A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Generating RSA Moduli with a Predetermined Portion
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Kleptography: using cryptography against cryptography
Kleptography: using cryptography against cryptography
Malicious Cryptography: Exposing Cryptovirology
Malicious Cryptography: Exposing Cryptovirology
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Simple backdoors for RSA key generation
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Kleptographic attacks on a cascade of mix servers
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
How to construct state registries-matching undeniability with public security
ACIIDS'10 Proceedings of the Second international conference on Intelligent information and database systems: Part I
Kleptographic attacks on e-voting schemes
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Stealing secrets with SSL/TLS and SSH – kleptographic attacks
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
| Hi-index | 0.00 |
In the last few years we have concentrated our research efforts on new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself? This led us to realize that in certain scenarios of black box cryptography (namely, when the code is inaccessible to scrutiny as in the case of tamper proof cryptosystems or when no one cares enough to scrutinize the code) there are attacks that employ cryptography itself against cryptographic systems in such a way that the attack possesses unique properties (i.e., special advantages that attackers have such as granting the attacker exclusive access to crucial information where the exclusive access privelege holds even if the Trojan is reverse-engineered). We called the art of designing this set of attacks “kleptography.” In this paper we demonstrate the power of kleptography by illustrating a carefully designed attack against RSA key generation.