Reference : NoCry: No More Secure Encryption Keys for Cryptographic Ransomware
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/40578
NoCry: No More Secure Encryption Keys for Cryptographic Ransomware
English
Genç, Ziya Alper mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lenzini, Gabriele [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Ryan, Peter [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2019
Proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication
Springer
69-85
Yes
No
International
978-3-030-39748-7
Cham
Switzerland
Second International Workshop on Emerging Technologies for Authorization and Authentication (ETAA 2019)
27 September 2019
University of Luxembourg
Luxembourg City
Luxembourg
[en] Ransomware ; Malware ; Cryptovirus ; CSPRNG
[en] Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/40578
10.1007/978-3-030-39749-4_5
https://link.springer.com/chapter/10.1007/978-3-030-39749-4_5
FnR ; FNR13234766 > Gabriele Lenzini > NoCry PoC > No More Cryptographic Ransomware, Proof of Concept > 01/11/2018 > 31/10/2020 > 2018

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
etaa2019GLR.pdfPublisher postprint390.5 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.