Cryptovirology


Cryptovirology
ABSTRACT
"Cryptovirology" is a field that studies how to use cryptography to design powerful malicious software.It encompasses overt attacks such as cryptoviral extortion where a cryptoworm, or cryptotrojan hybrid encrypts the victim's files and the user must pay the malware author to receive the needed session key malware(that is encrypted that is encrypted under the author's public key that is contained in the malware) .The field also encompasses covert attacks in which the attacker secretly steals private information such as private keys. An example of the latter type of attack are asymmetric backdoors . Cryptoviral extor-tion is a 2-party protocol between an attacker and a victim that is carried out by a cryptovirus,cryptoworm, or cryptotrojan. In a cryp toviral extortion attack the malware hybrid encrypts the plaintext of toviral extortion attack the malware hybrid encrypts the plaintext of the victim using the public key of the attacker. The attacker extorts some form of payment from the victim in return for the plaintext that is held hostage. In addition to providing handson experience with this cryptographic protocol, this chapter gives readers a chance to: Learn the basics of hybrid encryption that is commonly used in everything from secure email applications to secure socket connections. Gain a basic understanding of how to use Microsoft's Cryptographic API that is present in modern MS Windows operating systems. The chapter only provides an experimental version of the payload, no selfreplicating code is given. We conclude with proactive measures that can be taken by computer users and computer manufacturers alike to minimize the threat posed by this type of cryptovirology attack.

INTRODUCTION: 
"Cryptovirology" is the study of the applications of cryptography to malicious software. It is an investigation into how modern cryptographic paradigms and tools can be used to strengthen, improve, and develop new malicious software (malware) attacks. Cryptovirology attacks have been devised to: give malware enhanced privacy and be more robust against reverse-engineering, give the attacker enhanced anonymity when communicating with deployed malware (e.g., over public bulletin boards and Usenet newsgroups), improve the ability to steal data, improve the ability to carry out extortion, enable new types of denial-of-service, enable fault-tolerance in distributed cryptoviral attacks, and so on. Also, recent work shows how a worm can install a back door on each infected system that opens only when the worm is presented with a system-specific ticket that is generated by the worm's author. This is called an access-for-sale worm . Cryptography has traditionally been used for defensive purposes. Ciphers defend against a passive eavesdropper. Public key infrastructures defend against an active adversary that mounts a man-in-the-middle attack. Digital signature algorithms defend against a forger. E-cash systems defend against a counterfeiter and a double-spender. Pseudorandom bit generators defend against a next-bit predictor, and so on. Cryptovirology extends beyond finding protocol failures and design vulnerabilities. It is a forwardengineering discipline that can be used for attacking rather than defending. Understanding the possible extent of the future attacks is the key to successfully protecting against them. Designers of protection mechanisms need to keep in mind the potential ferocity and sophistication of viruses that are just around the corner. That is why we think that the potential destructive capabilities of fast spreading worms like the Warhol worm, Flash worm and Curious Yellow need to be explored to the maximum extent possible. The most distinctive and alarming trends in current computer attacks are high automation and speed, increasing sophistication of attack tools, vulnerability discovery rate that is hard to keep up with, increasing permeability of firewalls and highly asymmetric Cryptovirology nature of threat . Monitoring organizations name worms as one of the four most alarming types of today's attacks. This chapter presents an experimental implementation of cryptoviral extortion, an attack that we devised and presented at the 1996 IEEE Symposium on Security & Privacy and that was recently covered in Malicious Cryptography . The design is based on Microsoft's Cryptographic API and the salient aspects of the implementation were presented at ISC '05 and were later re_ned in the International Journal of Information Security. Cryptoviral extortion is a 2-party protocol between an attacker and a victim that is carried out by a cryptovirus, cryptoworm, or cryptotrojan.7 

CRYPTOGRAPHY:-
"Cryptography" is a blessing to information processing and communications, because it allows people to store information securely and to conduct private communications over large distances. Cryptology(or cryptology) is a discipline of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication and such access control . The process involves two techniques. They are Encryption Decryption The process of encoding plain text messages into cipher text messages is called as encryption. The reverse process of transforming cipher text back to plain text messages is called as decryption. There are mainly two aspects in cryptography-the algorithm and key used. The important encryption techniques include symmetric , asymmetric, hash function algorithms. Symmetric-key cryptography refers to encryption methods in which both. The sender and receiver share the same key. In asymmetric key cryptography , the encryption key is the public key is the private key or secret key. ADVANTAGES: Provide privacy Authentication Security 
DISADVANTAGES: Time greedy Requires many human resources and much effort dedication.

