The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Malicious Cryptography: Exposing Cryptovirology'

Cover of Malicious Cryptography: Exposing Cryptovirology
TitleMalicious Cryptography: Exposing Cryptovirology
Author(s)Adam Young, Moti Yung
ISBN0764549758
LanguageEnglish
PublishedFebruary 2004
PublisherWiley
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Privacy
Amazon.com info for Malicious Cryptography: Exposing Cryptovirology

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Malicious Cryptography: Exposing Cryptovirology':

Reviewer Rob Slade wrote:
Both the foreword and the introduction are turgid, and bloated with excessive verbiage, while never giving a clear indication of what the book is actually about. Does it have to do with viruses at all? Is it about the use of cryptography in any kind of criminal or unethical endeavour? The initial material does not make this clear. Occasionally the text becomes so flowery that sentences have no meaning at all. The lack of clarity is not assisted by the creation of new and idiosyncratic terms, or the use of existing jargon in non-standard ways. In chapter one, a fictional and glacially slow trip through the mind of a virus writer, we are told that self-checking modules that some programs use to detect modification in their own code are "beneficial Trojans" or "battleprogs." The term multipartite is defined in such a way that merely copying the program into RAM (Random Access Memory) qualifies: that would make every virus ever written, and every program, for that matter, multipartite. "Kleptogram" is used throughout the book, but only defined (and not very clearly) in the last chapter. Releasing any virus is seen as having something to do with "information warfare," which would agree with many sensationalistic journalists who have written on the subject, but would probably surprise legitimate experts such as Dorothy Denning. "Virology" itself (and the more specialized "cryptovirology") is an excellent term for computer virus research--it just isn't used very widely. There is a glossary: it defines commonly known terms and does not define the specialized jargon that the authors have used. The confusion is not limited to terminology. There is no technical sense to the statement (on page twenty five) that a certain layer of the network stack is "high enough to facilitate rapid software development" (compilers don't care where their software ends up) but low enough to escape detection (files, processes, and network packets are all visible). A disk locking program, as described, would have no effect on the operations of a remote access trojan. And, of course, our fictional protagonist is constantly creating new versions of the mythical "undetectable" virus, without there being any indication of how this might be done. (The fictional aspects of the book are not limited to chapter one. Throughout the work, examples are taken from fiction: it certainly feels like more illustrations come from works like "Shockwave Rider" and "Alien" than from real life.) Chapter two starts to get a bit better. The authors introduce the idea of using asymmetric cryptography in order to create a virus (or other piece of malware) that, rather than merely destroying data, provides for a reversible denial of access to data, and therefore the possibility of extortion. The idea is academically interesting, but there might be a few practical details to be worked out. Chapter three seems to move further into the academic realm, with an interesting overview of issues in regard to the generation of random, or pseudorandom, numbers. There is also an initial exploration of anonymity, with an insufficient description of "mix networks" (onion routing being one example). A little more discussion of anonymity starts off chapter four, which then moves on to another use of asymmetric cryptography in malware: the "deniable" recovery of stolen information, via distribution over public channels. Cryptocounters, which could be used to store generational or other information about the spread of a virus, without such data being accessible to virus researchers, are discussed in chapter five. Chapter six looks at aspects of searching for, and retrieving, information without disclosing the fact that an exploration is occurring. However, much of the material appears to be some highly abstract solutions rather desperately in search of problems. Varying the extortion scenario, chapter seven proposes a viral network that could retaliate for disinfection of any node by threatening disclosure of sensitive information. While the analysis of the structure of the attack is sound, the assumption of payoffs, coercion, and undetectability leave something to be desired. Chapter eight examines the standard antiviral processes (signature scanning, activity monitoring, and change detection) with some miscellaneous explorations, although the discussion is prejudiced by the assumption that we are dealing with traditional (and no longer widely used) file infectors. Trojan horse programs are not terribly well defined in chapter nine. (I was amused at the disclaimer given when the issue of "salami" scams was raised: I have found reliable evidence for only one, extremely minor, instance of the device.) Subliminal channels are means of passing information via cryptographic keys, but chapter ten is not very clear in regard to their use. SETUPs (Secretly Embedded Trapdoor with Universal Protection) are discussed in chapter eleven, although the authors appear to admit that this is only an academic exercise: there are easier attacks. Another form is discussed in chapter twelve. Does this book fulfill its function? That rather depends on what the intent of the work was, which is far from clear. Was the text intended to be a reference for some interesting topics in cryptography? The verbiage and lack of structure would be a difficulty for those seeking to use it so. Is the publication directed at the general public? The audience of those who read number theoretical manuscripts for fun might be a bit limited. (I've got to say that "Algebraic Aspects of Cryptography" [cf. BKALASCR.RVW] was an easier read, and it makes no pretence of being other than an scholastic paper.) Is the volume supposed to be a serious warning against new forms of malware? The inclusion of a great deal of extraneous content and the lack of clear explanations or examples of some basic concepts limit the value of the work in this regard. In addition, much of the material concentrates on building more malign malware, rather than dealing with defence against it. (I'm not too worried about vxers getting ideas from Young and Yung: implementing crypto properly is a painstaking task, and from almost twenty years experience of studying blackhat products and authors, I'm fairly sure there'd be lots of bugs in what might be released. On the other hand, somebody in a government office might be working on Magic Lantern version 3.01 ...) For those seriously involved in the study of viruses and malware this book has some interesting points that should be examined, but little of practical use. For ardent students of cryptography, the work notes some interesting areas of work. For those seeking examples of writing styles to emulate, please look elsewhere. copyright Robert M. Slade, 2004
Add my review for Malicious Cryptography: Exposing Cryptovirology

Book description:

Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back. They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack. This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now. Understand the mechanics of computationally secure information stealing Learn how non-zero sum Game Theory is used to develop survivable malware Discover how hackers use public key cryptography to mount extortion attacks Recognize and combat the danger of kleptographic attacks on smart-card devices Build a strong arsenal against a cryptovirology attack

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement