Non-zero sum games and survivable malware

There has been much recent work in the area of beneficial mobile agents and malicious mobile agents such as cryptoviruses. We show that by making a cryptovirus a distributed algorithm, and by utilizing PKI, mix-nets, and public bulletin boards, novel malware attacks are possible. In particular, a distributed cryptovirus attack is presented that forces the victim to become a player in a nonzero sum game under the threat of sensitive information disclosure. The attack is modeled as a nonzero sum game wherein the rules are enforced by cryptographic protocols. It is shown that the optimal strategy for the host machine involves the extension of the life of the payload even after it is discovered on the victim's machine. This therefore extends both the life and decision capability of the virus. The existence of this attack demonstrates the plausibility of survivable malware in public networks.

[1]  H. Raiffa,et al.  GAMES AND DECISIONS; INTRODUCTION AND CRITICAL SURVEY. , 1958 .

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  David Naccache,et al.  On blind signatures and perfect crimes , 1992, Comput. Secur..

[4]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Michael D. Smith,et al.  How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks , 2003, Financial Cryptography.

[8]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[9]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10]  Moti Yung,et al.  Cryptovirology: extortion-based security threats and countermeasures , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[11]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[12]  Moti Yung,et al.  Deniable password snatching: on the possibility of evasive electronic espionage , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.