CRYPTOVIRUS
In computer security, a cryptovirus is defined as a computer virus that contains and uses a public key. Usually the public key belongs to the author of the virus, though there are other possibilities as well. For instance, a virus or worm may generate and use its own key pair at run-time . Cryptoviruses may utilize secret sharing to hide information and may communicate by reading posts from public bulletin boards . Cryptotrojans and cryptoworms are the same as cryptoviruses, except they are Trojan horses and worms, respectively. Note that under this definition, a virus that uses a symmetric key and not a public key is not a cryptovirus (this is particularly relevant in the case of polymorphic viruses). 

CRYPTOVIRAL EXTORTION:
" Cryptoviral extortion" which uses public key cryptography, is a denial of resources attack that was introduced in . It is a three-round protocol that is carried out by an attacker against a victim. The attack is carried out via a cryptovirus that uses a hybrid cryptosystem to encrypt host data while deleting or overwriting the original data in the process. The protocol is as follows: (protocol setup phase) An asymmetric key pair is generated by the virus author on a smartcard and the public key is placed within the virus. The private key is designated as "non-exportable" so that even the virus author cannot obtain it's bit representation. Thus, the private key is generated, stored, and used on the smartcard. Ideally, the smartcard will implement two-factor security: something the virus author knows (a PIN number) and something the virus writer has (the smartcard that contains the private key). Also, the card will ideally be immune to differential power analysis, timing attacks, etc. to prevent the virus author from ever learning the bits of the private key. 1) (virus author -> victim) The virus author deploys the cryptovirus. At a later time the virus activates on what could be tens or even hundreds of thousands of machines. The remainder of this description will cover the protocol for just one such machine. When the virus activates, it uses a true random bit generator (TRBG) to generate a symmetric key and initialization vector (IV) uniformly at random. It is essential that the TRBG produce truly random bits to prevent the symmetric key and IV from being guessed or otherwise determined by the victim at a later date. The virus then encrypts host data with this random symmetric key and IV (e.g., using cipher-block chaining (CBC) mode). The virus concatenates the IV with the symmetric key and then encrypts the resulting string using the public key of the virus author (e.g., using RSA-OAEP). The encrypted plaintext is then held ransom. The virus notifies the victim that the attack has occurred (e.g., via a dialog box on the victim's screen) and states that the asymmetric ciphertext will be needed to restore the data. The virus author states his or her demands in return for the data. The virus author and victim can send asymmetrically Cryptovirology encrypted messages to each other via a public bulletin board to try to preserve the attacker's anonymity. Alternatively, digital pseudonyms and mix-networks can be used. (victim -> virus author) If the victim complies by paying the ransom and transmitting the asymmetric ciphertext to the virus author then the virus author decrypts the ciphertext using the private key that only the virus author has access to (the one on his or her smartcard). This reveals the symmetric key and IV that was used in the attack. (virus author -> victim) The virus author sends the symmetric key and IV to the victim. These are then used to decrypt the data that was held ransom. (Security) The attack is ineffective if the data can be recovered from backups. Antiviral experts cannot retrieve the private decryption key by analyzing the virus since only the public key will be found. The importance of using hybrid encryption can be seen from the following argument. Suppose that a smartcard was not used and asymmetric encryption were performed using electronic code-book (ECB) mode. It follows that if the private key were revealed to one victim then that victim could give the private key to others. In this case the virus author cannot hope to victimize very many people (perhaps even just one person). The alternative would be for the virus author to demand the entire ECB ciphertext of the data that was held ransom so that it could be deciphered without revealing the private decryption key. However, this is unacceptable for two reasons. First, the file could be huge and therefore make transmission cumbersome. Second, many victims may refuse to cooperate since it would reveal to the virus author the data that was held ransom (privacy violation). This makes the use of hybrid encryption (not just public key encryption) essential. One question that is typically asked in regards to cryptoviral extortion is the following. How could an extortionist ever expect to receive payment? Truly anonymous ecash (which may someday be minted off-shore) could provide a safe medium for ransom. Mix networks are also a critical infrastructure for allowing the extortionist to maintain his or her anonymity. Also, the extortionist could seek information that resides on the host machine instead of money. In this case it may be possible for the malware to asymmetrically encrypt the following: cryptographic hash of the desired data concatenated with the randomly generated symmetric key. This would make it so that the symmetric key could not be recovered without revealing the correct hash. Cryptovirology This leads to an important consideration for organizations that rely heavily on information technology. It is important to be able to estimate the value of an exploit to an outside thief. A model for doing exactly this has been proposed, and it can be used by an organization to gauge its attractiveness to outside thieves. 

