Malicious Cryptography: Exposing Cryptovirology

Author - Adam Young ... [Goo?] [Posters]
Author - Moti Yung ... [Goo?] [Posters]

This Paperback Book item from Wiley was reviewed on 1-Apr-2008.

Search ISBN:0764549758 offer from Abebooks or used books from Alibris. Malicious Cryptography: Exposing Cryptovirology Reference Book. Classifications : Encryption Security & Encryption Web Development Computers & Internet Subjects Books Privacy Business & Culture Computers & Internet Subjects Books Network Security Networking Computers & Internet Sub . Click the following link to view the cover of Malicious Cryptography: Exposing Cryptovirology.

Related topics: Encryption. Web Development. Subjects. Books. Privacy. Business & Culture. Subjects. Books. Network Security. Networking.

1) Paperback Book Malicious Cryptography: Exposing Cryptovirology by Wiley. Although "Malicious Cryptography" is most certainly not for beginners, you will enjoy it if you have some background in security and anti-virus research.

Be warned, though: cyber-punk style of this book will probably resonate with some, and irk others.¤

2) Paperback Book Malicious Cryptography: Exposing Cryptovirology by Wiley. Malicious Cryptography: Exposing Cryptovirology is a brilliant book from two leading cryptographers.

This is not for the fainthearted.

If you are looking for an intro to crypto, look elsewhere.

If you want cutting edge info about breaking crypto and making your crypto stronger, this is the book.¤

3) Paperback Book Malicious Cryptography: Exposing Cryptovirology by Wiley. duncan young is truly a gift to the world of cyberphreakery. i once saw him defeat a host of cyborg lemurs with his chainsaw-arm. it was so good. this guy is from the f*ckin future. ´nuff said¤

4) Paperback Book Malicious Cryptography: Exposing Cryptovirology by Wiley. Bypassing computer security systems has sometimes been called an art rather than a science by those who typically do not interact with computing machines at a level that would allow them to appreciate the science behind security attacks. This book does not address the strategies of how to bypass security systems, but instead concentrates on how to use cryptographic methods to corrupt the machines once access has been acquired. Clearly the authors are very excited about the developments in cryptovirology, a relatively young field, that have taken place in the last five years. Their goal though is not to train hackers to break into systems, but rather to coach the reader on how to find vulnerabilities in these systems and then repair them. The subject of cryptovirology is fascinating, especially in the mathematics that is uses, and a thorough knowledge of its power will be required for meeting the challenges of twenty-first century network computing.

After a "motivational chapter" that it meant to shed insight on what it is like to be a hacker, this being done through a collection of short stories, the authors move on to giving a general overview of the field of cryptovirology in chapter 2. The reader gets his first dose of zero-knowledge interactive proofs (ZKIPs), which allow a prover to convince a verifier of a fact without revealing to it why the fact is true. The authors point out that viruses are vulnerable once found, since their rudimentary programming can be then studied and understood. This motivates the introduction of public key cryptography into the payload of the virus, and it is at this point that the field of cryptovirology is born.

Chapter 3 is more of a review of modular arithmetic, entropy generators, and pseudorandom number generators and can be skipped for those readers familiar with these. The authors emphasize the need for effective random number generators and in using multiple sources for entropy generation. They also introduce the very interesting concept of a `mix network´, which allows two mutually distrusting parties to communicate securely and anonymously over a network. `Onion routing´ is discussed as a method for implementing asynchronous mix networks. Mix networks can be used to hide the propagation history of a worm or virus.

In chapter 4, the authors discuss how to implement anonymous communication and how to launch a cryptotrojan attack that utilizes an anonymous communication channel. There are many applications of anonymous communication, one being E-money, and also, unfortunately, money laundering. The authors describe in fair detail how to conduct criminal operations with mix networks and anonymous money. This same technology though allows freedom of speech in geographical areas that are not sympathetic to it. Electronic voting, so controversial at the present time, is discussed as an activity that is very susceptible to the threat of stegotrojans or government violation of anonymity. Techniques for doing deniable password snatching using cryptovirology, and for countering it using zero-knowledge proofs, are also discussed.

