List Price: $45.00 Details

Save: $19.36 (43%)

FREE Returns

No Import Fees Deposit & $9.85 Shipping to Canada Details

Delivery Sunday, January 14. Order within 18 hrs 3 mins

Deliver to Canada

Only 1 left in stock - order soon.

$$25.64 () Includes selected options. Includes initial monthly payment and selected options. Details

Ships from

Amazon

Ships from

Amazon

Sold by

RaisingRose

Sold by

RaisingRose

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Details

Add a gift receipt for easy returns

$11.51 delivery January 29 - February 20. Details

Deliver to Canada

Used: Very Good | Details

Sold by ThriftBooks-Baltimore

Access codes and supplements are not guaranteed with used items.

Other Sellers on Amazon

Added

Not added

$25.64
+ $9.85 shipping

Sold by: Amazon.com

Follow the author

Adam Young

Follow

Malicious Cryptography: Exposing Cryptovirology 1st Edition

by Adam Young (Author), Moti Yung (Author)

4.2 11 ratings

See all formats and editions

{"desktop_buybox_group_1":[{"displayPrice":"$25.64","priceAmount":25.64,"currencySymbol":"$","integerValue":"25","decimalSeparator":".","fractionalValue":"64","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"05xm7qFOcznqhsf8MoXmT%2FrHMD7aBIrlYW6%2BCaQmYMt85F8mHfoKUM5QyaCGRq3yJ5u56Y2IimtY0sVXJ7s%2Bh4e%2FCux1XMALcGuDC9yysM4%2FBIKIVqx3Uy6Fj0sQWWfcMrwnMgr5wrOxzRBG3LBS%2Bv9ytMqrv8WexFuIboDwvdGMv4NoEUkHJI1dM50y5zk8","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$6.58","priceAmount":6.58,"currencySymbol":"$","integerValue":"6","decimalSeparator":".","fractionalValue":"58","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"05xm7qFOcznqhsf8MoXmT%2FrHMD7aBIrlnia5aHaqjYtqrxc4%2BN4SniuqXBVk2Y%2BrZ1FgjmEUX7amCEQTRS6uX28DvZjhyaeeOOSX6wAzxImS60fDLvOEXE3AhJtS7IAULkUhY2Xg71VFFab9b5y4tB4QCNXbZsqXbe0QyspSZ%2BlcKFPV3xeLPuZiYd5OtnDV","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Hackers have uncovered the dark side of cryptography―that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker―as much an addict as the vacant-eyed denizen of the crackhouse―so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

Understand the mechanics of computationally secure information stealing
Learn how non-zero sum Game Theory is used to develop survivable malware
Discover how hackers use public key cryptography to mount extortion attacks
Recognize and combat the danger of kleptographic attacks on smart-card devices
Build a strong arsenal against a cryptovirology attack

ISBN-10

0764549758
ISBN-13

978-0764549755
Edition

1st
Publisher

Wiley
Publication date

February 27, 2004
Language

English
Dimensions

7.44 x 0.92 x 9.24 inches
Print length

416 pages
See all details

Neal Ford
449
Paperback
$43.99
$10.24 shipping

Editorial Reviews

Review

“The authors of this book explain these issues and how to fight against them.” (Computer Law & Security Report, 1st September 2004)

From the Inside Flap

"Tomorrow’s hackers may ransack the cryptographer’s toolkit for their own nefarious needs. From this chilling perspective, the authors make a solid scientific contribution, and tell a good story too."
–Matthew Franklin, PhD Program Chair, Crypto 2004

WHAT IF HACKERS CONTROL THE WEAPONS USED TO FIGHT THEM?

Hackers have unleashed the dark side of cryptography–that device developed to defeat Trojan horses, viruses, password theft, and other cybercrime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker–as much an addict as the vacant-eyed denizen of the crackhouse–so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

Cryptovirology seems like a futuristic fantasy, but be assured, the threat is ominous ly real. If you want to protect your data, your identity, and yourself, vigilance is essential–now.