BLACK-BOX CRYPTOSYSTEM:
Cryptovirology relies heavily on the notion of a "black-box" cryptosystem when it comes to developing provably secure malware attacks against cryptosystems. A black-box cryptosystem is both a theoretical abstraction as well as a common everyday reality. In short, a black-box cryptosystem is a cryptosystem that is implemented in such a way that the underlying implementation (source code or circuitry) cannot be scrutinized. A black-box cryptosystem has a public I/O specification and its general functionality is disclosed (though the true functionality could differ). By definition then, a black-box cryptosystem can only be used without verifying the correctness of its implementation. A smartcard is a black-box cryptosystem unless the user disassembles it, verifies the circuitry and the data that resides in memory, and then reassembles it. Similarly, a cryptosystem that is implemented in software is a black-box cryptosystem unless its code is disassembled and verified. Note that this definition states that the implementation in question must be verified, not the design specification for the whole product line. A manufacturer can sell thousands of cryptosystems and put a backdoor in just one of them.

SUBLIMINAL CHANNEL
Many kleptographic attacks are based on the notion of a subliminal channel. The term subliminal channel refers to an information transmission channel that can be used to send information out of (or potentially into) a cryptosystem. A subliminal channel is a type of covert channel. However, covert channels are broader in scope since they are not specific to cryptosystems (covert channels are discussed in). A concrete example will go a long way to explain what a covert channel is. Suppose that Alice and Bob are connected to a computer that is running a multiuser operating system. In a secure operating system that can be used for sensitive (e.g., military) applications it should not be possible for a process that Alice is running to transmit information covertly to a process that Bob is running. But, suppose that a printer is connected to this machine. Each process can make an operating system call to print data. This call will return a result code indicating success or failure. The result code will also indicate if the printer is busy printing out a document. Alice's process can utilize a special communication protocol to speak with a process that Bob is running. For example, printing out two short documents with a brief pause in between could correspond to a binary "1" and printing out one document could be a binary "0." Bob's process calls the operating system routine in a busy waiting fashion to receive bits from Alice's process. This is not a subliminal channel, but it is a covert channel. Subliminal channels are characterized by: their inability to be detected when in use, their inability to be read even when it is assumed that they are in use, and their inherent channel capacity, or bandwidth. However, the code that transmits information over a subliminal channel is readily identifiable by cryptographers when they inspect the code. So, that attacker must ensure that subliminal channels are only utilized in black-box cryptosystems. Cryptovirology The classic use of a subliminal channel is in the prisoners' problem.. In the prisoners' problem, two prisoners are allowed to communicate to each other but are not allowed to send encrypted messages to each other. They are only permitted to exchange public keys and digitally sign their messages. The problem is to devise a way, using the digital signature algorithm in question, for the two prisoners to communicate secretly with each other through digital signatures in such a way that the warden cannot detect or read the subliminal messages. The applications of subliminal channels grew to encompass insider attacks against smartcards as well. A very general type of subliminal channel has been shown to exist that is based on the quadratic residuosity problem. The channel involves placing a small set of primes, which must remain secret, within a smartcard. It has been shown that this channel can be used by a malicious designer to covertly obtain the DSA private signing key of the user of the smartcard. N G r F. Knlenchery 

