Вы находитесь на странице: 1из 23

Cryptovirology: the use of cryptography in virus attacks

Cryptovirology: Extortion-based security threats and countermeasures by Adam Young and Moti Yung

Overview of talk

cryptovirology Background on viruses High survivability viruses Cryptovirus Types of attacks

Extortion Information extortion Secret sharing virus in a distributed system

Cryptovirology what is it?


of applications of cryptography to computer viruses How to use crypto tools as weapons in virus attacks Crypto has good intentions in mind
Typically associated with improving systems / user security We will see that certain cryptographic tools can be used to degrade security

Background on viruses


Program within another program executing commands without the owners knowledge Defense: confine programs into small domains with rights appropriate to their intended use Program that can infect other programs by modifying them to include a, possibly evolved, copy of itself Typically perform some disturbing / annoying actions Virus that creates offspring with object code different from that of its parent Developed in response to how virus scanners work (identify viruses by searching for identifying strings)




Properties of a virus
1) 2)

Consume CPU time and occupy space Need to modify code in host system
Such as to gain control of the program


Are vulnerable to user analysis

System can be frozen and virus can be dissected Potentially allowing for recovery by victim

With cryptoviruses, we will bypass the 3rd property

How viruses attach

Virus Code

Virus Code

Original program

Original program

High survivability (HS) virus


to make the infected host dependent on the virus

Survival of virus depends on survival of host If user wants to rid his machine of the virus, he will lose access to the infected resource If this resource is vital to operation of system, then user loses access to system


such virus has been created yet

Can devise an approximation to HS

Approximation to HS virus

difficult to construct a pure HS virus

It needs to gain access to data without being detected Needs to be immune to all user analysis Left as an open problem

Virus effects can only be removed by virus author (so it is survivable) Based on computational intractable problem Virus has public key, author has private key

Cryptographical attack

A denial of service attack using public key cryptosystems performed by a crypto virus/trojan



Computer virus that uses a public key generated by the virus author to encrypt data that resides on the host system The data can only be restored by the virus author (assuming no backup exists) Is survivable

Setting for a DoS cryptoattack

1) 2) 3)

Encrypt data on host using some public key cryptosystem Notify user of attack and demand that he contact the virus author Author demands a ransom in return of the private (decryption) key User either:
Pays ransom, retrieves data Denies ransom, loses data Has a backup, ignores ransom

Corresponds to Extortion

Problems and Solution (from authors perspective)

Cannot free one victim (reveal private key) without possibly freeing all victims

could publish decryption key

Decryption of data using public key crypto is slow

Hybrid cryptosystem: combine public and secret key crypto schemes Encrypt data using symmetric crypto scheme (with a session key) Encrypt session key using public crypto scheme Private key is never revealed

Why not simply use a symmetric cryptoscheme?

Specs for attack


will need access to:

Random number generator -> random session key Random seed generator -> Initialization Vector (IV)

Ks = random session key IV = random IV M = {IV, Ks} = plaintext M = {m}Kz = ciphertext

Kz = public key Kw = secret key z = virus w = virus author

Basic Extortion Attack


Encrypt data D using session key (symmetric) D = {D}Ks Delete D Create M = {IV, Ks}Kz Notify host/victim display M and contact info Victim gives M and ransom to virus author Author decrypts: D(M )= M = {IV, Ks} and sends M to victim

2) 3) 4) 5)

Information extortion attack


Attacker will force victim to reveal some desired information H

Attacker will be able to verify the authenticity of H


is only successful if the cryptovirus can attack critical information for which no backup exists can


Extort information Be used as tool for espionage and information warfare

Information extortion attack continued

Extension: create checksum of the file to be requested (through extortion) Virus looks for critical data D and desired data H Virus encrypts: D = {D}Ks Checksum: ChkSum = checksum(D, IV, Ks) Plaintext: m = {ChkSum, IV, Ks} Ciphertext: m = {m}Kz Notify user: Display m and request for H Virus author gets H, compares ChkSum, frees victim

Information attack = $

electronic money is implemented

Virus searches for e-money notes and encrypts them Demand half the money


victim had previously encrypted e-money

Does not help: virus encrypted e-notes are useless Assumes that no e-money revocation system exists


information attack translates directly into the loss of $ to the victim

Secret Sharing Virus


Distributed System Virus will manage private key (instead of author)

Subject to user analysis

Consider the host to consist of the entire network Use distributed environment to hide the key in virus copies (each node)

store entire key in single node access control between network nodes

User of that node could potentially retrieve the key


Nodes dont have access to each others data

Secret sharing scheme continued


Gamal based secret sharing

Large prime: Generator: Private exponent: Public residue: p g x y = gx mod p


Knows: p, g Creates: xi, yi = gXi mod p Will collaborate to create encryption and decryption keys

instance of virus

= encryption, X = decryption

Encryption / Decryption in Secret Sharing Scheme

Each virus publishes its yi anonymously over a public channel (bulletin board) Each virus then reads public channel and computes: Encryption Key = Y = y1 * y2 * * ym (mod p)

Each virus reveals their secret xi Decryption key = X = x1 + x2 + + xm (mod p 1) Note: shared decryption is now revealed

Each virus can encrypt data on host

Need to notify host to avoid deletion of single virus

Stealing Attack

Securely steal information from a remote location Depend on spread of virus as the communication medium How it works
Virus encrypts data D = D Virus appends D to itself Do not notify the user Kills any ancestor that does not have D Lucky virus author will encounter virus offspring with D and decrypt it

Why not just post information online as in the secret sharing virus?

A few things to note


only needs to have access to cryptographic tools

Does not necessarily need to have tools implemented in its code Use OS functions such as provided by Microsofts Cryptographic API This means that the virus writer need not fully understand cryptography to create virus

Preventions against cryptoattacks?



Cryptoviruses propagate in the same way as traditional viruses Same detection methods apply

control to cryptographic tools

If strong crypto ciphers and random number generators are available to user processes, then they are available to viruses


have seen that cryptographic tools can be used to create a new class of viruses: cryptoviruses need not be aware of underlying cryptography use available functions the virus writer an extortion method




better to make attacks publicly known than to wait for attacks to occur