REVIEW: Malicious Cryptography: Exposing Cryptovirology

crypto

 

by Adam L. Young/Moti Yung, John Wiley & Sons, Inc. 2004

___________________________________________________________________________________

Both the foreword and the introduction are turgid, and bloated with

excessive verbiage, while never giving a clear indication of what the

book is actually about.  Does it have to do with viruses at all?  Is

it about the use of cryptography in any kind of criminal or unethical

endeavour?  The initial material does not make this clear.

Occasionally the text becomes so flowery that sentences have no

meaning at all.

 

The lack of clarity is not assisted by the creation of new and

idiosyncratic terms, or the use of existing jargon in non-standard

ways.  In chapter one, a fictional and glacially slow trip through the

mind of a virus writer, we are told that self-checking modules that

some programs use to detect modification in their own code are

"beneficial Trojans" or "battleprogs."  The term multipartite is

defined in such a way that merely copying the program into RAM (Random

Access Memory) qualifies: that would make every virus ever written,

and every program, for that matter, multipartite.  "Kleptogram" is

used throughout the book, but only defined (and not very clearly) in

the last chapter.  Releasing any virus is seen as having something to

do with "information warfare," which would agree with many

sensationalistic journalists who have written on the subject, but

would probably surprise legitimate experts such as Dorothy Denning.

"Virology" itself (and the more specialized "cryptovirology") is an

excellent term for computer virus research–it just isn't used very

widely.  There is a glossary: it defines commonly known terms and does

not define the specialized jargon that the authors have used.

 

The confusion is not limited to terminology.  There is no technical

sense to the statement (on page twenty five) that a certain layer of

the network stack is "high enough to facilitate rapid software

development" (compilers don't care where their software ends up) but

low enough to escape detection (files, processes, and network packets

are all visible).  A disk locking program, as described, would have no

effect on the operations of a remote access trojan.  And, of course,

our fictional protagonist is constantly creating new versions of the

mythical "undetectable" virus, without there being any indication of

how this might be done.

 

(The fictional aspects of the book are not limited to chapter one.

Throughout the work, examples are taken from fiction: it certainly

feels like more illustrations come from works like "Shockwave Rider"

and "Alien" than from real life.)

 

Chapter two starts to get a bit better.  The authors introduce the

idea of using asymmetric cryptography in order to create a virus (or

other piece of malware) that, rather than merely destroying data,

provides for a reversible denial of access to data, and therefore the

possibility of extortion.  The idea is academically interesting, but

there might be a few practical details to be worked out.

 

Chapter three seems to move further into the academic realm, with an

interesting overview of issues in regard to the generation of random,

or pseudorandom, numbers.  There is also an initial exploration of

anonymity, with an insufficient description of "mix networks" (onion

routing being one example).  A little more discussion of anonymity

starts off chapter four, which then moves on to another use of

asymmetric cryptography in malware: the "deniable" recovery of stolen

information, via distribution over public channels.  Cryptocounters,

which could be used to store generational or other information about

the spread of a virus, without such data being accessible to virus

researchers, are discussed in chapter five.  Chapter six looks at

aspects of searching for, and retrieving, information without

disclosing the fact that an exploration is occurring.  However, much

of the material appears to be some highly abstract solutions rather

desperately in search of problems.  Varying the extortion scenario..

 

copyright Robert M. Slade, 2004 

 

Read more: http://marc.info/?l=isn&m=110371787625937