White-box attack context cryptovirology

This paper presents the use of cryptographic mechanisms that are suited to the white box attack context (the attacker is supposed to have full control of the target program’s execution environment) and as we will demonstrate, to a viral context. Use of symmetric and asymmetric cryptography by viruses has been popularized by polymorphic viruses and cryptoviruses. The latter are specialized in extorsion. New cryptographic mechanisms, corresponding to a particular implementation of traditional (black box) cryptography have been recently designed to ensure the deep protection of legitimate applications. These mechanisms can be misappropriated and used for the purpose of doing extorsion. We evaluate these new cryptographic primitives and discuss their (mis)use in a viral context.

[1]  Alexandre Gazet,et al.  Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.

[2]  John Aycock,et al.  Anti-disassembly using Cryptographic Hash Functions , 2006, Journal in Computer Virology.

[3]  Eric Filiol,et al.  Metamorphism, Formal Grammars and Undecidable Code Mutation , 2007 .

[4]  Bruce Schneier,et al.  Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.

[5]  Eric Filiol,et al.  On the possibility of practically obfuscating programs towards a unified perspective of code protection , 2007, Journal in Computer Virology.

[6]  Stafford E. Tavares,et al.  An Expanded Set of S-box Design Criteria Based on Information Theory and its Relation to Differential-Like Attacks , 1991, EUROCRYPT.

[7]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[8]  Noam Chomsky,et al.  Three models for the description of language , 1956, IRE Trans. Inf. Theory.

[9]  C. Adams,et al.  DESIGNING S-BOXES FOR CIPHERS RESISTANT TO DIFFERENTIAL CRYPTANALYSIS ( Extended , 1993 .

[10]  Mingtian Zhou,et al.  Some Further Theoretical Results about Computer Viruses , 2004, Comput. J..

[11]  Louis Goubin,et al.  Cryptanalysis of white box DES implementations , 2007, IACR Cryptol. ePrint Arch..

[12]  Serge Mister,et al.  Practical S-Box Design , 1996 .

[13]  Stafford E. Tavares,et al.  On the Design of S-Boxes , 1985, CRYPTO.

[14]  Moti Yung,et al.  Malicious cryptography - exposing cryptovirology , 2004 .

[15]  Noam Chomsky,et al.  On Certain Formal Properties of Grammars , 1959, Inf. Control..

[16]  Bart Preneel,et al.  Condensed White-Box Implementations , 2005 .

[17]  Hamilton E. Link,et al.  Clarifying obfuscation: improving the security of white-box DES , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[18]  Anne Canteaut Cryptographic Functions and Design Criteria for Block Ciphers , 2001, INDOCRYPT.

[19]  Eli Biham,et al.  In How Many Ways Can You Write Rijndael? , 2002, ASIACRYPT.

[20]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[21]  Dan Boneh,et al.  Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[22]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[23]  T. Gulliver,et al.  A Structure for Fast Data Encryption , 2007 .

[24]  Zhi-hong Zuo,et al.  On the time complexity of computer viruses , 2005, IEEE Transactions on Information Theory.

[25]  Moti Yung,et al.  Cryptovirology: extortion-based security threats and countermeasures , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[26]  Eric Filiol,et al.  Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis: the Bradley Virus 1 , 2004 .

[27]  Alaa A. Kharbouch,et al.  Three models for the description of language , 1956, IRE Trans. Inf. Theory.

[28]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[29]  Diomidis Spinellis,et al.  Reliable identification of bounded-length viruses is NP-complete , 2003, IEEE Trans. Inf. Theory.

[30]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[31]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[32]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[33]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.