You are previewing Malicious Cryptography: Exposing Cryptovirology.
O'Reilly logo
Malicious Cryptography: Exposing Cryptovirology

Book Description

Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It's called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you're up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent's power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

  • Understand the mechanics of computationally secure information stealing

  • Learn how non-zero sum Game Theory is used to develop survivable malware

  • Discover how hackers use public key cryptography to mount extortion attacks

  • Recognize and combat the danger of kleptographic attacks on smart-card devices

  • Build a strong arsenal against a cryptovirology attack

  • Table of Contents

    1. Cover Page
    2. Title Page
    3. Copyright
    4. Dedication
    5. Contents
    6. Foreword
    7. Acknowledgments
    8. Introduction
    9. Chapter 1: Through Hacker's Eyes
    10. Chapter 2: Cryptovirology
    11. Chapter 3: Tools for Security and Insecurity
      1. 3.1 Sources of Entropy
      2. 3.2 Entropy Extraction via Hashing
      3. 3.3 Unbiasing a Biased Coin
      4. 3.4 Combining Weak Sources of Entropy
      5. 3.5 Pseudorandom Number Generators
      6. 3.6 Uniform Sampling
      7. 3.7 Random Permutation Generation
      8. 3.8 Sound Approach to Random Number Generation and Use
      9. 3.9 RNGs Are the Beating Heart of System Security
      10. 3.10 Cryptovirology Benefits from General Advances
      11. 3.11 Anonymizing Program Propagation
    12. Chapter 4: The Two Faces of Anonymity
      1. 4.1 Anonymity in a Digital Age
      2. 4.2 Deniable Password Snatching
    13. Chapter 5: Cryptocounters
      1. 5.1 Overview of Cryptocounters
      2. 5.2 Implementing Cryptocounters
      3. 5.3 Other Approaches to Cryptocounters
    14. Chapter 6: Computationally Secure Information Stealing
      1. 6.1 Using Viruses to Steal Information
      2. 6.2 Private Information Retrieval
      3. 6.3 A Variant of the Phi-Hiding Scheme
      4. 6.4 Tagged Private Information Retrieval
      5. 6.5 Secure Information Stealing Malware
      6. 6.6 Deniable Password Snatching Based on Phi-Hiding
      7. 6.7 Malware Loaders
      8. 6.8 Cryptographic Computing
    15. Chapter 7: Non-Zero Sum Games and Survivable Malware
      1. 7.1 Survivable Malware
      2. 7.2 Elements of Game Theory
      3. 7.3 Attacking a Brokerage Firm
      4. 7.4 Other Two-Player Game Attacks
      5. 7.5 Future Possibilities
    16. Chapter 8: Coping with Malicious Software
      1. 8.1 Undecidability of Virus Detection
      2. 8.2 Virus Identification and Obfuscation
      3. 8.3 Heuristic Virus Detection
      4. 8.4 Change Detection
    17. Chapter 9: The Nature of Trojan Horses
      1. 9.1 Text Editor Trojan Horse
      2. 9.2 Salami Slicing Attacks
      3. 9.3 Thompson's Password Snatcher
      4. 9.4 The Subtle Nature of Trojan Horses
    18. Chapter 10: Subliminal Channels
      1. 10.1 Brief History of Subliminal Channels
      2. 10.2 The Difference Between a Subliminal and a Covert Channel
      3. 10.3 The Prisoner's Problem of Gustavus Simmons
      4. 10.4 Subliminal Channels New and Old
      5. 10.5 The Impact of Subliminal Channels on Key Escrow
    19. Chapter 11: SETUP Attack on Factoring Based Key Generation
      1. 11.1 Honest Composite Key Generation
      2. 11.2 Weak Backdoor Attacks on Composite Key Generation
      3. 11.3 Probabilistic Bias Removal Method
      4. 11.4 Secretly Embedded Trapdoors
      5. 11.5 Key Generation SETUP Attack
      6. 11.6 Security of the SETUP Attack
      7. 11.7 Detecting the Attack in Code Reviews
      8. 11.8 Countering the SETUP Attack
      9. 11.9 Thinking Outside the Box
      10. 11.10 The Isaac Newton Institute Lecture
    20. Chapter 12: SETUP Attacks on Discrete-Log Cryptosystems
      1. 12.1 The Discrete-Log SETUP Primitive
      2. 12.2 Diffie-Hellman SETUP Attack
      3. 12.3 Security of the Diffie-Hellman SETUP Attack
      4. 12.4 Intuition Behind the Attack
      5. 12.5 Kleptogram Attack Methodology
      6. 12.6 PKCS SETUP Attacks
      7. 12.7 SETUP Attacks on Digital Signature Algorithms
      8. 12.8 Rogue Use of DSA for Encryption
      9. 12.9 Other Work in Kleptography
      10. 12.10 Should You Trust Your Smart Card?
    21. Appendix A: Computer Virus Basics
      1. A.1 Origins of Malicious Software
      2. A.2 Trojans, Viruses, and Worms: What Is the Difference?
      3. A.3 A Simple DOS COM Infector
      4. A.4 Viruses Don't Have to Gain Control Before the Host
    22. Appendix B: Notation and Other Background Information
      1. B.1 Notation Used Throughout the Book
      2. B.2 Basic Facts from Number Theory and Algorithmics
      3. B.3 Intractability: Malware's Biggest Ally
      4. B.4 Random Oracles and Functions
    23. Appendix C: Public Key Cryptography in a Nutshell
      1. C.1 Overview of Cryptography
      2. C.2 Discrete-Log Based Cryptosystems
    24. Glossary
    25. References
    26. Index