Cryptovirology: extortion-based security threats and countermeasures

@article{Young1996CryptovirologyES,
  title={Cryptovirology: extortion-based security threats and countermeasures},
  author={Adam L. Young and Moti Yung},
  journal={Proceedings 1996 IEEE Symposium on Security and Privacy},
  year={1996},
  pages={129-140}
}
  • Adam L. Young, M. Yung
  • Published 1996
  • Computer Science
  • Proceedings 1996 IEEE Symposium on Security and Privacy
Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. In this paper we present the idea of Cryptovirology which employs a twist on cryptography, showing that it can also be used offensively. By being offensive we mean that it can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents. In this… Expand
Cryptovirology: Virus Approach
TLDR
These attacks have implications on how the use of cryptographic tools and techniques should be audited and managed in general purpose computing environments, and imply that access to the cryptographic tools should be in well control of the system(such as API routines). Expand
Cryptoviral Extortion: Evolution, Scenarios, and Analysis
TLDR
Better understanding is given of the concept of “Cryptovirology” which presents how cryptography can also be misused in the world of cyber crime. Expand
An Implementation of Cryptoviral Extortion Using Microsoft's Crypto API
This chapter presents an experimental implementation of cryptoviral extortion, an attack that we devised and presented at the 1996 IEEE Symposium on Security & Privacy [16] and that was recentlyExpand
Deniable password snatching: on the possibility of evasive electronic espionage
  • Adam L. Young, M. Yung
  • Computer Science
  • Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)
  • 1997
TLDR
This work presents an attack that can be mounted by a cryptotrojan that allows the attacker to gather information from a system in such a way that the attacker cannot be proven guilty beyond reasonable doubt. Expand
White-box attack context cryptovirology
This paper presents the use of cryptographic mechanisms that are suited to the white box attack context (the attacker is supposed to have full control of the target program’s execution environment)Expand
Building a Cryptovirus Using Microsoft's Cryptographic API
TLDR
It is shown that by using 8 types of API calls and 72 lines of ANSI C code, the payload can hybrid encrypt sensitive data and hold it hostage on the host computer system. Expand
Malicious cryptography - exposing cryptovirology
"Tomorrow's hackers may ransack the cryptographer's toolkit for their own nefarious needs. From this chilling perspective, the authors make a solid scientific contribution, and tell a good storyExpand
Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis: the Bradley Virus 1
TLDR
How cryptography and key management techniques may definitively checkmate antiviral analysis and mechanisms is discussed and a generic virus, denoted bradley, is presented which protects its code with a very secure, ultra-fast symmetric encryption. Expand
PayBreak: Defense Against Cryptographic Ransomware
TLDR
The approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware, called PayBreak, which effectively combats ransomware, and keeps victims' files safe. Expand
Cryptoviral extortion using Microsoft's Crypto API
  • Adam L. Young
  • Computer Science
  • International Journal of Information Security
  • 2006
TLDR
A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 74 REFERENCES
Cryptography and Data Security
TLDR
The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. Expand
CryptoLib: Cryptography in Software
  • J. Lacy
  • Computer Science
  • USENIX Security Symposium
  • 1993
TLDR
CryptLib is a very portable and efficient library of routines necessary for the aforementioned cryptosystems, written entirely in C and exists under UNIX. Expand
A method for obtaining digital signatures and public-key cryptosystems
TLDR
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys. Expand
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two importantExpand
On blind signatures and perfect crimes
TLDR
A problematic aspect of blind signatures is discussed, showing that this perfect solution to protect the identity and privacy of a user can potentially lead to perfect crime. Expand
Revokable and versatile electronic money (extended abstract)
TLDR
The proposed scheme is efficient and easily extends the basic needs of a practical payment scheme to allow for coin divisibility, checks, credit card purchases and surety bonds, and is robust against problems arising from spurious equipment. Expand
Robert Slade's guide to computer viruses - how to avoid them, how to get rid of them, and how to get help
TLDR
This book discusses the history and Examples of Viral Programs, the Virus Community, and a Beginner's Panic Guide to Viral programs. Expand
Trustee-based tracing extensions to anonymous cash and the making of anonymous change
TLDR
This work introduces the first electronic cash systems which incorporate trustee-based tracing but otherwise provably protect user anonymity, and expands on the provably anonymous electronic cash svstems of TB931 and lFY921. Expand
A Protocol to Set Up Shared Secret Schemes Without the Assistance of a Mutualy Trusted Party
TLDR
All shared secret or shared control schemes devised thus far are autocratic in the sense that no one can be trusted to know the secret and hence it has appeared to be impossible to construct and distribute the private pieces of information needed to realize a shared control scheme. Expand
How To Withstand Mobile Virus Attacks
We initiate a study of distributed adversarial model of computation in which faults are non-stationary and can move through the network, analogous to a spread of a virus or a worm. We show how localExpand
...
1
2
3
4
5
...