Deniable password snatching: on the possibility of evasive electronic espionage

@article{Young1997DeniablePS,
  title={Deniable password snatching: on the possibility of evasive electronic espionage},
  author={Adam L. Young and Moti Yung},
  journal={Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)},
  year={1997},
  pages={224-235}
}
  • Adam L. Young, M. Yung
  • Published 4 May 1997
  • Computer Science
  • Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)
Cryptovirology has recently been introduced as a means of mounting active viral attacks using public key cryptography. It has been shown to be a tool for extortion attacks and "electronic warfare", where attacks are mounted against information resources. The natural question to ask is whether Cryptovirology is also useful in the area of spying via malware. We demonstrate that Cryptovirology does help in "electronic espionage" and allows the spy to conceal his or her identity (as well as past… 
Cryptovirology: Virus Approach
TLDR
These attacks have implications on how the use of cryptographic tools and techniques should be audited and managed in general purpose computing environments, and imply that access to the cryptographic tools should be in well control of the system(such as API routines).
Malicious cryptography - exposing cryptovirology
"Tomorrow's hackers may ransack the cryptographer's toolkit for their own nefarious needs. From this chilling perspective, the authors make a solid scientific contribution, and tell a good story
Analysis-Resistant Malware
TLDR
This paper points out the counterintuitive possibility of malware which renders some aspects of its behavior provably resistant to forensic analysis, even with full control over the malware code, its input, and its execution environment.
Pocket device for authentication and data integrity on Internet banking applications
TLDR
A digital signer device is proposed that not only provides a tamper proof storage for the digital signature but also provides its own display and keyboard that improves the security of smart cards by avoiding its dependence on the computer to interface with the user, making it immune to virus attacks.
Personal digital signer for Internet banking
TLDR
A new digital signer device that not only provides a tamper proof storage for the cryptographic keys but also provides its own display and keyboard that improves the security provided by smart cards avoiding its dependency on the computer to interface with the user.
Distributed Phishing Attacks
TLDR
A new type of phishing attack is identified that circumvents what is probably today’s most efficient defense mechanism in the war against phishing, namely the shutting down of sites run by the phisher.
Questionable Encryption and Its Applications
TLDR
The results show that agents that appear to compute asymmetric encryptions may in fact not (in a provable sense) and the security of the scheme is proved based on the difficulty of deciding nthdegree composite residuosity.
Improving online banking security with hardware devices
TLDR
Here are some possible implementations based on the idea that not only digital signature is needed but also human interaction is required in order to avoid a classic man-in-the-middle-attack.
Access for sale: a new class of worm
TLDR
A new type of worm is introduced that enables a division of labor in the authors of self-reproducing malware, installing a back door on each infected system that opens only when presented a system-specific ticket generated by the worm's author.
A QTE-based Solution to Keylogger Attacks
TLDR
Rather than detecting existing malware or creating a trusted tunnel in the kernel, a different method QTE (Quick Time Events) is presented to protect the password that a user provides for a web page to login to a web service.
...
...

References

SHOWING 1-10 OF 30 REFERENCES
Cryptovirology: extortion-based security threats and countermeasures
  • Adam L. Young, M. Yung
  • Computer Science, Mathematics
    Proceedings 1996 IEEE Symposium on Security and Privacy
  • 1996
TLDR
The idea of Cryptovirology is presented, which employs a twist on cryptography, showing that it can be used offensively to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.
Protecting Poorly Chosen Secrets from Guessing Attacks
TLDR
The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not and to examine protocols to detect vulnerabilities to such attacks.
Firewalls and internet security - repelling the wily hacker
TLDR
The first edition made a number of predictions, explicitly or implicitly, about the growth of the Web and the patterns of Internet connectivity vastly increased, and warned of issues posed by home LANs, and about the problems caused by roaming laptops.
The Subliminal Channel and Digital Signature
TLDR
This paper reviews briefly the essential features of the subliminal channel and then discusses implementations in both the Ong-Schnorr-Shamir and Gamal digital signature channels.
Towards a theory of software protection and simulation by oblivious RAMs
TLDR
This paper distill and formulate the key problem of learning about a program from its execution, and presents an efficient way of executing programs such that it is infeasible to learn anything about the program by monitoring its executions.
Mixing E-mail with Babel
  • Ceki Gülcü, G. Tsudik
  • Computer Science, Mathematics
    Proceedings of Internet Society Symposium on Network and Distributed Systems Security
  • 1996
TLDR
An attempt is made to formalize and quantify certain dimensions of anonymity and untraceable communication in general and the design and salient features of Babel anonymous remailer are introduced.
The internet worm program: an analysis
TLDR
The paper contains a review of the security flaws exploited by the worm program, and gives some recommendations on how to eliminate or mitigate their future use.
Java security: from HotJava to Netscape and beyond
TLDR
This work examines the Java language and both the HotJava and Netscape browsers which support it, and finds a significant number of flaws which compromise their security.
Efficient computation on oblivious RAMs
TLDR
This paper shows how to do an on-line simulation of an arbitrary RAM program by a probabilistic RAM whose memory access pattern is independent of the program which is being executed, and with a poly-logarithmic slowdown in the running time.
With microscope and tweezers: an analysis of the Internet virus of November 1988
TLDR
The authors present a detailed analysis of the virus program, a program which broke into computers on the network and which spread from one machine to another, and the contents of its built-in dictionary.
...
...