Table of Contents for
Malicious Cryptography: Exposing Cryptovirology

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Malicious Cryptography: Exposing Cryptovirology by Moti Yung Published by John Wiley & Sons, 2004
  1. Cover Page
  2. Title Page
  3. Copyright
  4. Dedication
  5. Contents
  6. Foreword
  7. Acknowledgments
  8. Introduction
  9. Chapter 1: Through Hacker's Eyes
  10. Chapter 2: Cryptovirology
  11. Chapter 3: Tools for Security and Insecurity
  12. Chapter 4: The Two Faces of Anonymity
  13. Chapter 5: Cryptocounters
  14. Chapter 6: Computationally Secure Information Stealing
  15. Chapter 7: Non-Zero Sum Games and Survivable Malware
  16. Chapter 8: Coping with Malicious Software
  17. Chapter 9: The Nature of Trojan Horses
  18. Chapter 10: Subliminal Channels
  19. Chapter 11: SETUP Attack on Factoring Based Key Generation
  20. Chapter 12: SETUP Attacks on Discrete-Log Cryptosystems
  21. Appendix A: Computer Virus Basics
  22. Appendix B: Notation and Other Background Information
  23. Appendix C: Public Key Cryptography in a Nutshell
  24. Glossary
  25. References
  26. Index

