Abstract
This paper presents the use of cryptographic mechanisms that are suited to the white box attack context (the attacker is supposed to have full control of the target program’s execution environment) and as we will demonstrate, to a viral context. Use of symmetric and asymmetric cryptography by viruses has been popularized by polymorphic viruses and cryptoviruses. The latter are specialized in extorsion. New cryptographic mechanisms, corresponding to a particular implementation of traditional (black box) cryptography have been recently designed to ensure the deep protection of legitimate applications. These mechanisms can be misappropriated and used for the purpose of doing extorsion. We evaluate these new cryptographic primitives and discuss their (mis)use in a viral context.
Similar content being viewed by others
References
Aycock, J., deGraaf, R., Jacobson, M.: Anti-Disassembly using Cryptographic Hash Functions. University of Calgary, Canada. Available at http://pages.cpsc.ucalgary.ca/~aycock/ (2005)
Adams, C.M., Tavares, S.E.: Designing S-Boxes for ciphers resistant to differential cryptanaysis. In: Wolfowicz, W. (ed.) Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, pp. 181–190. Fondazione Ugo Bordoni (1993)
Adams, C.M., Mister, S.: Practical S-Box Design. Workshop on Selected Areas in Cryptography (SAC’96) Workshop Record, Queens University, pp. 61–76 (1996)
Barkan, E., Biham, E.: In how many ways can you write Rijndael? In: Proceedings of Asiacrypt’02, LNCS 2501, pp. 160–175 (2002)
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Helena, H., Anwar Hasan, M. (eds.) Selected areas in Cryptography. Lecture Notes in Computer Science, vol. 3357, pp. 227–240. Springer, Heidelberg (2004)
Boneh, D., Felten, E., Jacob, M.: Attacking an obfuscated cipher by injecting faults. In: Digital Rights Management Workshop, pp. 16–31. Available at http://www.cs.princeton.edu/~mjacob/papers/drm1.pdf (2002)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. Available at http://www.math.ias.edu/~boaz/Papers/obfuscate.html (2001)
Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating programs. Towards a unified perspective of code protection. In: Bonfante, G., Marion, J.-Y. (eds.) Journal in Computer Virology, (2)–4, WTCV’06 Special Issue (2006)
Canteaut, A.: Cryptographic Functions and Design Criteria for Block Ciphers. In: Progress in Cryptology—Indocrypt 2001, no 2247 in LNCS, pp. 1–16. Springer, Heidelberg (2001)
Chomsky N. (1956) Three models for the description of languages. IRE Trans. Inform. Theory 2(2): 113–123
Chomsky N. (1969) On certain formal properties of grammars. Inf. Control 2: 137–167
Chow, S., Eisen, P.A., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for drm applications. In: Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, Washington, November 18, 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2696, pp. 1–15. Springer, Heidelberg (2002)
Chow, S., Eisen, P.A., Johnson, H., van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H.M. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 2595, pp. 250-270. Springer, Heidelberg (2002)
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proceedings of STOC 1998, pp. 209–218 (1998)
Cloakware Security Suite. Available at http://www.cloakware.com
Dawson, M.H., Tavares, S.E.: An expanded set of S-Box design criteria based on information theory and its relation to differential-like attacks. In: Advances in Cryptology, Eurocrypt ’91, pp. 353–367 (1991)
Filiol, E.: (2004) Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis : the BRADLEY virus. INRIA ISSN 0249-6399. In: Proceedings of EICAR 2005 Conference, StJuliens/Valletta, Malte. Available at http://papers.weburb.org/frame.php?loc=archive/00000136/
Filiol, E.: Techniques virales avancées. Springer, Collection IRIS, XXI, p. 283, ISBN 978-2-287-33887-8 (2006)
Filiol, E.: Metamorphism, formal grammars and undecidable code mutation. In: International Journal of Computer Science, vol. 2, Nb. 1, 2007 ISSN 1306–4428 (2007)
Gazet, A.: Comparative analysis of various ransomware virii. In: Proceedings of the 17th EICAR Conference, ESIEA, Laval (2008)
Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. Cryptology ePrint Archive, Report 2007/035, 2007. http://eprint.iacr.org/ (2007)
Hendessi, F., Gulliver, A., Shafieinejad, A.: A structure for fast data encryption. J. Contemp. Math. Sci. 2(29–32), 1401–1424 (2007)
Link, H.E., Neumann, W.D.: Clarifying obfuscation: improving the security of white-box DES. In: ITCC (1), pp. 679–684 (2005)
Michiels, W., Gorissen, P., Preneel, B., Wyseur, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings (2007)
Preneel, B., Wyseur, B.: Condensed white-box implementations. In: Proceedings of the 26th Symposium on Information Theory in the Benelux, pp. 296–301. Brussels, Belgium (2005)
Qozah. Polymorphism and grammars, In: 29A E-zine, 4. Available at http://www.29a.net/ (1999)
Riordan, J., Schneier, B.: Environmental Key Generation towards Clueless Agents. School of Mathematics Counterpane Systems, University of Minnesota, Minneapolis. Available at http://www.schneier.com/paper-clueless-agents.pdf
Spinellis D. (2003) Reliable identification of bounded-length viruses is NP-complete. IEEE Trans. Inf. Theory 49(1): 280–284
Tavares, S.E., Webster, A.F.: On the design of S-Boxes. In: Crypto, Lecture Notes in Computer Science, vol. 218, pp. 523–534 (1985)
Young, A.L., Yung Cryptovirology: extortion based security threats and countermeasures. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 129–141. IEEE Computer Society Press, Oakland (1996)
Young A.L., Yung M. (2004) Malicious cryptography, exposing cryptovirology. Wiley, New York
Zuo Z., Zhou M. (2003) On the time complexity of computer viruses. IEEE Trans. Inf. Theo. 51(8): 2962–2966
Zuo Z., Zhou M. (2004) Some further theoretical results about computer viruses. Comp. J. 47(6): 627–633
Author information
Authors and Affiliations
Corresponding author
Additional information
This paper has been awarded with the EICAR 2008 Best Student Paper. Also with the Ecole Supérieure d’Informatique, d’Electronique, et d’Automatique, Laboratoire de virologie et de cryptologie opérationnelles, Laval, France.
Rights and permissions
About this article
Cite this article
Josse, S. White-box attack context cryptovirology. J Comput Virol 5, 321–334 (2009). https://doi.org/10.1007/s11416-008-0097-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-008-0097-x