1 / 13

CRYPTOVIROLOGY

Cryptovirology is the fusion of virus science and cryptography to launch malicious attacks on computer systems. Learn about cryptoviral extortion attacks, Gpcode.ag trojans, denial password snatching, and more in this overview.

sierraj
Download Presentation

CRYPTOVIROLOGY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CRYPTOVIROLOGY by Ramu Muthuraman Cpsc 620

  2. Overview • Introduction • Justification of Cryptovirology? • Key Terms • Cryptoviral Extortion Attack • Gpcode.ag “ransom” Trojan • Denial Password Snatching • Conclusions • References

  3. Introduction • Cryptovirology is the study of application of cryptography to design malicious software. • It is an area that employs public key cryptography to mount attacks on computer systems, showing that cryptography has also "negative" usage. • The combination of virus science and cryptography created Cryptovirology

  4. Justification of Cryptovirology? • It takes a thief to catch a thief. • It is a pro rata anticipation of what people will do when they get inside a computer and not about how to get inside a computer. • It helps in making the system more secure.

  5. Key terms • Cryptovirus It is defined as a computer virus that contains and uses a public key. • Polymorphic virus A virus that contains and uses a symmetric key for the purposes of encrypting and decrypting its own code.

  6. Cryptoviral Extortion • It is a denial of resource attack. It is a three-round protocol that is carried by an attacker against a victim. • The virus encrypts host data with this random symmetric key The virus then encrypts the resulting string using the public key of the virus author (e.g., using RSA-OAEP). The encrypted plaintext is then held ransom. The virus notifies the victim that the attack has occurred

  7. Contd.. • If the victim complies by paying the ransom and transmitting the asymmetric cipher text to the virus author then the virus author decrypts the cipher text using the private key . This reveals the symmetric key a that was used in the attack • The virus author sends the symmetric key to the victim. These are then used to decrypt the data that was held ransom.

  8. Gpcode.ag “ransom” Trojan • Gpcode.ag spread initially through spam as containing an attachment. • It encrypted about 80 types of files and then it deletes itself to prevent it from getting detected. • Users would be asked an ransom demand when they tried to open a file and it tokes a lot of computation time to find out the private key by brute force.

  9. Denial Password Snatching • An attacker writes a Trojan that snatches password and puts the Trojan into a virus. The payload of a virus then installs the Trojan. • The Crypto Trojan uses the public key to encrypt the login password pairs and stores it in a hidden password file with a data format of a circular linked list. It always overwrites the asymmetric cipher text, so that the size of password file is always same.

  10. Cont.. • Every time some one puts a Flash drive, the Trojan unconditionally writes the encrypted password file to the last few sectors and marks them as unused • Only that particular person who wrote the Trojan will be able to extract the sectors and decrypt the password file.

  11. Conclusions • Cryptography has traditionally been used for defensive purpose but Cryptovirology uses cryptography for attacking rather than defending. • Cryptovirology is a proactive anticipation of the opponent's next move and suggests that certain safeguards should be developed and put into place.

  12. Reference • http://en.wikipedia.org/wiki/Cryptovirology • http://www.cryptovirology.com/ • Malicious Cryptography Exposing Cryptovirology by Dr. Adam Young, Dr. Moti Yung

  13. Questions • Any Questions

More Related