Talk:Cryptovirology: Difference between revisions
Quuxplusone (talk | contribs) →Cryptotrojan example sounds silly: new section |
No edit summary |
||
Line 29: | Line 29: | ||
I'm not disputing the usefulness of "cryptovirology" (silly buzzword!) as a whole; I'm just pointing out that the example on which the current article spends two paragraphs is very silly, and should be replaced with a good example if one exists. (The only non-trivial uses of crypto in malware design that I can think of are both mentioned already: [[ransomware (malware)|ransomware]] and [[polymorphic virus]]es. And the latter doesn't require crypto anyway.) --[[User:Quuxplusone|Quuxplusone]] 04:46, 21 October 2007 (UTC) |
I'm not disputing the usefulness of "cryptovirology" (silly buzzword!) as a whole; I'm just pointing out that the example on which the current article spends two paragraphs is very silly, and should be replaced with a good example if one exists. (The only non-trivial uses of crypto in malware design that I can think of are both mentioned already: [[ransomware (malware)|ransomware]] and [[polymorphic virus]]es. And the latter doesn't require crypto anyway.) --[[User:Quuxplusone|Quuxplusone]] 04:46, 21 October 2007 (UTC) |
||
Comments from legal experts might shed light on how this would turn out in court. For |
|||
instance is "theft" a charge separate from "unlawful entry/use"? Does theft by itself |
|||
carry, e.g. 5 years? The article appears to make no legal claims. |
Revision as of 16:51, 22 November 2007
Cryptography: Computer science Unassessed | |||||||||||||
|
Computer Security: Computing Unassessed | ||||||||||||||||||
|
Cryptotrojan example sounds silly
From the current article:
- An application of a questionable encryption scheme is a trojan that gathers plaintext from the host, "encrypts" it using the trojan's own public key (which may be real or fake), and then exfiltrates the resulting "ciphertext". In this attack it is thoroughly intractable to prove that data theft has occurred. This holds even when all core dumps of the trojan and all the information that it broadcasts is entered into evidence. An analyst that jumps to the conclusion that the trojan "encrypts" data risks being proven wrong by the malware author (e.g., anonymously).
- When the public key is fake, the attacker gets no plaintext from the trojan. So what's the use? A spoofing attack is possible in which some trojans are released that use real public keys and steal data and some trojans are released that use fake public keys and do not steal data. Many months after the trojans are discovered and analayzed, the attacker anonymously posts the witnesses of non-encryption for the fake public keys. This proves that those trojans never in fact exfiltrated data. This casts doubt on the true nature of future strains of malware that contain such "public keys", since the keys could be real or fake. This attack implies a fundamental limitation on proving data theft.
At the risk of repeating myself: "So what's the use?" I think I understand everything in those two paragraphs, but I don't see the practical usefulness of such a result. I think the author is thinking of a scenario like this:
- Cracker breaks into system, installs "cryptotrojan".
- Cryptotrojan collects data, pseudo-encrypts it, sends it to cracker.
- System administrator discovers trojan, traces it, sues cracker for data theft.
- Sysadmin: Judge, this cracker broke into my system and his trojan collected and exfiltrated my private data! Here are the logs proving it.
- Cracker: Judge, my trojan did collect his data, but it did not exfiltrate it! Here is a mathematical proof that my trojan in fact sent only a stream of pseudorandom bits. Therefore you must find me innocent.
- Judge: Oh dear, I suppose so. Not guilty!
- Sysadmin: Oh no! I cannot afford to prosecute crackers if I cannot prove their guilt a priori.
However, common sense and U.S. law would make that dialogue end more like this:
- Cracker: ... Therefore you must find me innocent.
- Judge: I don't care about mathematics; I care about law. You admit you broke into his system and installed malicious software without his approval. You are obviously guilty.
- Cracker: Oh no! I did not expect this turn of events.
So, what's the use? Obviously you can take any first-year crypto topic and put it in a virus, but does that somehow make it interesting or worthy of comment?
I'm not disputing the usefulness of "cryptovirology" (silly buzzword!) as a whole; I'm just pointing out that the example on which the current article spends two paragraphs is very silly, and should be replaced with a good example if one exists. (The only non-trivial uses of crypto in malware design that I can think of are both mentioned already: ransomware and polymorphic viruses. And the latter doesn't require crypto anyway.) --Quuxplusone 04:46, 21 October 2007 (UTC)
Comments from legal experts might shed light on how this would turn out in court. For
instance is "theft" a charge separate from "unlawful entry/use"? Does theft by itself
carry, e.g. 5 years? The article appears to make no legal claims.
- Unassessed Cryptography articles
- Unknown-importance Cryptography articles
- Unassessed Computer science articles
- Unknown-importance Computer science articles
- WikiProject Computer science articles
- WikiProject Cryptography articles
- Unassessed Computer Security articles
- Unknown-importance Computer Security articles
- Unassessed Computing articles
- Unknown-importance Computing articles
- All Computing articles
- All Computer Security articles