This captivating book describes how cryptography can be used for malicious purposes. The first two chapters set the scene. Chapter one provides an insight into the mindset and motivation of a hacker, with the authors helping to make the reader understand, or at least relate to, the highs of hacking; chapter two introduces the concept of cryptovirology and its role in hacking. Adam Young and Moti Yung describe how cryptography and cryptosystems can be used to yield more deadly "malware".
Before cryptography, viruses, once found, were easily dissected, studied and countered. The reader learns that this is no longer the case. By incorporating cryptographic techniques, an author can encrypt a virus with his public key.If the virus is detected, the task of analysis and diagnosis is much more difficult because it must be first decrypted before it can be assessed.
The book examines different aspects of cryptovirology. The text reflects well cryptovirology's heavy use of the tools that are the basic building blocks of all cryptosystems. It discusses the design and construction of strong viruses, secure from detection and identification, and describes how malware can be used to steal information "securely" and "privately". It sounds very James Bond, but the seriousness of the topic comes home when Young and Yung introduce the concept of survivable malware.
The description of malicious virus infectors shows that cryptovirology can be taken beyond criminal activity into subversive destruction, with elements that cause more damage when virus removal is attempted.
All is not lost, however. Young and Yung discuss how to cope with these evil software constructs, equipping the reader with some of the knowledge needed to help identify malware so that it can be contained.
The book covers the range of malicious software that exists today - including viruses, polymorphic viruses, cryptoviruses, trojan horses, crypto-trojans and worms - giving formal and informal descriptions of its different forms. This helps make clear the number of different categories and functions. The text gives cryptographers a new perspective. Security professionals may be familiar with the concept of viruses, but perhaps not with the extent to which a malicious person may try to exploit them.
In the final chapters, the authors describe attacks on cryptography itself.
They present situations in which a crypto-trojan is used to attack key-generation algorithms, which are central to all cryptosystems. The targets are key-generation algorithms that are implemented in a black-box environment. Here, the crypto-trojan leaks secret keys to the attacker securely and undetected. The attacks are enabled by kleptography, which focuses on stealing information without being noticed.
This book achieves the aim of showing that cryptography can be exploited for malicious ends as easily as beneficial ones. On the whole, it is easy to read, although it does contain substantial technical detail and mathematical theory. I would recommend it to readers seeking a combination of academic content and good reading.
Claire Whelan is a PhD research student, School of Computing, Dublin City University, Ireland.
Malicious Cryptography: Exposing Cryptovirology
Author - Adam L. Young and Moti Yung
Publisher - Wiley
Pages - 392
Price - £29.99
ISBN - 0 7645 4975 8