Cryptovirology: extortion-based security threats and countermeasures

Young, Adam; Yung, Moti

doi:10.1109/secpri.1996.502676

Cited by 160 publications

(97 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Young and Yung where the first to raise the concern about malicious use of cryptography (cryptovirology) [13] and have several works related to malware construction and propagation: A virus capable of encrypting files on the victim's computer and hold them for ransom [12]. A mobile program that carries a rerandomizable ciphertext, which enables anonymous communication, where the program takes random walks through a network in a system called Feralcore, and, at each node, the ciphertext is rerandomized [14].…”

Section: Related Workmentioning

confidence: 99%

Malware, Encryption, and Rerandomization – Everything Is Under Attack

Galteland

Gjøsteen

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. A malware author constructing malware wishes to infect a specific location in the network. The author will then infect n initial nodes with n different variations of his malicious code. The malware continues to infect subsequent nodes in the network by making similar copies of itself. An analyst defending M nodes in the network observes N infected nodes with some malware and wants to know if any sample is targeting any of his nodes. To reduce his work, the analyst need only look at unique malware samples. We show that by encrypting the malware payload and using rerandomization to replicate malware, we can make the N observed malware samples distinct and increase the analyst's work factor substantially.

show abstract

Section: Related Workmentioning

confidence: 99%

Malware, Encryption, and Rerandomization – Everything Is Under Attack

Galteland

Gjøsteen

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…However, if just two sites are compromised, an attacker can corrupt or otherwise modify those shares such that it is impossible for anyone to obtain the required number of valid shares, thereby successfully executing a denial of service attack and ultimately data loss. An overly high threshold also increases the risk of a ransomware attack [9]: the attacker encrypts the data, and then ransoms it back for a price.…”

Section: Splitting Scheme Flexibilitymentioning

confidence: 99%

Percival: A searchable secret-split datastore

Frank

Thurlow

Kroeger

et al. 2015

2015 31st Symposium on Mass Storage Systems and Technologies (MSST)

View full text Add to dashboard Cite

Abstract-Maintaining information privacy is challenging when sharing data across a distributed long-term datastore. In such applications, secret splitting the data across independent sites has been shown to be a superior alternative to fixed-key encryption; it improves reliability, reduces the risk of insider threat, and removes the issues surrounding key management. However, the inherent security of such a datastore normally precludes it from being directly searched without reassembling the data; this, however, is neither computationally feasible nor without risk since reassembly introduces a single point of compromise. As a result, the secret-split data must be pre-indexed in some way in order to facilitate searching. Previously, fixed-key encryption has also been used to securely pre-index the data, but in addition to key management issues, it is not well suited for long term applications.To meet these needs, we have developed Percival: a novel system that enables searching a secret-split datastore while maintaining information privacy. We leverage salted hashing, performed within hardware security modules, to access prerecorded queries that have been secret split and stored in a distributed environment; this keeps the bulk of the work on each client, and the data custodians blinded to both the contents of a query as well as its results. Furthermore, Percival does not rely on the datastore's exact implementation. The result is a flexible design that can be applied to both new and existing secret-split datastores. When testing Percival on a corpus of approximately one million files, it was found that the average search operation completed in less than one second.

show abstract

“…Young and Yung (1996) discuss cryptoviruses, which use strong cryptography in a virus' payload for extortion purposes. Riordan and Schneier (1998) Filiol's work is most related to ours: it uses environmental key generation to decrypt viral code which is strongly-encrypted.…”

Section: Related Work and Conclusionmentioning

confidence: 99%