Skip to main content
SpringerLink
Log in

White-box attack context cryptovirology

  • Eicar 2008 extended version
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

This paper presents the use of cryptographic mechanisms that are suited to the white box attack context (the attacker is supposed to have full control of the target program’s execution environment) and as we will demonstrate, to a viral context. Use of symmetric and asymmetric cryptography by viruses has been popularized by polymorphic viruses and cryptoviruses. The latter are specialized in extorsion. New cryptographic mechanisms, corresponding to a particular implementation of traditional (black box) cryptography have been recently designed to ensure the deep protection of legitimate applications. These mechanisms can be misappropriated and used for the purpose of doing extorsion. We evaluate these new cryptographic primitives and discuss their (mis)use in a viral context.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Aycock, J., deGraaf, R., Jacobson, M.: Anti-Disassembly using Cryptographic Hash Functions. University of Calgary, Canada. Available at http://pages.cpsc.ucalgary.ca/~aycock/ (2005)

  2. Adams, C.M., Tavares, S.E.: Designing S-Boxes for ciphers resistant to differential cryptanaysis. In: Wolfowicz, W. (ed.) Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, pp. 181–190. Fondazione Ugo Bordoni (1993)

  3. Adams, C.M., Mister, S.: Practical S-Box Design. Workshop on Selected Areas in Cryptography (SAC’96) Workshop Record, Queens University, pp. 61–76 (1996)

  4. Barkan, E., Biham, E.: In how many ways can you write Rijndael? In: Proceedings of Asiacrypt’02, LNCS 2501, pp. 160–175 (2002)

  5. Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Helena, H., Anwar Hasan, M. (eds.) Selected areas in Cryptography. Lecture Notes in Computer Science, vol. 3357, pp. 227–240. Springer, Heidelberg (2004)

  6. Boneh, D., Felten, E., Jacob, M.: Attacking an obfuscated cipher by injecting faults. In: Digital Rights Management Workshop, pp. 16–31. Available at http://www.cs.princeton.edu/~mjacob/papers/drm1.pdf (2002)

  7. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. Available at http://www.math.ias.edu/~boaz/Papers/obfuscate.html (2001)

  8. Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating programs. Towards a unified perspective of code protection. In: Bonfante, G., Marion, J.-Y. (eds.) Journal in Computer Virology, (2)–4, WTCV’06 Special Issue (2006)

  9. Canteaut, A.: Cryptographic Functions and Design Criteria for Block Ciphers. In: Progress in Cryptology—Indocrypt 2001, no 2247 in LNCS, pp. 1–16. Springer, Heidelberg (2001)

  10. Chomsky N. (1956) Three models for the description of languages. IRE Trans. Inform. Theory 2(2): 113–123

    Article  Google Scholar 

  11. Chomsky N. (1969) On certain formal properties of grammars. Inf. Control 2: 137–167

    Article  MathSciNet  Google Scholar 

  12. Chow, S., Eisen, P.A., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for drm applications. In: Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, Washington, November 18, 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2696, pp. 1–15. Springer, Heidelberg (2002)

  13. Chow, S., Eisen, P.A., Johnson, H., van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H.M. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 2595, pp. 250-270. Springer, Heidelberg (2002)

  14. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proceedings of STOC 1998, pp. 209–218 (1998)

  15. Cloakware Security Suite. Available at http://www.cloakware.com

  16. Dawson, M.H., Tavares, S.E.: An expanded set of S-Box design criteria based on information theory and its relation to differential-like attacks. In: Advances in Cryptology, Eurocrypt ’91, pp. 353–367 (1991)

  17. Filiol, E.: (2004) Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis : the BRADLEY virus. INRIA ISSN 0249-6399. In: Proceedings of EICAR 2005 Conference, StJuliens/Valletta, Malte. Available at http://papers.weburb.org/frame.php?loc=archive/00000136/

  18. Filiol, E.: Techniques virales avancées. Springer, Collection IRIS, XXI, p. 283, ISBN 978-2-287-33887-8 (2006)

  19. Filiol, E.: Metamorphism, formal grammars and undecidable code mutation. In: International Journal of Computer Science, vol. 2, Nb. 1, 2007 ISSN 1306–4428 (2007)

  20. Gazet, A.: Comparative analysis of various ransomware virii. In: Proceedings of the 17th EICAR Conference, ESIEA, Laval (2008)

  21. Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. Cryptology ePrint Archive, Report 2007/035, 2007. http://eprint.iacr.org/ (2007)

  22. Hendessi, F., Gulliver, A., Shafieinejad, A.: A structure for fast data encryption. J. Contemp. Math. Sci. 2(29–32), 1401–1424 (2007)

    Google Scholar 

  23. Link, H.E., Neumann, W.D.: Clarifying obfuscation: improving the security of white-box DES. In: ITCC (1), pp. 679–684 (2005)

  24. Michiels, W., Gorissen, P., Preneel, B., Wyseur, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings (2007)

  25. Preneel, B., Wyseur, B.: Condensed white-box implementations. In: Proceedings of the 26th Symposium on Information Theory in the Benelux, pp. 296–301. Brussels, Belgium (2005)

  26. Qozah. Polymorphism and grammars, In: 29A E-zine, 4. Available at http://www.29a.net/ (1999)

  27. Riordan, J., Schneier, B.: Environmental Key Generation towards Clueless Agents. School of Mathematics Counterpane Systems, University of Minnesota, Minneapolis. Available at http://www.schneier.com/paper-clueless-agents.pdf

  28. Spinellis D. (2003) Reliable identification of bounded-length viruses is NP-complete. IEEE Trans. Inf. Theory 49(1): 280–284

    Article  MATH  MathSciNet  Google Scholar 

  29. Tavares, S.E., Webster, A.F.: On the design of S-Boxes. In: Crypto, Lecture Notes in Computer Science, vol. 218, pp. 523–534 (1985)

  30. Young, A.L., Yung Cryptovirology: extortion based security threats and countermeasures. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 129–141. IEEE Computer Society Press, Oakland (1996)

  31. Young A.L., Yung M. (2004) Malicious cryptography, exposing cryptovirology. Wiley, New York

    Google Scholar 

  32. Zuo Z., Zhou M. (2003) On the time complexity of computer viruses. IEEE Trans. Inf. Theo. 51(8): 2962–2966

    Article  MathSciNet  Google Scholar 

  33. Zuo Z., Zhou M. (2004) Some further theoretical results about computer viruses. Comp. J. 47(6): 627–633

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Silicomp-AQL, 1 rue de la Châtaigneraie, CS 51766, 35517, Cesson-Sévigné Cedex, France

    Sébastien Josse

Authors
  1. Sébastien Josse
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sébastien Josse.

Additional information

This paper has been awarded with the EICAR 2008 Best Student Paper. Also with the Ecole Supérieure d’Informatique, d’Electronique, et d’Automatique, Laboratoire de virologie et de cryptologie opérationnelles, Laval, France.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Josse, S. White-box attack context cryptovirology. J Comput Virol 5, 321–334 (2009). https://doi.org/10.1007/s11416-008-0097-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-008-0097-x

Keywords

Search

Navigation