It takes a cryptovirus to fight one

Malicious Cryptography
October 8, 2004

This captivating book describes how cryptography can be used for malicious purposes. The first two chapters set the scene. Chapter one provides an insight into the mindset and motivation of a hacker, with the authors helping to make the reader understand, or at least relate to, the highs of hacking; chapter two introduces the concept of cryptovirology and its role in hacking. Adam Young and Moti Yung describe how cryptography and cryptosystems can be used to yield more deadly "malware".

Before cryptography, viruses, once found, were easily dissected, studied and countered. The reader learns that this is no longer the case. By incorporating cryptographic techniques, an author can encrypt a virus with his public key.If the virus is detected, the task of analysis and diagnosis is much more difficult because it must be first decrypted before it can be assessed.

The book examines different aspects of cryptovirology. The text reflects well cryptovirology's heavy use of the tools that are the basic building blocks of all cryptosystems. It discusses the design and construction of strong viruses, secure from detection and identification, and describes how malware can be used to steal information "securely" and "privately". It sounds very James Bond, but the seriousness of the topic comes home when Young and Yung introduce the concept of survivable malware.

The description of malicious virus infectors shows that cryptovirology can be taken beyond criminal activity into subversive destruction, with elements that cause more damage when virus removal is attempted.

All is not lost, however. Young and Yung discuss how to cope with these evil software constructs, equipping the reader with some of the knowledge needed to help identify malware so that it can be contained.

The book covers the range of malicious software that exists today - including viruses, polymorphic viruses, cryptoviruses, trojan horses, crypto-trojans and worms - giving formal and informal descriptions of its different forms. This helps make clear the number of different categories and functions. The text gives cryptographers a new perspective. Security professionals may be familiar with the concept of viruses, but perhaps not with the extent to which a malicious person may try to exploit them.

In the final chapters, the authors describe attacks on cryptography itself.

They present situations in which a crypto-trojan is used to attack key-generation algorithms, which are central to all cryptosystems. The targets are key-generation algorithms that are implemented in a black-box environment. Here, the crypto-trojan leaks secret keys to the attacker securely and undetected. The attacks are enabled by kleptography, which focuses on stealing information without being noticed.

This book achieves the aim of showing that cryptography can be exploited for malicious ends as easily as beneficial ones. On the whole, it is easy to read, although it does contain substantial technical detail and mathematical theory. I would recommend it to readers seeking a combination of academic content and good reading.

Claire Whelan is a PhD research student, School of Computing, Dublin City University, Ireland.

Malicious Cryptography: Exposing Cryptovirology

Author - Adam L. Young and Moti Yung
Publisher - Wiley
Pages - 392
Price - £29.99
ISBN - 0 7645 4975 8

You've reached your article limit.

Register to continue

Registration is free and only takes a moment. Once registered you can read a total of 3 articles each month, plus:

  • Sign up for the editor's highlights
  • Receive World University Rankings news first
  • Get job alerts, shortlist jobs and save job searches
  • Participate in reader discussions and post comments
Register

Have your say

Log in or register to post comments

Most Commented

James Fryer illustration (27 July 2017)

It is not Luddism to be cautious about destroying an academic publishing industry that has served us well, says Marilyn Deegan

Hand squeezing stress ball
Working 55 hours per week, the loss of research periods, slashed pensions, increased bureaucracy, tiny budgets and declining standards have finally forced Michael Edwards out
Jeffrey Beall, associate professor and librarian at the University of Colorado Denver

Creator of controversial predatory journals blacklist says some peers are failing to warn of dangers of disreputable publishers

Kayaker and jet skiiers

Nazima Kadir’s social circle reveals a range of alternative careers for would-be scholars, and often with better rewards than academia

hole in ground

‘Drastic action’ required to fix multibillion-pound shortfall in Universities Superannuation Scheme, expert warns