lecture31 - Security 2 - Ransomware_ Public Key_ Meltdown

Overview of Security Topics Covered

Ransomware Case Studies

ACE Trojan

• First known example of ransomware, created for the 1989 World Health Organization ACE conference.

• Initially appeared as legitimate software teaching about disease.

• After rebooting the system multiple times, it would display a ransom demand.

• Used symmetric key cryptography to encrypt file names, rendering files unusable.

• Approximately 20,000 copies distributed, causing panic among users.

• Ransom options included:

  • $189 for a one-year unlock.

  • $360.70 for a lifetime unlock.

• Files were not harmed; only names were encrypted; decryption key was included in the malware but hard to retrieve.

Evolution of Ransomware

• Modern examples include CryptoLocker (2013-2014) with $3 billion generated in ransom.

• Utilized public key cryptography:

  • Public key acts as a padlock that anyone can use to lock files.

  • Only the attacker holds the private key to unlock files.

Public Key Cryptography Explained

• Public key generated by the receiver; private key kept secret.

• Encryption and decryption process explained with examples:

  • Sender uses public key for encryption.

  • Receiver uses private key to decrypt.

• RSA Algorithm:

  • Two prime numbers (P and Q) selected.

  • Calculate n = P * Q, and phi(n) = (P-1)(Q-1).

  • Select integer e that is coprime with phi(n).

  • Calculate corresponding d such that (d * e) mod phi(n) = 1.

  • Public key is (e, n) and private key is (d, n).

Encryption and Decryption Example

• Example: Encrypting the message "hi" represented as 89.

• Process involves using the public key for encryption and the private key for decryption.

• Condition: Message length must be less than n.

Advanced Security Topics

Meltdown Attack

Understanding Meltdown

• Takes advantage of modern processors and operating systems' efforts to improve performance.

• Cache memory and speculative execution are central concepts.

  • Cache memory improves access time by storing frequently accessed data.

  • Speculative execution predicts and processes the next line of code before it’s needed.

Meltdown Mechanics

• Meltdown exploits memory access permissions, allowing user programs to read kernel memory.

• Code example provided that fails to access kernel data but uses timing to infer data.

• Access time combined with speculative execution allows attacker to cache secret information.

Mitigation Strategy: Kernel Page Table Isolation (KPTI)

• Introduces separate page tables for kernel and user processes.

• Prevents unauthorized access to kernel space by user processes, but introduces a performance trade-off (5-15% reduction in throughput).

Conclusion

• The complexity of security issues requiring a trade-off between efficiency and security.

• No further lectures planned; office hours available for questions about assignments or exams.