Chapter 5 introduces techniques for preventing the reading of counters when a virus is propagating from one machine to another. Known as `cryptocounters´, the authors discuss various techniques for constructing them, such as the ElGamal and Paillier public key cryptosystems.

Private information retrieval (PIR), which allows the secure and private theft of information, is discussed in chapter 6, wherein the authors present a few schemes for performing PIR. These schemes, unfortunately, allow the theft of information without revealing anything about the information sought and without revealing anything about what is taken. The authors also introduce a concept that they call `questionable encryptions´, which are algorithms to produce valid encryptions or fake encryptions depending on the inputs. Related to question encryption, and also discussed in this chapter, are `deniable encryptions´, which allow the sender to produce fake random choices that result in the true plaintext to be kept secret. Also discussed is the topic of `cryptographic computing´, which allows computations with encrypted data without first having to decrypt it. The modular arithmetic used in this chapter is fascinating and well worth the read.

Chapter 7 is by far the most interesting of the entire book, and also the most disconcerting if its strategies are ever realized. The goal of the chapter is to find out to what extent a virus can be constructed whose removal will damage the host machine. This, in the author´s opinion, would be a genuine `digital disease´, and they discuss various scenarios for bringing it about, which are at present not realized, but could be in the near future. The approach discussed involves game theory, and the authors show how the payload of a virus can survive even after discovery of the virus. They give a very detailed algorithm on how to attack a brokerage firm, including the assumptions that must be satisfied by such an attack. The attack is mounted by deploying a distributed cryptovirus that tries to find three suitable host machines, and the attack consists of three phases, the first involving replication leading to the infection of the three machines, the second involving preparation for the attack, and third involving playing the two-player game. The host machines, to be acceptable for launching the attack, must either be "brokerage" machines, which have sensitive information available to the virus, or "reclusive" machines, which are machines that are not subjected to much scrutiny. The goal of the virus, according to the authors, is to give the malware purchasing power, and not direct monetary gain. The virus may then evolve over time to become a portfolio manager, and may even act as a surrogate for purchasing shares on behalf of the firm or client. Other possibilities for the virus are discussed, and the authors overview the security of the attack and its utility.

I did not read the rest of the chapters in the book, so I will omit their review.¤

5) Paperback Book Malicious Cryptography: Exposing Cryptovirology by Wiley. For some time now we have been taught that modern cryptography offers an elegant solution to a number of problems. Communicate securely? use a VPN; identify the author of a document? use a digital signature; securely encrypt e-mail? use PKI. But what if the very power behind these solutions can itself be [misinterpreted]? If such is the case, then encryption can be a curse, a digital signature an illusion and the heralded savior an unconquerable nemesis. This is the essence of what this book is about.

To be sure this is not easy reading. It is adult material, meaning that thinking is required. But it could not be otherwise, the material would not allow it. However the reader will be well rewarded for every morsel of math they endeavor to puzzle through. The realization of the potential dark side of modern cryptography is the first step in preparing to defend against it. This book provides that realization.

The reader may find the first few chapters to be an entertaining fictional account of some days in the life of a hacker. Indeed, the text reads beautifully as such. But here is a chilling thought - what if the events described were real?¤

6) Paperback Book Malicious Cryptography: Exposing Cryptovirology by Wiley. Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

• Understand the mechanics of computationally secure information stealing
• Learn how non-zero sum Game Theory is used to develop survivable malware
• Discover how hackers use public key cryptography to mount extortion attacks
• Recognize and combat the danger of kleptographic attacks on smart-card devices
• Build a strong arsenal against a cryptovirology attack

Page Updated: Robert N. Goolsby, 29-Apr-2008, 07645497589780764549755, 190-430-3X0-580-170-411-8

Malicious Cryptography: Exposing Cryptovirology, Book, Image © Wiley

Search: Wiley, Book Posters, Book Art