Hackers have uncovered the dark side of cryptography--that
device developed to defeat Trojan horses, viruses, password theft,
and other cyber-crime. It's called cryptovirology, the art of
turning the very methods designed to protect your data into a means
of subverting it. In this fascinating, disturbing volume, the
experts who first identified cryptovirology show you exactly what
you're up against and how to fight back.

They will take you inside the brilliant and devious mind of a
hacker--as much an addict as the vacant-eyed denizen of the
crackhouse--so you can feel the rush and recognize your
opponent's power. Then, they will arm you for the
counterattack.

This book reads like a futuristic fantasy, but be assured, the
threat is ominously real. Vigilance is essential, now.

* Understand the mechanics of computationally secure information
stealing

* Learn how non-zero sum Game Theory is used to develop
survivable malware

* Discover how hackers use public key cryptography to mount
extortion attacks

* Recognize and combat the danger of kleptographic attacks on
smart-card devices

* Build a strong arsenal against a cryptovirology attack

Dr. Adam Young (Herndon, VA) is a research scientist at
Cigital, Inc. a software security company. He is involved
in research for the Department of Defense and is a well-known
cryptography consultant holding six US patents and two
international patents of novel methods for security implementation.

Dr. Moti Yung (New York, NY) is Senior Researcher at
Columbia University and a well-known cryptography consultant.
Previously the VP/Chief Scientist at CertCo, Inc. Moti is on the
Steering Committee for the Cryptographer's Track for RSA
2004. He is the holder of numerous technology US patents, won the
IBM Outstanding Innovation Award, and co-discovered, with Adam,
numerous cryptovirology attacks.

They will take you inside the brilliant and devious mind of a hackeras much an addict as the vacant-eyed denizen of the crackhouseso you can feel the rush and recognize your opponent's power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

• Understand the mechanics of computationally secure information stealing
• Learn how non-zero sum Game Theory is used to develop survivable malware
• Discover how hackers use public key cryptography to mount extortion attacks
• Recognize and combat the danger of kleptographic attacks on smart-card devices
• Build a strong arsenal against a cryptovirology attack

Acknowledgments.

Introduction.

1 Through Hacker's Eyes.

2 Cryptovirology.

3 Tools for Security and Insecurity.

3.1 Sources of Entropy.

3.2 Entropy Extraction via Hashing.

3.3 Unbiasing a Biased Coin.

3.3.1 Von Neumann's Coin Flipping Algorithm.

3.3.2 Iterating Neumann's Algorithm.

3.3.3 Heuristic Bias Matching.

3.4 Combining Weak Sources of Entropy.

3.5 Pseudorandom Number Generators.

3.5.1 Heuristic Pseudorandom Number Generation.

3.5.2 PRNGs Based on Reduction Arguments.

3.6 Uniform Sampling.

3.7 Random Permutation Generation.

3.7.1 Shuffling Cards by Repeated Sampling.

3.7.2 Shuffling Cards Using Trotter-Johnson.

3.8 Sound Approach to Random Number Generation and Use.

3.9 RNGs Are the Beating Heart of System Security.

3.10 Cryptovirology Benefits from General Advances.

3.10.1 Strong Crypto Yields Strong Cryptovi ruses.

3.10.2 Mix Networks and Cryptovirus Extortion.

3.11 Anonymizing Program Propagation.

4 The Two Faces of Anonymity.

4.1 Anonymity in a Digital Age.

4.1.1 From Free Elections to the Unabomber.

4.1.2 Electronic Money and Anonymous Payments.

4.1.3 Anonymous Assassination Lotteries.

4.1.4 Kidnapping and Perfect Crimes.

4.1.5 Conducting Criminal Operations with Mixes.

4.2 Deniable Password Snatching.

4.2.1 Password Snatching and Security by Obscurity.

4.2.2 Solving the Problem Using Cryptovirology.

4.2.3 Zero-Knowledge Proofs to the Rescue.

4.2.4 Improving the Attack Using ElGamal.

5 Cryptocounters.

5.1 Overview of Cryptocounters.

5.2 Implementing Cryptocounters.

5.2.1 A Simple Counter Based on ElGamal.

5.2.2 Drawback to the ElGamal Solution.

5.2.3 Cryptocounter Based on Squaring.

5.2.4 The Paillier Encryption Algorithm.

5.2.5 A Simple Counter Based on Paillier.

5.3 Other Approaches to Cryptocounters.

6 Computationally Secure Information Stealing.

6.1 Using Viruses to Steal Information.

6.2 Private Information Retrieval.

6.2.1 PIR Based on the Phi-Hiding Problem.

6.2.2 Security of the Phi-Hiding PIR.

6.2.3 Application of the Phi-Hiding Technique.

6.3 A Variant of the Phi-Hiding Scheme.

6.4 Tagged Private Information Retrieval.

6.5 Secure Information Stealing Malware.

6.6 Deniable Password Snatching Based on Phi-Hiding.

6.6.1 Improved Password-Snatching Algorithm.

6.6.2 Questionable Encryptions.

6.6.3 Deniable Encryptions.

6.7 Malware Loaders.

6.8 Cryptographic Computing.

7 Non-Zero Sum Games and Survivable Malware.

7.1 Survivable Malware.

7.2 Elements of Game Theory.

7.3 Attacking a Brokerage Firm.

7.3.1 Assumptions for the Attack.

7.3.2 The Distributed Cryptoviral Attack.

7.3.3 Security of the Attack.

7.3.4 Utility of the Attack.

7.4 Other Two-Player Game Attacks.

7.4.1 Key Search via Facehuggers.

7.4.2 Catalyzing Conflict Among Hosts.

7.5 Future Possibilities.

8 Coping with Malicious Software.

8.1 Undecidability of Virus Detection.

8.2 Virus Identification and Obfuscation.

8.2.1 Virus String Matching.

8.2.2 Polymorphic Viruses.

8.3 Heuristic Virus Detection.

8.3.1 Detecting Code Abnormalities.

8.3.2 Detecting Abnormal Program Behavior.

8.3.3 Detecting Cryptographic Code.

8.4 Change Detection.

8.4.1 Integrity Self-Checks.

8.4.2 Program Inoculation.

8.4.3 Kernel Based Signature Verification.

9 The Nature of Trojan...