This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
Bates, J.: Trojan Horse: AIDS information introductory diskette version 2.0. In: Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK (1990)
Bates, J.: High level-programs and the AIDS Trojan. In: Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK (1990)
Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) Advances in Cryptology—Eurocrypt 1994, pp. 92–111. (Lecture Notes in Computer Science 950). Springer, Berlin Heidelberg New York (1994)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)
Department of Defense: National Industrial Security Program Operating Manual 5220.22-M. U.S. Government Printing Office, Washington, DC (1995) %%ISBN 0-16-045560-X
Golle, P., Boneh, D.: Almost entirely correct mixing with applications to voting. In: Sandhu, R., Jajodia, S. (eds.) Computer and Communications Security—CCS 2002, pp. 59–68. ACM, New York (2002)
Grimes, R.: Malicious Mobile Code. O'Reilly and Associates, Sebastopol, CA (2001)
Gülcü, C., Tsudik, G.: Mixing e-mail with Babel. In: Neuman, B., Balenson, D. (eds.) Symposium on Network and Distributed System Security—SNDSS 1996, pp. 2–16. IEEE Computer Society, Washington, DC (1996)
Jakobsson, M.: A practical mix. In: Nyberg, K. (ed.) Advances in Cryptology—Eurocrypt 1998, pp. 448–461. (Lecture Notes in Computer Science 1403). Springer, Berlin Heidelberg New York (1996)
National Bureau of Standards: DES Modes of Operation. Federal Information Processing Standards Publication 81. National Technical Information Service, Springfield, VA (1980)
National Institute of Standards and Technology: Announcing Draft Federal Information Processing Standards (FIPS) 180-2, Secure Hash Standard, and Request for Comments. Federal Register 66(104), 29287 (2001)
National Institute of Standards and Technology: Announcing Approval of Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-2. Federal Register 67(165), 54785–54787 (2002)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Schechter, S., Smith, M.: How much security is enough to stop a thief?: the economics of outsider theft via computer systems and networks. In: Wright, R. (ed.) Financial Cryptography – FC 2003, pp. 122–137. (Lecture Notes in Computer Science 2742). Springer, Berlin Heidelberg New York (2003)
Skulason, F.: Virus dissection: disk killer. In: Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK (1990)
Young, A.: Building a cryptovirus using Microsoft's Cryptographic API. In: Zhou, J., Lopez, J., Deng, R., Bao, F. (eds.) Information Security Conference—ISC 2005, pp. 389–401. (Lecture Notes in Computer Science 3650). Springer, Berlin Heidelberg New York (2005)
Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: McHugh, J., Dinolt, G. (eds.) Symposium on Security & Privacy, pp 129–141. IEEE Computer Society, Washington, DC (1996)
Adam L. Young received a B.S. in Electrical Engineering from Yale in 1994 and a M.S. and Ph.D. in Computer Science from Columbia University in 1996 and 2002, respectively. He served as a MTS at Lucent under Michael Reiter, a Principal Engineer at Lockheed Martin, and has conducted research for the US DoD. Adam Young and Moti Yung authored the Wiley book “Malicious Cryptography:Exposing Cryptovirology,” that was published in 2004.
About this article
Cite this article
Young, A.L. Cryptoviral extortion using Microsoft's Crypto API. Int. J. Inf. Secur. 5, 67–76 (2006). https://doi.org/10.1007/s10207-006-0082-7
- Public key cryptography
- Hybrid encryption
- Cryptographic API