Malicious Cryptography: Kleptographic Aspects
نویسندگان
چکیده
In the last few years we have concentrated our research efforts on new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself? This led us to realize that in certain scenarios of black box cryptography (namely, when the code is inaccessible to scrutiny as in the case of tamper proof cryptosystems or when no one cares enough to scrutinize the code) there are attacks that employ cryptography itself against cryptographic systems in such a way that the attack possesses unique properties (i.e., special advantages that attackers have such as granting the attacker exclusive access to crucial information where the exclusive access privelege holds even if the Trojan is reverse-engineered). We called the art of designing this set of attacks “kleptography.” In this paper we demonstrate the power of kleptography by illustrating a carefully designed attack against RSA key generation.
منابع مشابه
Cliptography: Clipping the Power of Kleptographic Attacks
Kleptography, introduced 20 years ago by Young and Yung [Crypto ’96], studies how to steal information securely and subliminally from cryptosystems. The basic framework considers the (in)security of malicious implementations of a standard cryptographic primitives by embedding a “backdoor” into the system. Remarkably, crippling subliminal attacks are possible even if the subverted cryptosystem p...
متن کاملThreshold Kleptographic Attacks on Discrete Logarithm Based Signatures
In an ` out of n threshold scheme, ` out of n members must cooperate to recover a secret. A kleptographic attack is a backdoor which can be implemented in an algorithm and further used to retrieve a user’s secret key. We combine the notions of threshold scheme and kleptographic attack to construct the first ` out of n threshold kleptographic attack on discrete logarithm based digital signatures...
متن کاملInvestigating Methods of Kleptography
Due to the fast development in information and communication technology, new challenging problems appear in the security. So, it is important and vital that the scientific society of our country focuses on research and studies these problems and by providing new proposal try to respond to these critical needs of our country. Hence, our aim in this paper is to study and highlight one of the impo...
متن کاملDestroying Steganography via Amalgamation: Kleptographically CPA Secure Public Key Encryption
We describe a general technique to protect randomized algorithms against kleptographic attacks. We then apply the technique to construct the first IND-CPA secure public-key encryption scheme in the kleptographic setting. Our scheme preserves IND-CPA security, even when all relevant cryptographic algorithms—including key generation—are subject to adversarial subversion. The scheme requires no tr...
متن کاملStealing Secrets with SSL/TLS and SSH
We present very simple kleptographic attacks on SSL/TLS and SSH protocols. They enable a party, which has slightly manipulated the code of a cryptographic library, to steal secrets of the user. According to the scenario of the kleptographic attacks the secrets can be stolen only by a party having a secret key not included in the manipulated code. The attacker needs only to record transmissions....
متن کامل