Malicious Cryptography

Malicious Cryptography : Exposing Cryptovirology

3.6 (33 ratings by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 2 business days
When will my order arrive?


Hackers have uncovered the dark side of cryptography that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you re up against and how to fight back.
They will take you inside the brilliant and devious mind of a hacker as much an addict as the vacant-eyed denizen of the crackhouse so you can feel the rush and recognize your opponent s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

Understand the mechanics of computationally secure information stealing
Learn how non-zero sum Game Theory is used to develop survivable malware
Discover how hackers use public key cryptography to mount extortion attacks
Recognize and combat the danger of kleptographic attacks on smart-card devices
Build a strong arsenal against a cryptovirology attack
show more

Out of ideas for the holidays?

Visit our Gift Guides and find our recommendations on what to get friends and family during the holiday season. Shop now .

Product details

  • Paperback | 416 pages
  • 193 x 232 x 22mm | 778g
  • New York, United States
  • English
  • 1. Auflage
  • 0764549758
  • 9780764549755
  • 803,636

Back cover copy

"Tomorrow's hackers may ransack the cryptographer'stoolkit for their own nefarious needs. From this chillingperspective, the authors make a solid scientific contribution, andtell a good story too."
-Matthew Franklin, PhD Program Chair, Crypto 2004


Hackers have unleashed the dark side of cryptography-thatdevice developed to defeat Trojan horses, viruses, password theft, and other cybercrime. It's called cryptovirology, the art ofturning the very methods designed to protect your data into a meansof subverting it. In this fascinating, disturbing volume, theexperts who first identified cryptovirology show you exactly whatyou're up against and how to fight back.

They will take you inside the brilliant and devious mind of ahacker-as much an addict as the vacant-eyed denizen of thecrackhouse-so you can feel the rush and recognize youropponent's power. Then, they will arm you for thecounterattack.

Cryptovirology seems like a futuristic fantasy, but be assured, the threat is ominous ly real. If you want to protect your data, your identity, and yourself, vigilance is essential-now.

Understand the mechanics of computationally secure informationstealingLearn how non-zero sum Game Theory is used to developsurvivable malwareDiscover how hackers use public key cryptography to mountextortion attacksRecognize and combat the danger of kleptographic attacks onsmart-card devicesBuild a strong arsenal against a cryptovirology attack
show more

