Jump to content

Kleptography

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Ramdac (talk | contribs) at 01:49, 15 December 2010 (grammar). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Kleptography is the study of stealing information securely and subliminally. Kleptography is a natural extension of the theory of subliminal channels.[1]

Kleptography was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology—Crypto '96. A kleptographic attack is a forward-engineering attack that is built into a cryptosystem or cryptographic protocol. The attack constitutes an asymmetric backdoor that is built into a smartcard, dynamically linked library, computer program, etc. The attacker who plants the backdoor has the exclusive ability to use the backdoor. In other words, even if the full specification of the backdoor is published, only the attacker can use it. Furthermore, the outputs of the infected cryptosystem are computationally indistinguishable from the outputs of the corresponding uninfected cryptosystem. So, in black-box implementations (e.g., smartcards) the attack may go entirely unnoticed. The asymmetry ensures that a well-funded reverse-engineer can at most detect the asymmetric backdoor but not use it.

In contrast, a traditional, more common backdoor is called a symmetric backdoor. Anyone who finds the symmetric backdoor can in turn use it.

Kleptographic attacks have been designed for RSA key generation, the Diffie-Hellman key exchange, the Digital Signature Algorithm, and other cryptographic algorithms and protocols.[citation needed] The attacker is able to compromise said cryptographic algorithms and protocols by inspecting the information (if available) that the backdoor information is encoded in (e.g., the public key, the digital signature, the key exchange messages, etc.) and then exploiting the logic of the asymmetric backdoor using his or her secret key (usually a private key).

Kleptography is a subfield of Cryptovirology since an asymmetric backdoor is a form of cryptotrojan. Related fields include Cryptology and Steganography. Kleptography extends the theory of subliminal channels that was pioneered by Gus Simmons [Si84,Si85,Si93].

SSL, SSH and IPSec protocols are vulnerable to keltpographic attacks.[2]

Footnotes

  1. ^ Cryptovirology FAQ
  2. ^ http://kleptografia.im.pwr.wroc.pl/ - SSL attack by Filipa Zagórskiego, and prof. Mirosława Kutyłowskiego

References

[Si84] G. J. Simmons, "The Prisoners' Problem and the Subliminal Channel," In Proceedings of Crypto '83, D. Chaum (Ed.), pages 51–67, Plenum Press, 1984.

[Si85] G. J. Simmons, "The Subliminal Channel and Digital Signatures," In Proceedings of Eurocrypt '84, T. Beth, N. Cot, I. Ingemarsson (Eds.), pages 364-378, Springer-Verlag, 1985.

[Si93] G. J. Simmons, "Subliminal Communication is Easy Using the DSA," In proceedings of Eurocrypt '93, T. Helleseth (Ed.), pages 218-232, Springer-Verlag, 1993.

[YY96] A. Young, M. Yung, "The Dark Side of Black-Box Cryptography, or: Should we trust Capstone?" In proceedings of Crypto '96, Neal Koblitz (Ed.), Springer-Verlag, pages 89–103, 1996.