A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
On using RSA with low exponent in a public key network
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A practical protocol for large group oriented networks
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
A protocol to set up shared secret schemes without the assistance of mutually trusted party
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
On blind signatures and perfect crimes
Computers and Security
Robert Slade's guide to computer viruses: how to avoid them, how to get rid of them, and how to get help
Revokable and versatile electronic money (extended abstract)
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Trustee-based tracing extensions to anonymous cash and the making of anonymous change
Proceedings of the sixth annual ACM-SIAM symposium on Discrete algorithms
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
A note on the confinement problem
Communications of the ACM
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
An Abstract Theory of Computer Viruses
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Work-focused analysis and design
Cognition, Technology and Work - Special Issue on Human-automation Coagency
Automated identification of cryptographic primitives in binary programs
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Malware: The changing face of malware
Network Security
Network Security
| Hi-index | 0.00 |
Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. In this paper we present the idea of Cryptovirology which employs a twist on cryptography, showing that it can also be used offensively. By being offensive we mean that it can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents. In this paper we analyze potential threats and attacks that rogue use of cryptography can cause when combined with rogue software (viruses, Trojan horses), and demonstrate them experimentally by presenting an implementation of a cryptovirus that we have tested (we took careful precautions in the process to insure that the virus remained contained). Public-key cryptography is essential to the attacks that we demonstrate (which we call "cryptovirological attacks"). We also suggest countermeasures and mechanisms to cope with and prevent such attacks. These attacks have implications on how the use of cryptographic tools should be managed and audited in general purpose computing environments, and imply that access to cryptographic tools should be well controlled. The experimental virus demonstrates how cryptographic packages can be condensed into a small space, which may have independent applications (e.g., cryptographic module design in small mobile devices).