Understand the mechanics of computationally secure information stealing
Learn how non-zero sum Game Theory is used to develop survivable malware
Discover how hackers use public key cryptography to mount extortion attacks
Recognize and combat the danger of kleptographic attacks on smart-card devices
Build a strong arsenal against a cryptovirology attack

From the Back Cover

"Tomorrow’s hackers may ransack the cryptographer’s toolkit for their own nefarious needs. From this chilling perspective, the authors make a solid scientific contribution, and tell a good story too."
–Matthew Franklin, PhD Program Chair, Crypto 2004

WHAT IF HACKERS CONTROL THE WEAPONS USED TO FIGHT THEM?

Hackers have unleashed the dark side of cryptography–that device developed to defeat Trojan horses, viruses, password theft, and other cybercrime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker–as much an addict as the vacant-eyed denizen of the crackhouse–so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

Cryptovirology seems like a futuristic fantasy, but be assured, the threat is ominous ly real. If you want to protect your data, your identity, and yourself, vigilance is essential–now.

Understand the mechanics of computationally secure information stealing
Learn how non-zero sum Game Theory is used to develop survivable malware
Discover how hackers use public key cryptography to mount extortion attacks
Recognize and combat the danger of kleptographic attacks on smart-card devices
Build a strong arsenal against a cryptovirology attack

About the Author

Dr. Adam Young (Herndon, VA) is a research scientist at Cigital, Inc. a software security company. He is involved in research for the Department of Defense and is a well-known cryptography consultant holding six US patents and two international patents of novel methods for security implementation.

Dr. Moti Yung (New York, NY) is Senior Researcher at Columbia University and a well-known cryptography consultant. Previously the VP/Chief Scientist at CertCo, Inc. Moti is on the Steering Committee for the Cryptographer’s Track for RSA 2004. He is the holder of numerous technology US patents, won the IBM Outstanding Innovation Award, and co-discovered, with Adam, numerous cryptovirology attacks.

Product details

Publisher ‏ : ‎ Wiley; 1st edition (February 27, 2004)
Language ‏ : ‎ English
Paperback ‏ : ‎ 416 pages
ISBN-10 ‏ : ‎ 0764549758
ISBN-13 ‏ : ‎ 978-0764549755
Item Weight ‏ : ‎ 1.33 pounds
Dimensions ‏ : ‎ 7.44 x 0.92 x 9.24 inches

Best Sellers Rank: #2,432,970 in Books (See Top 100 in Books)
- #1,636 in Computer Hacking
- #1,690 in Privacy & Online Safety
- #4,533 in Internet & Telecommunications

Customer Reviews:
4.2 11 ratings

Important information

To report an issue with this product or seller, click here.

About the author

Follow authors to get new release updates, plus improved recommendations.