Contents

Foreword

Acknowledgments

Introduction

1 Through Hacker's Eyes

2 Cryptovirology

3 Tools for Security and Insecurity

3.1 Sources of Entropy

3.2 Entropy Extraction via Hashing

3.3 Unbiasing a Biased Coin

3.3.1 Von Neumann's Coin Flipping Algorithm

3.3.2 Iterating Neumann's Algorithm

3.3.3 Heuristic Bias Matching

3.4 Combining Weak Sources of Entropy

3.5 Pseudorandom Number Generators

3.5.1 Heuristic Pseudorandom Number Generation

3.5.2 PRNGs Based on Reduction Arguments

3.6 Uniform Sampling

3.7 Random Permutation Generation

3.7.1 Shuffling Cards by Repeated Sampling

3.7.2 Shuffling Cards Using Trotter-Johnson

3.8 Sound Approach to Random Number Generation and Use

3.9. RNGs Are the Beating Heart of System Security

3.10. Cryptovirology Benefits from General Advances

3.10.1 Strong Crypto Yields Strong Cryptoviruses

3.10.2 Mix Networks and Cryptovirus Extortion

3.11. Anonymizing Program Propagation

4 The Two Faces of Anonymity

4.1 Anonymity in a Digital Age

4.1.1 From Free Elections to the Unabomber

4.1.2 Electronic Money and Anonymous Payments

4.1.3 Anonymous Assassination Lotteries

4.1.4 Kidnapping and Perfect Crimes

4.1.5 Conducting Criminal Operations with Mixes

4.2 Deniable Password Snatching

4.2.1 Password Snatching and Security by Obscurity

4.2.2 Solving the Problem Using Cryptovirology

4.2.3 Zero-Knowledge Proofs to the Rescue

4.2.4 Improving the Attack Using ElGamal

5 Cryptocounters

5.1 Overview of Cryptocounters

5.2 Implementing Cryptocounters

5.2.1 A Simple Counter Based on ElGamal

5.2.2 Drawback to the ElGamal Solution

5.2.3 Cryptocounter Based on Squaring

5.2.4 The Paillier Encryption Algorithm

5.2.5 A Simple Counter Based on Paillier

5.3 Other Approaches to Cryptocounters

6 Computationally Secure Information Stealing

6.1 Using Viruses to Steal Information

6.2 Private Information Retrieval

6.2.1 PIR Based on the Phi-Hiding Problem

6.2.2 Security of the Phi-Hiding PIR

6.2.3 Application of the Phi-Hiding Technique

6.3 A Variant of the Phi-Hiding Scheme

6.4 Tagged Private Information Retrieval

6.5 Secure Information Stealing Malware

6.6 Deniable Password Snatching Based on Phi-Hiding

6.6.1 Improved Password-Snatching Algorithm

6.6.2 Questionable Encryptions

6.6.3 Deniable Encryptions

6.7 Malware Loaders

6.8 Cryptographic Computing

7 Non-Zero Sum Games and Survivable Malware

7.1 Survivable Malware

7.2 Elements of Game Theory

7.3 Attacking a Brokerage Firm

7.3.1 Assumptions for the Attack

7.3.2 The Distributed Cryptoviral Attack

7.3.3 Security of the Attack

7.3.4 Utility of the Attack

7.4 Other Two-Player Game Attacks

7.4.1 Key Search via Facehuggers

7.4.2 Catalyzing Conflict Among Hosts

7.5 Future Possibilities

8 Coping with Malicious Software

8.1 Undecidability of Virus Detection

8.2 Virus Identification and Obfuscation

8.2.1 Virus String Matching

8.2.2 Polymorphic Viruses

8.3 Heuristic Virus Detection

8.3.1 Detecting Code Abnormalities

8.3.2 Detecting Abnormal Program Behavior

8.3.3 Detecting Cryptographic Code

8.4 Change Detection

8.4.1 Integrity Self-Checks

8.4.2 Program Inoculation

8.4.3 Kernel Based Signature Verification

9 The Nature of Trojan Horses

9.1 Text Editor Trojan Horse

9.2 Salami Slicing Attacks

9.3 Thompson's Password Snatcher

9.4 The Subtle Nature of Trojan Horses

9.4.1 Bugs May In Fact Be Trojans

9.4.2 RNG Biasing Trojan Horse

10 Subliminal Channels

10.1. Brief History of Subliminal Channels

10.2 The Difference Between a Subliminal and a Covert Channel

10.3 The Prisoner's Problem of Gustavus Simmons

10.4. Subliminal Channels New and Old

10.4.1 The Legendre Channel of Gus Simmons

10.4.2 The Oracle Channel

10.4.3 Subliminal Card Marking

10.4.4 The Newton Channel

10.4.5 Subliminal Channel in Composites

10.5 The Impact of Subliminal Channels on Key Escrow

11 SETUP Attack on Factoring Based Key Generation

11.1 Honest Composite Key Generation

11.2 Weak Backdoor Attacks on Composite Key Generation

11.2.1 Using a Fixed Prime

11.2.2 Using a Pseudorandom Function

11.2.3 Using a Pseudorandom Generator

11.3. Probabilistic Bias Removal Method

11.4. Secretly Embedded Trapdoors

11.5. Key Generation SETUP Attack

11.6. Security of the SETUP Attack

11.6.1 Indistinguishability of Outputs

11.6.2 Confidentiality of Outputs

11.7. Detecting the Attack in Code Reviews

11.8. Countering the SETUP Attack

11.9. Thinking Outside the Box

11.10. The Isaac Newton Institute Lecture

12 SETUP Attacks on Discrete-Log Cryptosystems

12.1. The Discrete-Log SETUP Primitive

12.2. Diffie-Hellman SETUP Attack

12.3. Security of the Diffie-Hellman SETUP Attack

12.3.1 Indistinguishability of Outputs

12.3.2 Confidentiality of Outputs

12.4. Intuition Behind the Attack

12.5. Kleptogram Attack Methodology

12.6. PKCS SETUP Attacks

12.6.1 ElGamal PKCS SETUP Attack

12.6.2 Cramer-Shoup PKCS SETUP Attack

12.7. SETUP Attacks on Digital Signature Algorithms

12.7.1 SETUP in the ElGamal Signature Algorithm

12.7.2 SETUP in the Pointcheval-Stern Algorithm

12.7.3 SETUP in DSA

12.7.4 SETUP in the Schnorr Signature Algorithm

12.8 Rogue Use of DSA for Encryption

12.9 Other Work in Kleptography

12.10 Should You Trust Your Smart Card?

Appendix A: Computer Virus Basics

A.1 Origins of Malicious Software

A.2 Trojans, Viruses, and Worms: What Is the Difference?

A.3 A Simple DOS COM Infector

A.4 Viruses Don't Have to Gain Control Before the Host

Appendix B: Notation and Other Background Information

B.1 Notation Used Throughout the Book

B.2 Basic Facts from Number Theory and Algorithmics

B.3 Intractability: Malware's Biggest Ally

B.3.1 The Factoring Problem

B.3.2 The eth Roots Problem

B.3.3 The Composite Residuosity Problem

B.3.4 The Decision Composite Residuosity Problem

B.3.5 The Quadratic Residuosity Problem

B.3.6 The Phi-Hiding Problem

B.3.7 The Phi-Sampling Problem

B.3.8 The Discrete Logarithm Problem

B.3.9 The Computational Diffie-Hellman Problem

B.3.10 The Decision Diffie-Hellman Problem

B.4 Random Oracles and Functions

Appendix C: Public Key Cryptography in a Nutshell

C.1 Overview of Cryptography

C.1.1 Classical Cryptography

C.1.2 The Diffie-Hellman Key Exchange

C.1.3 Public Key Cryptography

C.1.4 Attacks on Cryptosystems

C.1.5 The Rabin Encryption Algorithm

C.1.6 The Rabin Signature Algorithm

C.1.7 The RSA Encryption Algorithm

C.1.8 The RSA Signature Algorithm

C.1.9 The Goldwasser-Micali Algorithm

C.1.10 Public Key Infrastructures

C.2 Discrete-Log Based Cryptosystems

C.2.1 The ElGamal Encryption Algorithm

C.2.2 Security of ElGamal

C.2.3 The Cramer-Shoup Encryption Algorithm

C.2.4 The ElGamal Signature Algorithm

C.2.5 The Pointcheval-Stern Signature Algorithm

C.2.6 The Schnorr Signature Algorithm

C.2.7 The Digital Signature Algorithm (DSA)

Glossary

References

Index