KLEPTOGRAPHY:
"Kleptography" is the study of stealing information securely and subliminally. Kleptography is a natural extension of the theory of subliminal channels The notion of an asymmetric backdoor was introduced in1996. A kleptographic attack is an attack in which a malicious designer deploys an asymmetric backdoor. In a kleptographic attack, there is an explicit distinction between confidentiality of the messages (e.g., the private keys of the users) and awareness that the attack is taking place. A secure kleptographic attack is undetectable as long as the cryptosystem is a black-box. Also, if the black-box is opened, it may be evident that a kleptographic attack is underway, but confidentiality is preserved. In other words, a kleptographic attack is an asymmetric backdoor that can only be used by the designer that carries out the attack.. Prior to the advent of asymmetric backdoors, scientific research on backdoors in cryptosystems was conducted. An early scientific paper on building a backdoor into RSA key generation is [An93]. In hindsight, Anderson's construction is a symmetric backdoor, meaning that a successful reverse-engineer will be able to use the backdoor.. In contrast, a kleptographic backdoor is an asymmetric backdoor, meaning that a reverse-engineer that expends considerable effort breaching the black-box that houses the backdoor still cannot use the backdoor (in general, the reverse-engineer finds the attacker's public key, not the needed private decryption key). Kleptographic attacks often utilize subliminal channels to transmit things like: private signing keys, private decryption keys, symmetric keys, etc. outside of a cryptosystem (e.g., smartcard). The requirement that kleptographic attacks have that exceeds the requirements of a subliminal channel is robustness against reverse-engineering. A kleptographic attack is only secure if the confidentiality of the subliminal messages holds even after the black-box is opened and inspected. This must hold for all previously transmitted messages as well as future subliminal messages that may be sent. Asymmetric Cryptovirology cryptography is used to achieve this type of confidentiality. It is this added robustness in confidentiality that makes kleptographic attacks more attractive to carry out in practice. An example will go a long way to explain what a kleptographic attack is. A kleptographic attack against a software-based RSA cryptosystem like PGP has been demonstrated ago.In this attack, RSA keys are not generated normally. However, the RSA public modulus n is still the product of two primes p and q. The modulus n is generated such that its upper order bits effectively constitute the asymmetric encryption of a value that allows n to be efficiently factored. Computing such composites n is possible using a well known subliminal channel in the products of two primes. The asymmetric encryption is computed using the public key of the attacker that is embedded in the RSA key generation algorithm. As a result, a database of public keys (i.e., the CA) is a database of public keys and ciphertexts of the corresponding private keys from the perspective of the attacker. The novelty in this kleptographic attack is the following. It can be deployed in software in a single binary program (that may be code-signed) such that everyone obtains the same copy. The key pairs that the program outputs do not reveal that a kleptographic attack is occurring (they appear to be normal). If a reverse-engineer examines the key generation code then he or she will learn that a kleptographic attack is underway. Cryptovirology 

CRYPTOGRAPHIC STANDARDS:
FIPS FIPS stands for "Federal Information Processing Standard." FIPS standards are published in FIPS PUBS. These standards and guidelines are issued by NIST for use by the U.S. government. NIST develops FIPS when there are compelling federal government requirements for security and interoperability and there are no acceptable industry standards or solutions to these requirements. Of particular relevance to cryptovirology is the FIPS 140- 2 standard entitled, "Security Requirements for Cryptographic Modules" [FIPS140] and its annexes. The annexes employ the FIPS 186-2 standard entitled, "Digital Signature Standard (DSS)These standards are relevant to cryptovirology since companies rely heavily on them for information security and privacy. PKCS The Public-Key Cryptography Standards (PKCS) is a set of standards for public-key cryptography, developed by RSA Laboratories in cooperation with an informal consortium, originally including Apple, Microsoft, DEC, Lotus, Sun and MIT. PKCS has been cited by the OIW (OSI Implementors' Workshop) as a method for implementation of OSI standards.) PKCS includes both algorithm-specific and algorithm-independent implementation standards. Documents detailing the PKCS standards can be obtained at RSA Data Security's FTP server. Cryptovirology 

ADVANTAGES OF CRYPTOVIROLOGY
Provide privacy Authentication High security It extends beyond finding protocol failures and design vulnerabilities High speed Requires less human resources 

USES & APPLICATIONS
Defensive purposes Security on the internet Development of security products Cryptovirology 

CONCLUSION
The description provides an enhanced version of cryptovirology.I conclude with proactive measures that can be taken by computer users and computer manufacturers alike to minimize the threat posed by this type of cryptovirology attack. Cryptovirology FUTURE SCOPE
Imagining what the nature of future viral attacks might look like is the key to successfully protecting against them. This description discusses how cryptography and key management techniques may definitively checkmate antiviral analysis and mechanisms. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. In this paper we present the idea of Cryptovirology which employs a twist on cryptography, showing that it can also be used offensively. By being offensive we mean that it can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents. In this paper we analyze potential threats and attacks that rogue use of cryptography can cause when combined with rogue software (viruses, Trojan horses), and demonstrate them experimentally by presenting an implementation of a cryptovirus that we have tested (we took careful precautions in the process to insure that the virus remained contained). Public-key cryptography is essential to the attacks that we demonstrate (which we call "cryptovirological attacks"). We also suggest countermeasures and mechanisms to cope with and prevent such attacks. These attacks have implications on how the use of cryptographic tools should be managed and audited in general purpose computing environments, and imply that access to cryptographic tools should be well controlled. The experimental virus demonstrates how cryptographic packages can be condensed into a small space, which may have independent applications (e.g., cryptographic module design in small mobile devices)

No comments:

Post a Comment

leave your opinion