book

Malicious Cryptography: Exposing Cryptovirology

by Adam Young, Moti Yung

February 2004

Intermediate to advanced

416 pages

11h 20m

English

Wiley

Read now

Unlock full access

Cover Page
Title Page
Copyright
Dedication
Contents
Foreword
Acknowledgments
Introduction
Chapter 1: Through Hacker's Eyes
Chapter 2: Cryptovirology

Chapter 3: Tools for Security and Insecurity
3.1 Sources of Entropy3.2 Entropy Extraction via Hashing3.3 Unbiasing a Biased Coin3.4 Combining Weak Sources of Entropy3.5 Pseudorandom Number Generators3.6 Uniform Sampling3.7 Random Permutation Generation3.8 Sound Approach to Random Number Generation and Use3.9 RNGs Are the Beating Heart of System Security3.10 Cryptovirology Benefits from General Advances3.11 Anonymizing Program Propagation
Chapter 4: The Two Faces of Anonymity
4.1 Anonymity in a Digital Age4.2 Deniable Password Snatching
Chapter 5: Cryptocounters
5.1 Overview of Cryptocounters5.2 Implementing Cryptocounters5.3 Other Approaches to Cryptocounters
Chapter 6: Computationally Secure Information Stealing
6.1 Using Viruses to Steal Information6.2 Private Information Retrieval6.3 A Variant of the Phi-Hiding Scheme6.4 Tagged Private Information Retrieval6.5 Secure Information Stealing Malware6.6 Deniable Password Snatching Based on Phi-Hiding6.7 Malware Loaders6.8 Cryptographic Computing
Chapter 7: Non-Zero Sum Games and Survivable Malware
7.1 Survivable Malware7.2 Elements of Game Theory7.3 Attacking a Brokerage Firm7.4 Other Two-Player Game Attacks7.5 Future Possibilities
Chapter 8: Coping with Malicious Software
8.1 Undecidability of Virus Detection8.2 Virus Identification and Obfuscation8.3 Heuristic Virus Detection8.4 Change Detection
Chapter 9: The Nature of Trojan Horses
9.1 Text Editor Trojan Horse9.2 Salami Slicing Attacks9.3 Thompson's Password Snatcher9.4 The Subtle Nature of Trojan Horses
Chapter 10: Subliminal Channels
10.1 Brief History of Subliminal Channels10.2 The Difference Between a Subliminal and a Covert Channel10.3 The Prisoner's Problem of Gustavus Simmons10.4 Subliminal Channels New and Old10.5 The Impact of Subliminal Channels on Key Escrow
Chapter 11: SETUP Attack on Factoring Based Key Generation
11.1 Honest Composite Key Generation11.2 Weak Backdoor Attacks on Composite Key Generation11.3 Probabilistic Bias Removal Method11.4 Secretly Embedded Trapdoors11.5 Key Generation SETUP Attack11.6 Security of the SETUP Attack11.7 Detecting the Attack in Code Reviews11.8 Countering the SETUP Attack11.9 Thinking Outside the Box11.10 The Isaac Newton Institute Lecture
Chapter 12: SETUP Attacks on Discrete-Log Cryptosystems
12.1 The Discrete-Log SETUP Primitive12.2 Diffie-Hellman SETUP Attack12.3 Security of the Diffie-Hellman SETUP Attack12.4 Intuition Behind the Attack12.5 Kleptogram Attack Methodology12.6 PKCS SETUP Attacks12.7 SETUP Attacks on Digital Signature Algorithms12.8 Rogue Use of DSA for Encryption12.9 Other Work in Kleptography12.10 Should You Trust Your Smart Card?
Appendix A: Computer Virus Basics
A.1 Origins of Malicious SoftwareA.2 Trojans, Viruses, and Worms: What Is the Difference?A.3 A Simple DOS COM InfectorA.4 Viruses Don't Have to Gain Control Before the Host
Appendix B: Notation and Other Background Information
B.1 Notation Used Throughout the BookB.2 Basic Facts from Number Theory and AlgorithmicsB.3 Intractability: Malware's Biggest AllyB.4 Random Oracles and Functions
Appendix C: Public Key Cryptography in a Nutshell
C.1 Overview of CryptographyC.2 Discrete-Log Based Cryptosystems
Glossary
References
Index

Overview

Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It's called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you're up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent's power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

Understand the mechanics of computationally secure information stealing

Learn how non-zero sum Game Theory is used to develop survivable malware

Discover how hackers use public key cryptography to mount extortion attacks

Recognize and combat the danger of kleptographic attacks on smart-card devices

Build a strong arsenal against a cryptovirology attack

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780764568466Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills