Cryptovirology: extortion-based security threats and countermeasures
@article{Young1996CryptovirologyES, title={Cryptovirology: extortion-based security threats and countermeasures}, author={Adam L. Young and Moti Yung}, journal={Proceedings 1996 IEEE Symposium on Security and Privacy}, year={1996}, pages={129-140} }
Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. In this paper we present the idea of Cryptovirology which employs a twist on cryptography, showing that it can also be used offensively. By being offensive we mean that it can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents. In this…
Tables from this paper
210 Citations
Cryptovirology: Virus Approach
- Computer Science, MathematicsArXiv
- 2011
These attacks have implications on how the use of cryptographic tools and techniques should be audited and managed in general purpose computing environments, and imply that access to the cryptographic tools should be in well control of the system(such as API routines).
Cryptoviral Extortion: Evolution, Scenarios, and Analysis
- Computer Science, Mathematics
- 2016
Better understanding is given of the concept of “Cryptovirology” which presents how cryptography can also be misused in the world of cyber crime.
An Implementation of Cryptoviral Extortion Using Microsoft's Crypto API
- Computer Science, Mathematics
- 2006
This chapter presents an experimental implementation of cryptoviral extortion, an attack that we devised and presented at the 1996 IEEE Symposium on Security & Privacy [16] and that was recently…
Deniable password snatching: on the possibility of evasive electronic espionage
- Computer ScienceProceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)
- 1997
This work presents an attack that can be mounted by a cryptotrojan that allows the attacker to gather information from a system in such a way that the attacker cannot be proven guilty beyond reasonable doubt.
White-box attack context cryptovirology
- Computer Science, MathematicsJournal in Computer Virology
- 2008
This paper presents the use of cryptographic mechanisms that are suited to the white box attack context (the attacker is supposed to have full control of the target program’s execution environment)…
A Brief Survey Of Crypto Virology And Worms
- Computer Science
- 2018
The disturbing property, joined with the speed of the purported "super worms", is investigated in the present work and recommendations for countermeasures and future work are given.
Building a Cryptovirus Using Microsoft's Cryptographic API
- Computer ScienceISC
- 2005
It is shown that by using 8 types of API calls and 72 lines of ANSI C code, the payload can hybrid encrypt sensitive data and hold it hostage on the host computer system.
Recent Advances in Cryptovirology: State-of-the-Art Crypto Mining and Crypto Ransomware Attacks
- Computer ScienceKSII Trans. Internet Inf. Syst.
- 2019
This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks and performs digital autopsy on the malware’s source code and executes the different malware variants in a contained sandbox to deduce static and dynamic properties respectively.
Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis: the Bradley Virus 1
- Computer Science
- 2004
How cryptography and key management techniques may definitively checkmate antiviral analysis and mechanisms is discussed and a generic virus, denoted bradley, is presented which protects its code with a very secure, ultra-fast symmetric encryption.
PayBreak: Defense Against Cryptographic Ransomware
- Computer ScienceAsiaCCS
- 2017
The approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware, called PayBreak, which effectively combats ransomware, and keeps victims' files safe.
References
SHOWING 1-10 OF 72 REFERENCES
Cryptography and Data Security
- Computer Science
- 1982
The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
CryptoLib: Cryptography in Software
- Computer ScienceUSENIX Security Symposium
- 1993
CryptLib is a very portable and efficient library of routines necessary for the aforementioned cryptosystems, written entirely in C and exists under UNIX.
A method for obtaining digital signatures and public-key cryptosystems
- Computer Science, MathematicsCACM
- 1978
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.
A method for obtaining digital signatures and public-key cryptosystems
- Computer Science, MathematicsCACM
- 1983
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important…
Revokable and versatile electronic money (extended abstract)
- Computer ScienceCCS '96
- 1996
The proposed scheme is efficient and easily extends the basic needs of a practical payment scheme to allow for coin divisibility, checks, credit card purchases and surety bonds, and is robust against problems arising from spurious equipment.
Robert Slade's guide to computer viruses - how to avoid them, how to get rid of them, and how to get help
- Computer Science
- 1994
This book discusses the history and Examples of Viral Programs, the Virus Community, and a Beginner's Panic Guide to Viral programs.
Trustee-based tracing extensions to anonymous cash and the making of anonymous change
- Computer ScienceSODA '95
- 1995
This work introduces the first electronic cash systems which incorporate trustee-based tracing but otherwise provably protect user anonymity, and expands on the provably anonymous electronic cash svstems of TB931 and lFY921.
How To Withstand Mobile Virus Attacks
- Computer SciencePODC 1991
- 1991
We initiate a study of distributed adversarial model of computation in which faults are non-stationary and can move through the network, analogous to a spread of a virus or a worm. We show how local…
With microscope and tweezers: an analysis of the Internet virus of November 1988
- Computer ScienceProceedings. 1989 IEEE Symposium on Security and Privacy
- 1989
The authors present a detailed analysis of the virus program, a program which broke into computers on the network and which spread from one machine to another, and the contents of its built-in dictionary.