okay show me the conclusion of the cryptovirology
Posts: 6,843
Threads: 4
Joined: Mar 2015
Conclusion
Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. The field was born with the observation that public-key cryptography can be used to break the symmetry between what a malware analyst sees regarding malware and what the malware creator sees. The former sees a public key in the malware whereas the latter sees the public key as well as the corresponding private key since the malware designer created the key pair for the attack. The public key allows the malware to perform trapdoor one-way operations on the victim's computer that only the malware creator can undo.The first attack that was identified in the field is called "cryptoviral extortion". In this attack a cryptovirus, cryptoworm, or cryptotrojan hybrid encrypts the victim's files and the victim must pay the malware author to receive the needed session key (which is encrypted under the malware creator's public key that is contained in the malware). The victim needs the session key if the files are needed and there are no backups of them. Many years later the media relabeled this attack as ransomware.The field also encompasses covert attacks in which the attacker secretly steals private information such as private keys. An example of the latter type of attack are asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can be used only by the attacker, even after it is found. This contrasts with the traditional backdoor that is symmetric, i.e., anyone that finds it can use it. Kleptography, a subfield of cryptovirology, is the study of asymmetric back doors in key generation algorithms, digital signature algorithms, key exchanges, and other cryptographic algorithms. The NIST Dual EC DRBG random bit generator has an alleged asymmetric backdoor in it. The EC-DRBG algorithm utilizes the discrete-log kleptogram from Kleptography. There is a misconception that cryptovirology is mostly about extortion attacks (overt attacks). In fact, the vast majority of cryptovirology attacks are covert in nature.