Kleptography
Kleptography is the study of stealing information securely and subliminally. The term was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology – Crypto '96.[1] Kleptography is a subfield of
Kleptographic attack
Meaning
A kleptographic attack is an attack which uses
A reverse engineer might be able to uncover a backdoor inserted by an attacker, and when it is a symmetric backdoor, even use it themself.[5] However, by definition a kleptographic backdoor is asymmetric and the reverse-engineer cannot use it. A kleptographic attack (asymmetric backdoor) requires a private key known only to the attacker in order to use the backdoor. In this case, even if the reverse engineer was well-funded and gained complete knowledge of the backdoor, it would remain useless for them to extract the plaintext without the attacker's private key.[5]
Construction
Design
Kleptographic attacks have been designed for
A. Juels and J. Guajardo[10] proposed a method (KEGVER) through which a third party can verify RSA key generation. This is devised as a form of distributed key generation in which the secret key is only known to the black box itself. This assures that the key generation process was not modified and that the private key cannot be reproduced through a kleptographic attack.[10]
Examples
Four practical examples of kleptographic attacks (including a simplified SETUP attack against RSA) can be found in JCrypTool 1.0,
The
References
- ISBN 978-3-540-68697-2.
- ISBN 978-1-4684-4732-3.
- ISBN 978-3-540-16076-2.
- ISBN 978-3-540-57600-6.
- ^ a b c Esslinger, Bernhard; Vacek, Patrick (20 February 2013). "The Dark Side of Cryptography: Kleptography in Black-Box Implementations". Infosecurity Magazine. Retrieved 18 March 2014.
- ^ Young, Adam (2006). "Cryptovirology FAQ". Cryptovirology.com. Archived from the original on 9 May 2017. Retrieved 18 March 2014.
- S2CID 52896242.
- ^ ISBN 978-0-7645-6846-6.
- ^ Zagórski, Filip; Kutyłowski, Mirosław. "Bezpieczeństwo protokołów SSL/TLS i SSL w kontekście ataków kleptograficznych" [Security of SSL/TLS and SSL protocols in the context of kleptographic attacks]. kleptografia.im.pwr.wroc.pl (in Polish). Archived from the original on 2006-04-23.
- ^ ISSN 0302-9743. Archived from the original(PDF) on 2013-05-12.
- ^ https://github.com/jcryptool JCrypTool project website
- ^ Esslinger, B. (2010). "Die dunkle Seite der Kryptografie – Kleptografie bei Black-Box-Implementierungen". <kes> (in German). No. 4. p. 6. Archived from the original on 2011-07-21.
- ^ Green, Matthew (September 18, 2016). "The Many Flaws of Dual_EC_DRBG". Retrieved November 19, 2016.