Cryptography as an attack technology: Proving the RSA/factoring kleptographic attack

Abstract

Since 1996 we have dedicated research effort on discovering new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. To the best of our knowledge, this was the first attempt to employ cryptographic methodologies not for defense (e.g., to hide messages, protect their integrity, or even to generate polymorphic malware for hiding it, etc.), but for attack. Our focus was on using cryptography specifically as an attack technology (e.g., we introduced secure data kidnapping attacks now referred to as ransomware). At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself (replacing existing cryptographic logic)? This led us to realize that in certain scenarios of black-box cryptography there are attacks that employ cryptography itself against cryptographic systems. Examples of black-box cryptography include when the code is inaccessible to scrutiny, say, due to software obfuscation, due to tamper-resistant housing, or when no one cares enough to scrutinize the code as has happened to many open source programs. The attack involves replacing the algorithm in a way that black-box access to the program does not reveal the attack. We showed that when the attack utilizes cryptography such that the trapdoor is in the hands of the attacker but not in the program itself then the attack possesses unique asymmetric properties. For example, it grants the attacker exclusive access to private information where the exclusive access privilege holds even when the Trojan is reverseengineered. This asymmetric Trojan is much stronger than the more naive symmetric Trojan where the reverse-engineer recovers the power of the attacker from the code. We called the art of designing this set of attacks “kleptography.” In more recent years, there have been allegations that kleptographic attacks have been mounted for real against the American public. Here, we present a demonstration of the power of kleptography by illustrating a carefully designed attack against the RSA key generation algorithm and we prove the security of the attack.