Cryptoviral extortion using Microsoft's Crypto API.

Saved in:
Bibliographic Details
Title: Cryptoviral extortion using Microsoft's Crypto API.
Authors: Young, Adam adamy@acm.org
Source: International Journal of Information Security. 2006, Vol. 5 Issue 2, p67-76. 10p. 1 Diagram, 1 Chart.
Subjects: Computer security, Microsoft Windows device drivers (Computer programs), Data protection, Data encryption, Computer viruses, Computer network security
Abstract: This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. [ABSTRACT FROM AUTHOR]
Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 20559454
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Cryptoviral extortion using Microsoft's Crypto API.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Young%2C+Adam%22">Young, Adam</searchLink><i> adamy@acm.org</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22International+Journal+of+Information+Security%22">International Journal of Information Security</searchLink>. 2006, Vol. 5 Issue 2, p67-76. 10p. 1 Diagram, 1 Chart.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+security%22">Computer security</searchLink><br /><searchLink fieldCode="DE" term="%22Microsoft+Windows+device+drivers+%28Computer+programs%29%22">Microsoft Windows device drivers (Computer programs)</searchLink><br /><searchLink fieldCode="DE" term="%22Data+protection%22">Data protection</searchLink><br /><searchLink fieldCode="DE" term="%22Data+encryption%22">Data encryption</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+viruses%22">Computer viruses</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+network+security%22">Computer network security</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=20559454
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s10207-006-0082-7
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 10
        StartPage: 67
    Subjects:
      – SubjectFull: Computer security
        Type: general
      – SubjectFull: Microsoft Windows device drivers (Computer programs)
        Type: general
      – SubjectFull: Data protection
        Type: general
      – SubjectFull: Data encryption
        Type: general
      – SubjectFull: Computer viruses
        Type: general
      – SubjectFull: Computer network security
        Type: general
    Titles:
      – TitleFull: Cryptoviral extortion using Microsoft's Crypto API.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Young, Adam
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 03
              Text: 2006
              Type: published
              Y: 2006
          Identifiers:
            – Type: issn-print
              Value: 16155262
          Numbering:
            – Type: volume
              Value: 5
            – Type: issue
              Value: 2
          Titles:
            – TitleFull: International Journal of Information Security
              Type: main
ResultId 1