Adam Young

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs and more

Customer reviews

4.2 out of 5

11 global ratings

2 star

0%

1 star

0%

How customer reviews and ratings work

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Excellent

Reviewed in the United States on May 30, 2004

Verified Purchase

Bypassing computer security systems has sometimes been called an art rather than a science by those who typically do not interact with computing machines at a level that would allow them to appreciate the science behind security attacks. This book does not address the strategies of how to bypass security systems, but instead concentrates on how to use cryptographic methods to corrupt the machines once access has been acquired. Clearly the authors are very excited about the developments in cryptovirology, a relatively young field, that have taken place in the last five years. Their goal though is not to train hackers to break into systems, but rather to coach the reader on how to find vulnerabilities in these systems and then repair them. The subject of cryptovirology is fascinating, especially in the mathematics that is uses, and a thorough knowledge of its power will be required for meeting the challenges of twenty-first century network computing.
After a "motivational chapter" that it meant to shed insight on what it is like to be a hacker, this being done through a collection of short stories, the authors move on to giving a general overview of the field of cryptovirology in chapter 2. The reader gets his first dose of zero-knowledge interactive proofs (ZKIPs), which allow a prover to convince a verifier of a fact without revealing to it why the fact is true. The authors point out that viruses are vulnerable once found, since their rudimentary programming can be then studied and understood. This motivates the introduction of public key cryptography into the payload of the virus, and it is at this point that the field of cryptovirology is born.
Chapter 3 is more of a review of modular arithmetic, entropy generators, and pseudorandom number generators and can be skipped for those readers familiar with these. The authors emphasize the need for effective random number generators and in using multiple sources for entropy generation. They also introduce the very interesting concept of a `mix network', which allows two mutually distrusting parties to communicate securely and anonymously over a network. `Onion routing' is discussed as a method for implementing asynchronous mix networks. Mix networks can be used to hide the propagation history of a worm or virus.
In chapter 4, the authors discuss how to implement anonymous communication and how to launch a cryptotrojan attack that utilizes an anonymous communication channel. There are many applications of anonymous communication, one being E-money, and also, unfortunately, money laundering. The authors describe in fair detail how to conduct criminal operations with mix networks and anonymous money. This same technology though allows freedom of speech in geographical areas that are not sympathetic to it. Electronic voting, so controversial at the present time, is discussed as an activity that is very susceptible to the threat of stegotrojans or government violation of anonymity. Techniques for doing deniable password snatching using cryptovirology, and for countering it using zero-knowledge proofs, are also discussed.
Chapter 5 introduces techniques for preventing the reading of counters when a virus is propagating from one machine to another. Known as `cryptocounters', the authors discuss various techniques for constructing them, such as the ElGamal and Paillier public key cryptosystems.
Private information retrieval (PIR), which allows the secure and private theft of information, is discussed in chapter 6, wherein the authors present a few schemes for performing PIR. These schemes, unfortunately, allow the theft of information without revealing anything about the information sought and without revealing anything about what is taken. The authors also introduce a concept that they call `questionable encryptions', which are algorithms to produce valid encryptions or fake encryptions depending on the inputs. Related to question encryption, and also discussed in this chapter, are `deniable encryptions', which allow the sender to produce fake random choices that result in the true plaintext to be kept secret. Also discussed is the topic of `cryptographic computing', which allows computations with encrypted data without first having to decrypt it. The modular arithmetic used in this chapter is fascinating and well worth the read.
Chapter 7 is by far the most interesting of the entire book, and also the most disconcerting if its strategies are ever realized. The goal of the chapter is to find out to what extent a virus can be constructed whose removal will damage the host machine. This, in the author's opinion, would be a genuine `digital disease', and they discuss various scenarios for bringing it about, which are at present not realized, but could be in the near future. The approach discussed involves game theory, and the authors show how the payload of a virus can survive even after discovery of the virus. They give a very detailed algorithm on how to attack a brokerage firm, including the assumptions that must be satisfied by such an attack. The attack is mounted by deploying a distributed cryptovirus that tries to find three suitable host machines, and the attack consists of three phases, the first involving replication leading to the infection of the three machines, the second involving preparation for the attack, and third involving playing the two-player game. The host machines, to be acceptable for launching the attack, must either be "brokerage" machines, which have sensitive information available to the virus, or "reclusive" machines, which are machines that are not subjected to much scrutiny. The goal of the virus, according to the authors, is to give the malware purchasing power, and not direct monetary gain. The virus may then evolve over time to become a portfolio manager, and may even act as a surrogate for purchasing shares on behalf of the firm or client. Other possibilities for the virus are discussed, and the authors overview the security of the attack and its utility.
I did not read the rest of the chapters in the book, so I will omit their review.

23 people found this helpful

Helpful

John A. Faulkner

Virus writing for academic cryptographers

Reviewed in the United States on April 1, 2004

This book presents an initial, interesting idea - could a computer virus be written that attacks a computer by encrypting the user's data? This could be a tool for extortion or a unique Denial of Service attack. Now this is not a new idea (eg: the KOH virus) but there is a new twist - the data is encoded with an asymmetric cipher, thus rendering it unrecoverable except to the virus writer. The authors state that such a virus has indeed been trialled in a proof-of-concept form, on a Macintosh SE30 (a nice machine to develop on, from memory) in System 6, so there's no "whoops, where's it gone?" problem. There is some detailed high level discussion of techniques and pitfalls. The authors then go on to describe how contemporary cryptographic technology may be adapted to the theft of information such as secure data and passwords. This is all done at the level of mathematical relationships - there is no viral code.

Two new words are added to the language - cryptovirology (the study of computer viruses with a cryptographic payload, usually malicious) and kleptography (the application of cryptography to data theft).

