and cryptovirology articles – Computer viruses". VX Heavens. Archived from the original on 3 February 2015.
- "Cryzip Trojan Encrypts Files, Demands Ransom".[permanent dead link]
- "Can a virus lead an enterprise to court?". Archived from the original on 27 January 2007.
- "A student report entitled 'Superworms and Cryptovirology'". Archived from the original on 9 November 2006.
- Angelo P. E. Rosiello. "Next Virus Generation: an Overview (cryptoviruses)". rosiello.org. Archived from the original on 25 October 2010.