Skip to main content
Email Print Share

Malicious Cryptography - Exposing Cryptovirology

September 14, 2004 4:00 PM  to 
September 14, 2004 5:00 PM
NSF, Room 110, Arlington, VA

Lecturer: Dr. Adam Young

Cryptography is commonly regarded as a critical enabling technology in the on-line world. It can permit safe transmission of confidential information over untrusted networks and prove the origin of messages. But cryptography can also be a very powerful disabling technology. In recent years significant research has investigated how well-known cryptographic paradigms and tools can be used to undermine computer system security once internal access is acquired.

This talk will explore the darker side of cryptography. Noteworthy attacks to be described include:

  • how to use public key cryptography to mount reversible denial-of-service attacks;
  • how a virus might asymmetrically encrypt host data (that has not been backed-up);
  • how a cryptovirus can steal data from a host machine without revealing that which is sought, even if the virus is under constant surveillance;
  • how to design a password-snatching cryptotrojan that makes it virtually impossible to identify the author when the encrypted passwords are retrieved even if all of its actions are recorded and analyzed;
  • and how a cryptotrojan can attack industry-standard cryptosystems.
By design, these Trojans give the attacker covert access to the private keys of users and are extremely robust against reverse-engineering. When implemented in tamper-resistant devices the theft cannot be detected by anyone, save the attacker.

The talk is based on "Malicious Cryptography: Exposing Cryptovirology," by Adam Young and Moti Yung (John Wiley & Sons). The book also covers various countermeasures that can help protect against these attacks.

About the Lecturer:
Dr. Young has authored 24 publications in such peer-reviewed conferences as IEEE Foundations of Computer Science, Crypto, Eurocrypt, Asiacrypt, Fast Software Encryption, Algorithmic Number Theory Symposium (ANTS), PKC, CQRE, SCN, ICISC, CT-RSA, SAC, IEEE Security & Privacy, CHES, ACISP, and the IEEE Information Assurance Workshop. He has been invited to serve on the program committees for Financial Crypto, IEEE Info. Assur. Workshop, Indocrypt, and ACNS. Dr. Young has published a book entitled "Malicious Cryptography: Exposing Cryptovirology" with Dr. Moti Yung. Prior to joining Cigital, Dr. Young worked for Lockheed Martin Global Telecom, Certco, and Lucent Technologies as a MTS. He holds MS and PhD degrees in Computer Science from Columbia and a BS degree in Electrical Engineering from Yale.

Meeting Type

Carl Landwehr,

NSF Related Organizations
Directorate for Computer & Information Science & Engineering