| |
| |
| Foreword | |
| |
| |
| Acknowledgments | |
| |
| |
| Introduction | |
| |
| |
| |
| Through Hacker's Eyes | |
| |
| |
| |
| Cryptovirology | |
| |
| |
| |
| Tools for Security and Insecurity | |
| |
| |
| |
| Sources of Entropy | |
| |
| |
| |
| Entropy Extraction via Hashing | |
| |
| |
| |
| Unbiasing a Biased Coin | |
| |
| |
| |
| Von Neumann's Coin Flipping Algorithm | |
| |
| |
| |
| Iterating Neumann's Algorithm | |
| |
| |
| |
| Heuristic Bias Matching | |
| |
| |
| |
| Combining Weak Sources of Entropy | |
| |
| |
| |
| Pseudorandom Number Generators | |
| |
| |
| |
| Heuristic Pseudorandom Number Generation | |
| |
| |
| |
| PRNGs Based on Reduction Arguments | |
| |
| |
| |
| Uniform Sampling | |
| |
| |
| |
| Random Permutation Generation | |
| |
| |
| |
| Shuffling Cards by Repeated Sampling | |
| |
| |
| |
| Shuffling Cards Using Trotter-Johnson | |
| |
| |
| |
| Sound Approach to Random Number Generation and Use | |
| |
| |
| |
| RNGs Are the Beating Heart of System Security | |
| |
| |
| |
| Cryptovirology Benefits from General Advances | |
| |
| |
| |
| Strong Crypto Yields Strong Cryptovi ruses | |
| |
| |
| |
| Mix Networks and Cryptovirus Extortion | |
| |
| |
| |
| Anonymizing Program Propagation | |
| |
| |
| |
| The Two Faces of Anonymity | |
| |
| |
| |
| Anonymity in a Digital Age | |
| |
| |
| |
| From Free Elections to the Unabomber | |
| |
| |
| |
| Electronic Money and Anonymous Payments | |
| |
| |
| |
| Anonymous Assassination Lotteries | |
| |
| |
| |
| Kidnapping and Perfect Crimes | |
| |
| |
| |
| Conducting Criminal Operations with Mixes | |
| |
| |
| |
| Deniable Password Snatching | |
| |
| |
| |
| Password Snatching and Security by Obscurity | |
| |
| |
| |
| Solving the Problem Using Cryptovirology | |
| |
| |
| |
| Zero-Knowledge Proofs to the Rescue | |
| |
| |
| |
| Improving the Attack Using ElGamal | |
| |
| |
| |
| Cryptocounters | |
| |
| |
| |
| Overview of Cryptocounters | |
| |
| |
| |
| Implementing Cryptocounters | |
| |
| |
| |
| A Simple Counter Based on ElGamal | |
| |
| |
| |
| Drawback to the ElGamal Solution | |
| |
| |
| |
| Cryptocounter Based on Squaring | |
| |
| |
| |
| The Paillier Encryption Algorithm | |
| |
| |
| |
| A Simple Counter Based on Paillier | |
| |
| |
| |
| Other Approaches to Cryptocounters | |
| |
| |
| |
| Computationally Secure Information Stealing | |
| |
| |
| |
| Using Viruses to Steal Information | |
| |
| |
| |
| Private Information Retrieval | |
| |
| |
| |
| PIR Based on the Phi-Hiding Problem | |
| |
| |
| |
| Security of the Phi-Hiding PIR | |
| |
| |
| |
| Application of the Phi-Hiding Technique | |
| |
| |
| |
| A Variant of the Phi-Hiding Scheme | |
| |
| |
| |
| Tagged Private Information Retrieval | |
| |
| |
| |
| Secure Information Stealing Malware | |
| |
| |
| |
| Deniable Password Snatching Based on Phi-Hiding | |
| |
| |
| |
| Improved Password-Snatching Algorithm | |
| |
| |
| |
| Questionable Encryptions | |
| |
| |
| |
| Deniable Encryptions | |
| |
| |
| |
| Malware Loaders | |
| |
| |
| |
| Cryptographic Computing | |
| |
| |
| |
| Non-Zero Sum Games and Survivable Malware | |
| |
| |
| |
| Survivable Malware | |
| |
| |
| |
| Elements of Game Theory | |
| |
| |
| |
| Attacking a Brokerage Firm | |
| |
| |
| |
| Assumptions for the Attack | |
| |
| |
| |
| The Distributed Cryptoviral Attack | |
| |
| |
| |
| Security of the Attack | |
| |
| |
| |
| Utility of the Attack | |
| |
| |
| |
| Other Two-Player Game Attacks | |
| |
| |
| |
| Key Search via Facehuggers | |
| |
| |
| |
| Catalyzing Conflict Among Hosts | |
| |
| |
| |
| Future Possibilities | |
| |
| |
| |
| Coping with Malicious Software | |
| |
| |
| |
| Undecidability of Virus Detection | |
| |
| |
| |
| Virus Identification and Obfuscation | |
| |
| |
| |
| Virus String Matching | |
| |
| |
| |
| Polymorphic Viruses | |
| |
| |
| |
| Heuristic Virus Detection | |
| |
| |
| |
| Detecting Code Abnormalities | |
| |
| |
| |
| Detecting Abnormal Program Behavior | |
| |
| |
| |
| Detecting Cryptographic Code | |
| |
| |
| |
| Change Detection | |
| |
| |
| |
| Integrity Self-Checks | |
| |
| |
| |
| Program Inoculation | |
| |
| |
| |
| Kernel Based Signature Verification | |
| |
| |
| |
| The Nature of Trojan Horses | |
| |
| |
| |
| Text Editor Trojan Horse | |
| |
| |
| |
| Salami Slicing Attacks | |
| |
| |
| |
| Thompson's Password Snatcher | |
| |
| |
| |
| The Subtle Nature of Trojan Horses | |
| |
| |
| |
| Bugs May In Fact Be Trojans | |
| |
| |
| |
| RNG Biasing Trojan Horse | |
| |
| |
| |
| Subliminal Channels | |
| |
| |
| |
| Brief History of Subliminal Channels | |
| |
| |
| |
| The Difference Between a Subliminal and a Covert | |