NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

Genç, Ziya Alper; Lenzini, Gabriele; Ryan, Peter

doi:10.1007/978-3-030-39749-4_5

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

Genç, Ziya Alper; Lenzini, Gabriele; Ryan, Peter

2019 • In Proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication

Peer reviewed

Permalink
https://hdl.handle.net/10993/40578

DOI
10.1007/978-3-030-39749-4_5

Files Send to Details Statistics Bibliography Similar publications

Files

Full Text

etaa2019GLR.pdf

Publisher postprint (399.88 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink Twitter Linkedin

Details

Keywords :

Ransomware; Malware; Cryptovirus; CSPRNG

Abstract :

[en] Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)

Disciplines :

Computer science

Author, co-author :

Genç, Ziya Alper ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Lenzini, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Ryan, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

Publication date :

2019

Event name :

Second International Workshop on Emerging Technologies for Authorization and Authentication (ETAA 2019)

Event organizer :

University of Luxembourg

Event place :

Luxembourg City, Luxembourg

Event date :

27 September 2019

Audience :

International

Main work title :

Proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication

Publisher :

Springer, Cham, Switzerland

ISBN/EAN :

978-3-030-39748-7

Pages :

69-85

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://link.springer.com/chapter/10.1007/978-3-030-39749-4_5

FnR Project :

FNR13234766 - No More Cryptographic Ransomware, Proof Of Concept, 2018 (01/11/2018-31/01/2021) - Gabriele Lenzini

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 02 October 2019

Statistics

Number of views

226 (16 by Unilu)

Number of downloads

487 (16 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Avast: PC Trends Report 2019, April 2019. https://blog.avast.com/pc-trends-reports. Accessed 1 June 2019
Bajpai, P., Sood, A.K., Enbody, R.: A key-management-based taxonomy for ransomware. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–12, May 2018
Bui, T., Rao, S.P., Antikainen, M., Bojan, V.M., Aura, T.: Man-in-the-machine: exploiting ill-secured communication inside the computer. In: 27th USENIX Security Symposium, pp. 1511–1525. USENIX Association, Baltimore (2018)
Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd A Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)
Cormac, H.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 New Security Paradigm Workshop (NSPW), 8–11 September 2009, Oxford, United Kingdom, pp. 133–144. ACM (2009)
CyberEdge: 2018 Cyberthreat Defense Report, March 2018. https://cyber-edge. com/wp-content/uploads/2018/03/CyberEdge-2018-CDR.pdf. Accessed 3 June 2019
Gammons, B.: 4 surprising backup failure statistics that justify additional protection (2017). https://blog.barkly.com/backup-failure-statistics. Accessed 3 June 2019
Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234–255. Springer, Cham (2018). https://doi.org/10. 1007/978-3-319-93411-2 11
Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: Next generation cryptographic ransomware. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 385–401. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03638-6 24
Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: Security analysis of key acquiring strategies used by cryptographic ransomware. In: Proceedings of the Central European Cybersecurity Conference 2018, CECC 2018, pp. 7:1–7:6. ACM, New York (2018)
Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi. org/10.1007/978-3-319-66332-6 5
Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017
KnowBe4: KnowBe4 alert: new strain of sleeper ransomware, May 2015. https://www.knowbe4.com/press/knowbe4-alert-new-strain-of-sleeper-ransomware. Accessed 1 June 2019
Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)
Lee, K., Oh, I., Yim, K.: Ransomware-prevention technique using key backup. In: Jung, J.J., Kim, P. (eds.) BDTA 2016. LNICST, vol. 194, pp. 105–114. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-58967-1 12
Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 114–136. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5 6
Microsoft: Named Pipes, May 2018. https://docs.microsoft.com/en-us/windows/desktop/ipc/named-pipes. Accessed 3 June 2019
Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2 12
Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto API. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 11–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0 2
Roussev, V.: Data Fingerprinting with Similarity Digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2 15
Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016
Sebastián, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230–253. Springer, Cham (2016). https://doi. org/10.1007/978-3-319-45719-2 11
Young, M., Zisk, R.: Decrypting the negozi ransomware (2017). https://yrz.io/decrypting-the-negozi-ransomware. Accessed 1 June 2019