Adam Young scite author profile

Abstract. 'I'he use of cryptographic devices as "black boxes", namely trusting their internal designs, has been suggested and i r i fact Capstone technology i s offered as a next generation hardware-protectcd escrow encryption technology. Software cryptographic servers and programs are being offered as well, for use as library fiinctions, as cryptography gets more a.nd more prevalent in computing environments. T h e question we address in this paper is how the usage of cryptography as a black box exposes users to various threats and attacks that are undetectable in a black-box environment. We preseul the SETUP (Secretly Embedded Trapdoor with Universal Protection) mechanism, which can be embedded in a cryptographic black-box device. It enables an attacker (the manufacturer) to get the user's secret [from some stage of the output process of the dcvice) in an unnoticeable fashion, yet protects against attacks by others and against, reverse engineering (thus, maintaining the relative advantage of the actual attacker). We also show how the SETUP can, in fact, be employed for the design of "aubo-escrowing key" systems.We present embeddings of S E l U P s in RSA, El-Gamal, DSA, and private key systems (Kerberos). We implemented an RSA key-generation based SETUP that performs favorably when compared to PGP, a readily available RSA implementation. We also relate message-based SETUPS and subliminal channel attacks. Finally, we reflect on the potential irriplications of "trust managernent? in the contcxt of the design and production of cryptosystems.

show abstract

Kleptography: Using Cryptography Against Cryptography

Young

Yung²

1997

165

View full text Add to dashboard Cite

Abstract. The notion of a Secretly Embedded Trapdoor with Universal Protection (SETUP) has been recently introduced. In this paper we extend the study of stealing information securely and subliminally from black-box cryptosystems. The SETUP mechanisms presented here, in contrast with previous ones, leak secret key information without using an explicit subliminal channel. This extends this area of threats, which we call "kleptography".We introduce new definitions of SETUP attacks (strong, regular, and weak SETUPS) and the notion of rn out of n leakage bandwidth. We show a strong attack which is based on the discrete logarithm problem. We then show how to use this setup to compromise the Diffie-Hellman key exchange protocol. We also strengthen the previous SETUP against RSA.The strong attacks employ the discrete logarithm as a one-way function (assuring what is called "forward secrecy"), public-key cryptography, and a technique which we call probabilistic bias removal.

show abstract

Cryptovirology: extortion-based security threats and countermeasures

Young

Yung

160

View full text Add to dashboard Cite

Cryptography: Malicious Cryptography – Exposing Cryptovirology

Young¹,

Yung²

2004

Computer Law & Security Review

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Adam Young

Non-interactive cryptocomputing for NC/sup 1/

The Dark Side of “Black-Box” Cryptography or: Should We Trust Capstone?

Kleptography: Using Cryptography Against Cryptography

Cryptovirology: extortion-based security threats and countermeasures

Cryptography: Malicious Cryptography – Exposing Cryptovirology

Contact Info

Product

Resources

About