150 likes | 516 Views
CRYPTOVIROLOGY. by Ramu Muthuraman Cpsc 620. Overview. Introduction Justification of Cryptovirology? Key Terms Cryptoviral Extortion Attack Gpcode.ag “ransom” Trojan
E N D
CRYPTOVIROLOGY by Ramu Muthuraman Cpsc 620
Overview • Introduction • Justification of Cryptovirology? • Key Terms • Cryptoviral Extortion Attack • Gpcode.ag “ransom” Trojan • Denial Password Snatching • Conclusions • References
Introduction • Cryptovirology is the study of application of cryptography to design malicious software. • It is an area that employs public key cryptography to mount attacks on computer systems, showing that cryptography has also "negative" usage. • The combination of virus science and cryptography created Cryptovirology
Justification of Cryptovirology? • It takes a thief to catch a thief. • It is a pro rata anticipation of what people will do when they get inside a computer and not about how to get inside a computer. • It helps in making the system more secure.
Key terms • Cryptovirus It is defined as a computer virus that contains and uses a public key. • Polymorphic virus A virus that contains and uses a symmetric key for the purposes of encrypting and decrypting its own code.
Cryptoviral Extortion • It is a denial of resource attack. It is a three-round protocol that is carried by an attacker against a victim. • The virus encrypts host data with this random symmetric key The virus then encrypts the resulting string using the public key of the virus author (e.g., using RSA-OAEP). The encrypted plaintext is then held ransom. The virus notifies the victim that the attack has occurred
Contd.. • If the victim complies by paying the ransom and transmitting the asymmetric cipher text to the virus author then the virus author decrypts the cipher text using the private key . This reveals the symmetric key a that was used in the attack • The virus author sends the symmetric key to the victim. These are then used to decrypt the data that was held ransom.
Gpcode.ag “ransom” Trojan • Gpcode.ag spread initially through spam as containing an attachment. • It encrypted about 80 types of files and then it deletes itself to prevent it from getting detected. • Users would be asked an ransom demand when they tried to open a file and it tokes a lot of computation time to find out the private key by brute force.
Denial Password Snatching • An attacker writes a Trojan that snatches password and puts the Trojan into a virus. The payload of a virus then installs the Trojan. • The Crypto Trojan uses the public key to encrypt the login password pairs and stores it in a hidden password file with a data format of a circular linked list. It always overwrites the asymmetric cipher text, so that the size of password file is always same.
Cont.. • Every time some one puts a Flash drive, the Trojan unconditionally writes the encrypted password file to the last few sectors and marks them as unused • Only that particular person who wrote the Trojan will be able to extract the sectors and decrypt the password file.
Conclusions • Cryptography has traditionally been used for defensive purpose but Cryptovirology uses cryptography for attacking rather than defending. • Cryptovirology is a proactive anticipation of the opponent's next move and suggests that certain safeguards should be developed and put into place.
Reference • http://en.wikipedia.org/wiki/Cryptovirology • http://www.cryptovirology.com/ • Malicious Cryptography Exposing Cryptovirology by Dr. Adam Young, Dr. Moti Yung
Questions • Any Questions