Table of contents



1 Through Hacker s Eyes.

2 Cryptovirology.

3 Tools for Security and Insecurity.

3.1 Sources of Entropy.

3.2 Entropy Extraction via Hashing.

3.3 Unbiasing a Biased Coin.

3.3.1 Von Neumann s Coin Flipping Algorithm.

3.3.2 Iterating Neumann s Algorithm.

3.3.3 Heuristic Bias Matching.

3.4 Combining Weak Sources of Entropy.

3.5 Pseudorandom Number Generators.

3.5.1 Heuristic Pseudorandom Number Generation.

3.5.2 PRNGs Based on Reduction Arguments.

3.6 Uniform Sampling.

3.7 Random Permutation Generation.

3.7.1 Shuffling Cards by Repeated Sampling.

3.7.2 Shuffling Cards Using Trotter-Johnson.

3.8 Sound Approach to Random Number Generation and Use.

3.9 RNGs Are the Beating Heart of System Security.

3.10 Cryptovirology Benefits from General Advances.

3.10.1 Strong Crypto Yields Strong Cryptovi ruses.

3.10.2 Mix Networks and Cryptovirus Extortion.

3.11 Anonymizing Program Propagation.

4 The Two Faces of Anonymity.

4.1 Anonymity in a Digital Age.

4.1.1 From Free Elections to the Unabomber.

4.1.2 Electronic Money and Anonymous Payments.

4.1.3 Anonymous Assassination Lotteries.

4.1.4 Kidnapping and Perfect Crimes.

4.1.5 Conducting Criminal Operations with Mixes.

4.2 Deniable Password Snatching.

4.2.1 Password Snatching and Security by Obscurity.

4.2.2 Solving the Problem Using Cryptovirology.

4.2.3 Zero-Knowledge Proofs to the Rescue.

4.2.4 Improving the Attack Using ElGamal.

5 Cryptocounters.

5.1 Overview of Cryptocounters.

5.2 Implementing Cryptocounters.

5.2.1 A Simple Counter Based on ElGamal.

5.2.2 Drawback to the ElGamal Solution.

5.2.3 Cryptocounter Based on Squaring.

5.2.4 The Paillier Encryption Algorithm.

5.2.5 A Simple Counter Based on Paillier.

5.3 Other Approaches to Cryptocounters.

6 Computationally Secure Information Stealing.

6.1 Using Viruses to Steal Information.

6.2 Private Information Retrieval.

6.2.1 PIR Based on the Phi-Hiding Problem.

6.2.2 Security of the Phi-Hiding PIR.

6.2.3 Application of the Phi-Hiding Technique.

6.3 A Variant of the Phi-Hiding Scheme.

6.4 Tagged Private Information Retrieval.

6.5 Secure Information Stealing Malware.

6.6 Deniable Password Snatching Based on Phi-Hiding.

6.6.1 Improved Password-Snatching Algorithm.

6.6.2 Questionable Encryptions.

6.6.3 Deniable Encryptions.

6.7 Malware Loaders.

6.8 Cryptographic Computing.

7 Non-Zero Sum Games and Survivable Malware.

7.1 Survivable Malware.

7.2 Elements of Game Theory.

7.3 Attacking a Brokerage Firm.

7.3.1 Assumptions for the Attack.

7.3.2 The Distributed Cryptoviral Attack.

7.3.3 Security of the Attack.

7.3.4 Utility of the Attack.

7.4 Other Two-Player Game Attacks.

7.4.1 Key Search via Facehuggers.

7.4.2 Catalyzing Conflict Among Hosts.

7.5 Future Possibilities.

8 Coping with Malicious Software.

8.1 Undecidability of Virus Detection.

8.2 Virus Identification and Obfuscation.

8.2.1 Virus String Matching.

8.2.2 Polymorphic Viruses.

8.3 Heuristic Virus Detection.

8.3.1 Detecting Code Abnormalities.

8.3.2 Detecting Abnormal Program Behavior.

8.3.3 Detecting Cryptographic Code.

8.4 Change Detection.

8.4.1 Integrity Self-Checks.

8.4.2 Program Inoculation.

8.4.3 Kernel Based Signature Verification.

9 The Nature of Trojan Horses.

9.1 Text Editor Trojan Horse.

9.2 Salami Slicing Attacks.

9.3 Thompson s Password Snatcher.

9.4 The Subtle Nature of Trojan Horses.

9.4.1 Bugs May In Fact Be Trojans.

9.4.2 RNG Biasing Trojan Horse.

10 Subliminal Channels.

10.1 Brief History of Subliminal Channels.

10.2 The Difference Between a Subliminal and a Covert Channel.

10.3 The Prisoner s Problem of Gustavus Simmons.

10.4 Subliminal Channels New and Old.

10.4.1 The Legendre Channel of Gus Simmons.

10.4.2 The Oracle Channel.

10.4.3 Subliminal Card Marking.

10.4.4 The Newton Channel.

10.4.5 Subliminal Channel in Composites.

10.5 The Impact of Subliminal Channels on Key Escrow.

11 SETUP Attack on Factoring Based Key Generation.

11.1 Honest Composite Key Generation.

11.2 Weak Backdoor Attacks on Composite Key Generation.

