Cryptoviral extortion using Microsoft's Crypto API

Special Issue Paper

Abstract

This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data.

Keywords

Cryptovirus Public key cryptography Hybrid encryption Cryptographic API RSA 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bates, J.: Trojan Horse: AIDS information introductory diskette version 2.0. In: Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK (1990)Google Scholar
  2. 2.
    Bates, J.: High level-programs and the AIDS Trojan. In: Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK (1990)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) Advances in Cryptology—Eurocrypt 1994, pp. 92–111. (Lecture Notes in Computer Science 950). Springer, Berlin Heidelberg New York (1994)Google Scholar
  4. 4.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  5. 5.
    Department of Defense: National Industrial Security Program Operating Manual 5220.22-M. U.S. Government Printing Office, Washington, DC (1995) %%ISBN 0-16-045560-XGoogle Scholar
  6. 6.
    Golle, P., Boneh, D.: Almost entirely correct mixing with applications to voting. In: Sandhu, R., Jajodia, S. (eds.) Computer and Communications Security—CCS 2002, pp. 59–68. ACM, New York (2002)Google Scholar
  7. 7.
    Grimes, R.: Malicious Mobile Code. O'Reilly and Associates, Sebastopol, CA (2001)Google Scholar
  8. 8.
    Gülcü, C., Tsudik, G.: Mixing e-mail with Babel. In: Neuman, B., Balenson, D. (eds.) Symposium on Network and Distributed System Security—SNDSS 1996, pp. 2–16. IEEE Computer Society, Washington, DC (1996)Google Scholar
  9. 9.
    Jakobsson, M.: A practical mix. In: Nyberg, K. (ed.) Advances in Cryptology—Eurocrypt 1998, pp. 448–461. (Lecture Notes in Computer Science 1403). Springer, Berlin Heidelberg New York (1996)Google Scholar
  10. 10.
    National Bureau of Standards: DES Modes of Operation. Federal Information Processing Standards Publication 81. National Technical Information Service, Springfield, VA (1980)Google Scholar
  11. 11.
    National Institute of Standards and Technology: Announcing Draft Federal Information Processing Standards (FIPS) 180-2, Secure Hash Standard, and Request for Comments. Federal Register 66(104), 29287 (2001)Google Scholar
  12. 12.
    National Institute of Standards and Technology: Announcing Approval of Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-2. Federal Register 67(165), 54785–54787 (2002)Google Scholar
  13. 13.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)Google Scholar
  14. 14.
    Schechter, S., Smith, M.: How much security is enough to stop a thief?: the economics of outsider theft via computer systems and networks. In: Wright, R. (ed.) Financial Cryptography – FC 2003, pp. 122–137. (Lecture Notes in Computer Science 2742). Springer, Berlin Heidelberg New York (2003)Google Scholar
  15. 15.
    Skulason, F.: Virus dissection: disk killer. In: Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK (1990)Google Scholar
  16. 16.
    Young, A.: Building a cryptovirus using Microsoft's Cryptographic API. In: Zhou, J., Lopez, J., Deng, R., Bao, F. (eds.) Information Security Conference—ISC 2005, pp. 389–401. (Lecture Notes in Computer Science 3650). Springer, Berlin Heidelberg New York (2005)Google Scholar
  17. 17.
    Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: McHugh, J., Dinolt, G. (eds.) Symposium on Security & Privacy, pp 129–141. IEEE Computer Society, Washington, DC (1996)Google Scholar

Copyright information

© Springer-Verlag 2006

Authors and Affiliations

  1. 1.23 Dudley CourtSterlingUSA

Personalised recommendations