Kleptography

from Wikipedia, the free encyclopedia

Kleptography ( old Gr . Κλέπτειν kléptein "stealing" and graphics ) deals with the secure and covert theft of (protected) information. Kleptography is a branch of cryptography and cryptovirology . It is also an extension of the hidden sewer theory explored by Gus Simmons . Kleptography is also related to steganography .

Concept introduction

The term kleptography was introduced by Adam L. Young and Moti Yung in the Proceedings of Advances in Cryptology — Crypto '96 . A kleptographic attack is a forward engineering attack that builds an asymmetric backdoor into a cryptosystem or into a cryptographic protocol. Can be manipulated in this way, for. B. a smart card , a dynamic link library , a computer program or a hardware security module (HSM).

particularities

The special thing about this type of attack is that the manipulation uses asymmetric cryptology. In contrast to a symmetrical backdoor , to which anyone who knows the backdoor has access, an asymmetrical backdoor can be used exclusively by the individual attacker who installed it. Even if the exact draft of the backdoor were published, it would only be usable if the data set by the attacker was also known. In addition, the outputs of the infected cryptosystem are computationally indistinguishable from those of a corresponding uninfected cryptosystem. Therefore, the attack in black box implementations (e.g. in smart cards or HSMs) will most likely go unnoticed. Because of the asymmetry, even a successful reverse engineering attack can at best detect the presence of an asymmetric backdoor - but it cannot use it.

Kleptographic attacks can be carried out with crypto Trojans , which infect a cryptosystem and open a backdoor for the attacker, and can also be implemented directly by the manufacturer of a cryptosystem. The attack need not necessarily expose the entire output of the cryptosystem; a more sophisticated attack vector can alternate between generating secure, uninfected output and generating insecure, backdoored data.

Kleptographic attacks have been published for RSA key generation , Diffie-Hellman key exchange , the digital signature algorithm and other cryptographic algorithms and protocols , among others . The SSL , SSH and IPsec protocols are also at risk from kleptographic attacks. In any case, the attacker can compromise the cryptographic algorithm by examining the information that contains the backdoor information (e.g. the public key, digital signature, key exchange messages, etc.) and then the logic of the uses asymmetric backdoor with its secret key (usually a private key).

A. Juels and J. Guajardo proposed a method (KEGVER) in which a third party can verify the unmanipulated RSA key generation: A type of distributed key generation is used in which the secret key is only known to the black box - thus it can be ensured that the key generation has not been modified and thus the private key cannot be exposed by a kleptographic attack.

In practice, four special examples of kleptographic attacks (including a simplified SETUP attack against RSA) can be traced in JCrypTool 1.0, the platform-independent part of the open source project CrypTool .

literature

Web links

Individual evidence

  1. ^ GJ Simmons : The Prisoners' Problem and the Subliminal Channel , in Proceedings of Crypto '83 , D. Chaum (Ed.), Pages 51-67, Plenum Press, 1984.
  2. ^ GJ Simmons: The Subliminal Channel and Digital Signatures , In Proceedings of Eurocrypt '84 , T. Beth, N. Cot, I. Ingemarsson (Eds.), Pages 364-378, Springer-Verlag, 1985.
  3. ^ GJ Simmons: Subliminal Communication is Easy Using the DSA , In proceedings of Eurocrypt '93 , T. Helleseth (Ed.), Pages 218-232, Springer-Verlag, 1993.
  4. ^ A. Young, M. Yung: The Dark Side of Black-Box Cryptography, or: Should we trust Capstone? , in Proceedings of Crypto '96 , Neal Koblitz (Ed.), Springer-Verlag, pages 89-103, 1996.
  5. Cryptovirology FAQ
  6. ^ A b A. Young, M. Yung: Malicious Cryptography: Exposing Cryptovirology , John Wiley & Sons, 2004.
  7. SSL attack by Filipa Zagórskiego, and Prof. Miroslawa Kutylowskiego
  8. a b A. Juels, J. Guajardo: RSA Key Generation with Verifiable Randomness ( Memento of the original from March 15, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. , in: D. Naccache, P. Pallier (Eds.): Public Key Cryptography: 4th International Workshop on Practice and Theory in Public Key Cryptosystems , Springer, 2002. @1@ 2Template: Webachiv / IABot / www.rsa.com
  9. A. Juels, J. Guajardo: RSA Key Generation with Verifiable Randomness (Extended Version) ( Memento of the original from May 12, 2013 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF file; 239 kB) @1@ 2Template: Webachiv / IABot / www.rsa.com
  10. JCrypTool project website
  11. B. Esslinger: The dark side of cryptography - kleptography in black box implementations ( memento of the original from July 21, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. , <kes>, # 4/2010, page 6 ff. @1@ 2Template: Webachiv / IABot / www.kes.info