Here are a few chapter or section headings to give a taste of the themes running through this work: Through Hackers's Eyes; Cryptovirology; Deniable Password Snatching; Using Viruses to Steal Information; Computationally Secure Information Stealing; The Nature of Trojan Horses; Subliminal Channels.

The book starts with an accessible piece of fiction, but quickly progresses to the opaque style common to much academic writing in this field. The reader is well advised to brush up on matrix algebra, Jacobians and Abelian and non-Abelian groups and to have a working knowledge of computer viruses (however obtained). There are appendices intended to provide brief tutorials on computer viruses and public key cryptography. But both these very different specialised fields require far more study than any précis can provide.

While the writing is often hard going there is an enjoyable first chapter describing three incidents in the life of a virus writer (a student at a US university) as he writes and releases a virus. It provides a vicarious experience of the motivation for such activity - the mental challenge, the adrenalin rush and the exercise of secret power.

The writing, as referred to above, is uneven and there seems to be some confusion as to who the audience is for this work. Some seems to have come from one of the authors' doctoral thesis - you have been warned! It's an academic work, so academic cryptographers would be the principal readers. But since it's offered for sale to the public, one wonders who else would read it? We can rule out some groups. If you refer to yourself as "133t", then you can count yourself out, as can those wannabees who capture virus code, do a partial rewrite, add their handle, then release their "new" version. There is no rip-off virus code here. Even whoever wrote Nimda or Code Red or NetSky will find this heavy going, competent thought they are in the mysteries of mobile code and system calls. Certainly anti-virus software coders will find this of little use. If I can let my imagination run free, perhaps also the legendary Hidden Masters of cyberspace, those hackers beyond "elite" in their esoteric knowledge, who work alone, do not meet other hackers except deep behind some firewall and who are never suspected, let alone arrested, perhaps they will be inspired to even greater feats of data theft. But then we'd never know, would we?

13 people found this helpful

Helpful

Matt Dobler

Entertaining, but gets dense quickly.

Reviewed in the United States on March 10, 2014

Verified Purchase

The first chapter starts out like a bad cyberpunk novel, with random definitions sprinkled in for fun. The math assumes you already know a decent chunk of cryptography, statistics, and formal maths, but it tends to lose the formality at the drop of a hat.

I wouldn't recommend this as your first cryptography book, unless you'e spent a good amount of time learning the basics on wikipedia.

One person found this helpful

Helpful

Fred C

I find it hard to put down!

Reviewed in the United States on February 20, 2013

Verified Purchase

I have learned and continue learning from this book! I can't wait to read this book over again. I'm sure I missed something and will try to find it! Thanks guys!

Helpful

Aaron Bahn

A great technical book for advanced users

Reviewed in the United States on April 25, 2005

Although "Malicious Cryptography" is most certainly not for beginners, you will enjoy it if you have some background in security and anti-virus research.

Be warned, though: cyber-punk style of this book will probably resonate with some, and irk others.

3 people found this helpful

Helpful

Markus Jakobsson

Let's hope more good guys than bad guys read this book!

Reviewed in the United States on March 22, 2004

This book shows what type of viruses and other malware we may expect next, and which absolutely overshadow existing threats. Can you imagine a virus that encrypts your hard drive, then blackmails you for you to be able to decrypt it? How would such a virus work, and what can you do to protect yourself? The authors are clearly knowledgeable, both in terms of cryptography and malware, and the book is interesting and accessible. One can only hope that more good guys than bad guys read this book ... or we are all in trouble.

4 people found this helpful

Helpful

David Maynor

Not that bad...

Reviewed in the United States on March 1, 2004

The title baited me in. I was apprehensive because I didn't see much of a use in malware for crypto, or rather I didn't see how it could be productive. I was surprised to find it was rather useful and has added a trick or two to my malware analysis toolkit. You need to have a pretty heavy crypto understanding to make use of it though.

5 people found this helpful

Helpful

Price		$25.64
AmazonGlobal Shipping		$9.85
Estimated Import Fees Deposit		$0.00

Total		$35.49

Unsupported image file format.

Image file size is too large.