CRYPTOVIROLOGY

by
Ramu Muthuraman Cpsc 620

Overview

Introduction Justification of Cryptovirology? Key Terms Cryptoviral Extortion Attack Gpcode.ag ransom Trojan Denial Password Snatching Conclusions References

Introduction

Cryptovirology is the study of application of cryptography to design malicious software. It is an area that employs public key cryptography to mount attacks on computer systems, showing that cryptography has also "negative" usage. The combination of virus science and cryptography created Cryptovirology

Justification of Cryptovirology?

It takes a thief to catch a thief. It is a pro rata anticipation of what people will do when they get inside a computer and not about how to get inside a computer. It helps in making the system more secure.

Key terms

Cryptovirus It is defined as a computer virus that contains and uses a public key.

Polymorphic virus A virus that contains and uses a symmetric key for the purposes of encrypting and decrypting its own code.

Cryptoviral Extortion

It is a denial of resource attack. It is a threeround protocol that is carried by an attacker against a victim. The virus encrypts host data with this random symmetric key The virus then encrypts the resulting string using the public key of the virus author (e.g., using RSA-OAEP). The encrypted plaintext is then held ransom. The virus notifies the victim that the attack has occurred

Contd..

If the victim complies by paying the ransom and transmitting the asymmetric cipher text to the virus author then the virus author decrypts the cipher text using the private key . This reveals the symmetric key a that was used in the attack The virus author sends the symmetric key to the victim. These are then used to decrypt the data that was held ransom.

Gpcode.ag ransom Trojan

Gpcode.ag spread initially through spam as containing an attachment. It encrypted about 80 types of files and then it deletes itself to prevent it from getting detected.

Users would be asked an ransom demand when they tried to open a file and it tokes a lot of computation time to find out the private key by brute force.

Denial Password Snatching

An attacker writes a Trojan that snatches password and puts the Trojan into a virus. The payload of a virus then installs the Trojan.

The Crypto Trojan uses the public key to encrypt the login password pairs and stores it in a hidden password file with a data format of a circular linked list. It always overwrites the asymmetric cipher text, so that the size of password file is always same.

Cont..

Every time some one puts a Flash drive, the Trojan unconditionally writes the encrypted password file to the last few sectors and marks them as unused Only that particular person who wrote the Trojan will be able to extract the sectors and decrypt the password file.

Conclusions

Cryptography has traditionally been used for defensive purpose but Cryptovirology uses cryptography for attacking rather than defending. Cryptovirology is a proactive anticipation of the opponent's next move and suggests that certain safeguards should be developed and put into place.

Reference

http://en.wikipedia.org/wiki/Cryptovirology http://www.cryptovirology.com/ Malicious Cryptography Exposing Cryptovirology by Dr. Adam Young, Dr. Moti Yung

Questions

Any Questions