11.2.1 Using a Fixed Prime.

11.2.2 Using a Pseudorandom Function.

11.2.3 Using a Pseudorandom Generator.

11.3 Probabilistic Bias Removal Method.

11.4 Secretly Embedded Trapdoors.

11.5 Key Generation SETUP Attack.

11.6 Security of the SETUP Attack.

11.6.1 Indistinguishability of Outputs.

11.6.2 Confidentiality of Outputs.

11.7 Detecting the Attack in Code Reviews.

11.8 Countering the SETUP Attack.

11.9 Thinking Outside the Box.

11.10 The Isaac Newton Institute Lecture.

12 SETUP Attacks on Discrete-Log Cryptosystems.

12.1 The Discrete-Log SETUP Primitive.

12.2 Diffie-Hellman SETUP Attack.

12.3 Security of the Diffie-Hellman SETUP Attack.

12.3.1 Indistinguishability of Outputs.

12.3.2 Confidentiality of Outputs.

12.4 Intuition Behind the Attack.

12.5 Kleptogram Attack Methodology.

12.6 PKCS SETUP Attacks.

12.6.1 ElGamal PKCS SETUP Attack.

12.6.2 Cramer-Shoup PKCS SETUP Attack.

12.7 SETUP Attacks on Digital Signature Algorithms.

12.7.1 SETUP in the ElGamal Signature Algorithm.

12.7.2 SETUP in the Pointcheval-Stern Algorithm.

12.7.3 SETUP in DSA.

12.7.4 SETUP in the Schnorr Signature Algorithm.

12.8 Rogue Use of DSA for Encryption.

12.9 Other Work in Kleptography.

12.10 Should You Trust Your Smart Card?

Appendix A: Computer Virus Basics.

A.1 Origins of Malicious Software.

A.2 Trojans, Viruses, and Worms: What Is the Difference?

A.3 A Simple DOS COM Infector.

A.4 Viruses Don t Have to Gain Control Before the Host.

Appendix B: Notation and Other Background Information.

B.1 Notation Used Throughout the Book.

B.2 Basic Facts from Number Theory and Algorithmics.

B.3 Intractability: Malware s Biggest Ally.

B.3.1 The Factoring Problem.

B.3.2 The eth Roots Problem.

B.3.3 The Composite Residuosity Problem.

B.3.4 The Decision Composite Residuosity Problem.

B.3.5 The Quadratic Residuosity Problem.

B.3.6 The Phi-Hiding Problem.

B.3.7 The Phi-Sampling Problem.

B.3.8 The Discrete Logarithm Problem.

B.3.9 The Computational Diffie-Hellman Problem.

B.3.10 The Decision Diffie-Hellman Problem.

B.4 Random Oracles and Functions.

Appendix C: Public Key Cryptography in a Nutshell.

C.1 Overview of Cryptography.

C.1.1 Classical Cryptography.

C.1.2 The Diffie-Hellman Key Exchange.

C.1.3 Public Key Cryptography.

C.1.4 Attacks on Cryptosystems.

C.1.5 The Rabin Encryption Algorithm.

C.1.6 The Rabin Signature Algorithm.

C.1.7 The RSA Encryption Algorithm.

C.1.8 The RSA Signature Algorithm.

C.1.9 The Goldwasser-Micali Algorithm.

C.1.10 Public Key Infrastructures.

C.2 Discrete-Log Based Cryptosystems.

C.2.1 The ElGamal Encryption Algorithm.

C.2.2 Security of ElGamal.

C.2.3 The Cramer-Shoup Encryption Algorithm.

C.2.4 The ElGamal Signature Algorithm.

C.2.5 The Pointcheval-Stern Signature Algorithm.

C.2.6 The Schnorr Signature Algorithm.

C.2.7 The Digital Signature Algorithm (DSA).



show more

Review Text

"The authors of this book explain these issues and how to fight against them." ( Computer Law & Security Report , 1st September 2004)
show more

Review quote

The authors of this book explain these issues and how to fight against them. (
Computer Law & Security Report, 1st September 2004)
show more

About Adam Young

Dr. Adam Young (Herndon, VA) is a research scientist at Cigital, Inc. a software security company. He is involved in research for the Department of Defense and is a well-known cryptography consultant holding six US patents and two international patents of novel methods for security implementation.
Dr. Moti Yung (New York, NY) is Senior Researcher at Columbia University and a well-known cryptography consultant. Previously the VP/Chief Scientist at CertCo, Inc. Moti is on the Steering Committee for the Cryptographer s Track for RSA 2004. He is the holder of numerous technology US patents, won the IBM Outstanding Innovation Award, and co-discovered, with Adam, numerous cryptovirology attacks.
show more

Rating details

33 ratings
3.6 out of 5 stars
5 15% (5)
4 45% (15)
3 30% (10)
2 3% (1)
1 6% (2)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X