TECHNICAL SEMINAR

ON

CRYPTOVIROLOGY

By,
VASUDEVA PURANIK P
8th CSE

Guided By,
Ms.SREEDEVI S B.E., M.Tech.,
 YOU HAVE AN ANTI-VIRUS SOFTWARE!!!!

DOES YOUR SYSTEM IS SAFE FROM VIRUS!!!

CRYPTOVIRUS

NO…
YOUR SYSTEM MAY BE INFECTED BY CRYPTOVIRUS
 CONTENTS

• Basic Definitions
• CryptoVirus
• Comparison b/n Virus and CryptoVirus
• CryptoVirus Attacks
• Kleptography
• Cryptovirology- a right way of use
• Conclusion limit
 Cryptovirology is the study of the applications of cryptography to malicious software.
It deals with the use of cryptographic techniques to strengthen, improve, and develop
new malicious attacks.
Malicious software is a set of instructions that violates the security policies of a
system.
examples : Trojan horse, Virus, Worms etc.
Kleptography is an art and science of stealing information securely and secretly.

Trojan Horse is program with an overt (documented or known) effect and a covert
(undocumented or unexpected) effect.
Virus is a self-replicating program that spreads by inserting (possibly modified) copies
of itself into other executable code or documents.
Anti-virus is a program that attempts to identify, prevent and eliminate computer
viruses and other malicious software. It is mainly built upon pattern matching
(signatures) and upon identifying suspicious behaviors.
A simple virus detection mechanism
Antivirus mechanism

"signature-based" detection when

the virus structure is already
known.

Entry point to the system

A copy of malicious codes

virus detected and

killed by Antivirus
mechanism

Outside Environment Inside the System

 Cryptovirus
Cryptovirus (encrypted virus) is one that enciphers all of the virus code expect for a
small decryption routine.

Deciphering Enciphered Deciphering

Virus code
routine Virus code key

Fig: An encrypted virus. The ordinary virus code is at the left. The
encrypted virus, plus encapsulating decryption information , is at the right.

Private key

Deciphering Enciphered Deciphering Cryptovirus

routine Virus code key
Example: Kill All Code-n shifts Nloo#Doo T/C Info n = 3
Virus code : Kill All
Encryption : Code+3shifts
Enciphered Viruscode: Nloo#Doo
Deciphering routine : Code-n shifts •Reverse engineering
Deciphering key : n = 3 is the process of discovering the
technological principles of a device or
object or system through analysis of
Signatures of Analyzed viruses its structure, function and operation

Shut Down Kill All Delete …..

•Black box Cryptosystem

Pattern matching
Matching virus functionality
Code-n shifts Nloo#Doo T/C Info n = 3

T/C = Timer -> How much time to infect Counter -> How many files to infect

Info = Information to be displayed/send after infection

 A basic model seen today
This basic model can be seen according to intended targets:
• The virus writer creates an RSA (Rivest-Shamir-Adelman) key:
The public key appears in the body of the virus.
The private key is kept by the author.
• The virus spreads and the payload uses the public key. For example, it ciphers the data
( hard drives, files, e-mail, whatever) of the targets
with the public key.
• The virus writer requires a ransom before sending the private key.
Then there is also a problem of reusability: what if a single victim publishes the private
key?
Loss in Profit

A hybrid Cryptovirus model

Next, a hybrid model was proposed that uses Different types of keys :
• The virus writer creates an RSA key:
The public key appears in the body of the virus.
The private key is kept by the author.
• The virus spreads:
The payload creates a secret key.
The secret key is used to cipher data on the disk.
The secret key is ciphered with the public key.
• The writer asks for a ransom before deciphering the secret key.
 CRYPTOVIRAL ATTACKS

1.CRYPTOVIRAL EXTORTION : AN OVERT ATTACK Antivirus mechanism

Stage 1 :
Cryptovirus get entering
to the System.

Entry point to
the system
A copy of malicious codes

Ha…. No one can

detect me
Cryptovirus not
detected by antivirus
mechanism

Inside the System

Outside Environment
 CRYPTOVIRAL EXTORTION….
Stage 2 :
•Cryptovirus
decrypted to its
normal form using
decrypting routine
Cryptovirus Virus and key.

Stage 3 :

•Then Cryptovirus
starts encrypting
the files present in
the system by using
some predefined
secret key.
 CRYPTOVIRAL EXTORTION….

Stage 4 : Want your Files be SAFE and SECURE ???????

Asking for a ransom. Send Moneyyyyy to my Master
Get the KEY…….. - gene

Stage 5 : Ransom paid and required key is obtained.

Stage 6 : Using key, files decrypted to its original usable

form.
 Kleptography
•Kleptography, a subfield of Cryptovirology it is “The art and science of stealing
information securely and secretly”. Kleptographic attacks are primarily geared towards
designing black box ciphers to leak secret key information securely and secretly to the
designer.

•A secure kleptographic attack is undetectable as long as the cryptosystem is a black-

box.

•Black-box cryptosystem is a cryptosystem that is implemented in such a way that the

underlying implementation (source code) cannot be scrutinized.

•black-box cryptosystem can only be used without verifying the correctness of its
implementation
 2.STEALING INFORMATION : A COVERT ATTACK

Stage 1 :

Alice Bob
•A normal communication between Alice and Bob

Stage 3 :
Stage 2 :

Bobs
Secret
key
Trudy Bob
Alice

Communication continued through the active intruder Trudy Trudy’s code gets the Bob’s secret key.
Sends his code too.

Stage 5 :
Stage 4 :

Trudy Alice Trudy

Bob
Then Trudy communicates with Alice in the
Bob’s secret key send to Trudy through the backdoor. name of Bob.
 Devil in the Game.
Cryptovirus WILL IT WORKS ?
Encrypted
Msg Msg Digest Digital Signature
virus removal code Can we call it as CryptoVirPacket ?

Conceal Integrity Authentication

•Alice creates CryptoVirPacket Using her Private Key and Bob’s Public Key.
•CryptoVirPacket sent from Alice to Bob.
•Bob’s system get infected by CryptoVirus.
•Bob uses his Private Key and Alice’s Public Key to decrypt the Msg.
•Runs Virus removal code.
•Checks Digital Signature for Authentication.
•Compares Msg Digest for integrity .

•If any intruder hacks the CryptoVirPacket, his system will get infected by CryptoVirus .
• And our Devil will play a Game until he decrypts the message and runs the
Virus removal code.
 Conclusion

•There is no cure-all for Cryptovirus attacks.

•The best defense is to: verify the authenticity of all programs that you run,
have backup of important information, use existing antiviral tools, and so forth.

•We have learnt how Cryptography can be used to implement viruses that are
able to mount extortion-based attacks on their hosts.

•We can also use Cryptovirology to secure the data in an offensive mode.
 References

1.Adam Young, Moti Young 'Cryptovirology Extortion-Based Security Threats and

Countermeasures' (VX heavens) .htm

2.Eric Filiol 'Applied Cryptanalysis of Cryptosystems and Computer Attacks Through

Hidden Ciphertexts Computer Viruses' (VX heavens).htm

3.Ivan Balepin 'Superworms and Cryptovirology a Deadly Combination‘ (VX heavens).

htm

4.“Cryptography and Network Security” principles and practices By William Stallings

3rd edition.

5.“Computer Security” art and science By Matt Bishop.