13-01-2010, 07:29 PM
``Cryptovirology'' employs a twist on cryptography, showing that it can also be used offensively.It is used to unleash extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.Thus cryptography when combined with rogue software (viruses, Trojan horses) can cause potential threats and attacks. cryptographic tools should be managed and audited in general purpose computing environments, and the access to cryptographic tools should be well restricted to authorised persons only. cryptoviral extortion attack is an attack in which a virus, worm, or trojan hybrid encrypts the victim's files and the user must pay the malware author to receive the needed session key. an adversarial virus
writer can gain explicit access control over the data that his or her virus has access to. a virus can survive in the
host if it makes the host depend in a critical way on the
very presence of the virus itself. A computer varus has the high surviv-
ability property if it can maintain control over a! crit-
ical host resource R, such that it grants access to R,
solely when it is needed, and such that if Ihe virus is
modified or removed, R, as rendered permartently inac-
cessible.
the One-Half
virus, the ILZR virus, the ,4IDS Information Trojan,
the and the KOH virus are of this kind. The One-Half virus operates by encrypting the hard
drive starting from the last cylinder and slowly moving
forward over time. LZR takes control of reads and writes t o the hard disk
using unknown system call. One-Half virus uses a symmet-
ric cipher, and stores the secret key within itself. AIDS Information Trojan
provides information on the users risk
of contracting AIDS, and at the same time encrypts
the users hizrd drive after 90 reboots. a
virus containing a symmetric cryptosystem cannot be
used to mount extortion based attacks. From the perspective of Computational Com-
plexity, there are cases where a virus can cause damage
such that the victim cannot recover, but the varus writer
writer can.
a thorough knowledge of the various cryptographic primitives such as random number generators, proper recommended cipher text chaining modes etc are necessary to create a cryptovirus. Microsoft's Cryptographic API (CAPI), is a possible tool for cryptographic virus creation.Cryptography enabled malware are used with cryptocounters, in deniable password snatching, used with private information retrieval and used in secure communication between different instances of a distributed cryptovirus.
The Secret Sharing Virus
here the virus itself will
manage its private key. This virus may lose its power but this is accomplished by changing our notion of
a system S t o be a network of computers, and to re-
gard the host as being the entire network. We use the
distributed environment t o hide the key in the virus
copies them,selves. By considering an entire network as a host, there are many different users who do not
have access t o each others data. The secret sharing
virus takes advantage of this property by sharing its
private key among m nodes and thus keep its private key secret.
Countermeasures
many of the attacks can
be avoided using existing antiviral mechanisms as they too spread like conventional viruses. mechanisms to detect viruses prior to or imme-
diately following system infiltration must be implemented. auditing access to crypto-
graphic tools must be implemented. Incorporating strong crypto-
graphic tools into the operating system services layer may make the system more vulnerable as it provides platforms to the cryptoviruses. global
computations can be made robust using a constant
factor resilience and a polynomial factor redundancy
in computation.
cryptovirology.pdf (Size: 306.42 KB / Downloads: 606)