Trojan Horses In Cryptographic Protocols Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

A Trojan or Trojan horse is generally defined as a non-self-reflecting subset of malware that appears to perform a set of desirable functions but instead facilitates unauthorized access to the user's information system. Trojans normally does not attempt to insert or rather inject them into other files like that of a computer virus. Trojans have the potential to steal information, or cause harm to their host's computer systems.

When Trojan horse attacking strategy on quantum cryptography is investigated, three aspects are involved. First, the mechanism for the Trojan horse attacking strategy on quantum cryptography as well as classic cryptography is studied. Then the fragility of the quantum cryptographic algorithm employing EPR pairs as key against the Trojan horse attacking strategy is analysed. To prevent the Trojan horse attacking strategy, an improvement scheme which makes use of non-orthogonal entangled states is proposed, results show the improvement scheme is robust to the Trojan horse attacking strategy without reducing the security on other kinds of attacking strategies.

Modern cryptographic techniques, based on the availability of ever increasing computational power, and the invention of public key cryptography, provide practical solutions for information security in various situations. But invariably these techniques are only computationally-and not unconditionally secure, that is, they depend on the unproven hardness of certain mathematical problems. As a result, it cannot be guaranteed that future advances in computational power will not nullify their cryptographic protection. However, while quantum computation can seem to be an enormous challenge to classical cryptography in a possibly not so near future, it also seems to offer new possibilities to build encryption methods that are safeguarded even against attacks performed by means of a quantum computer at the same time. The development of quantum cryptography is mainly devoted to practical and appropriate use of quantum key distribution (QKD) protocols, which has been recently been a large topic of research in the field of communication security. In this paper we discuss the principles of quantum cryptography and review some well-known quantum key distribution protocols.

In private communication and data security attackers (e.g., adversary and/or ragger) will try to break the employed confidential system for their benefits. To prevent effectively the attacks from obtaining the legitimate information, cryptography has arisen and is employed to prevent the attacks. Cryptography is a subject which is employed for rendering the message secret and creating a cipher by making use of algorithms and protocols so that the attackers cannot easily acquire the private information. It plays a very important role in the modern information protection. However, as virtue rises one foot, vice rises ten feet. To break the algorithms and protocols provided in the cryptography, a concomitant subject called cryptanalysis has also arisen.

Let us firstly investigate the mechanism for the THAS on cryptography in this section.

In essential, all attacking approaches proposed in cryptanalysis (including classic cryptanalysis and quantum cryptanalysis) can be categorized mainly as three kinds of attacking strategies, i.e., the strategy based on fundamentals drawbacks (SFD), the strategy based on obtained information (SOI), and the strategy based on assistant systems (SAS). In the SFD the attacker makes use of fundamentals drawbacks to break the cipher and obtain useful information. While in the SOI the attacker makes use of the leaked information of the cryptosystem, the cipher text, and/or the obtained parts of plaintext to break the cryptosystem.

There are mainly two kinds of Trojan horses, i.e., the pre-lurked Trojan horse and the online Trojan horse. The pre-lurked Trojan horse is a `robot horse' which is reinserted in the legitimate user's system, e.g., programs, apparatuses or even offices. At an appropriate condition the lurked Trojan horse is activated automatically by the legitimate system, and then it feeds back the available information to the attackers, even destroying the users' system. The online Trojan horse is actually a probing signal which may enter the legitimate system without awareness and then back-reflect to the attacker. Both kinds of Trojan horses may be classic as well as quantum. In addition, the Trojan horse may also be a combination of the `quantum horse' and `classic horse'. If a Trojan horse can be inserted successfully in the users' system, the attacker can break the employed cryptosystem and obtain available information by means of the feedback information of the `robot horse'. This attacking strategy is called THAS. Corresponding to the kinds of the Trojan horses there are two kinds of THAS's, i.e., the strategy relying on a pre-lurked Trojan horse and the strategy depending on the probing signal.

Recently, two interesting quantum vernal algorithms based on EPR pairs have been proposed. These algorithms employ EPR pair(s) as the symmetrical keys of the algorithm. The message is encrypted with a key which consisted of two EPR pairs. A common feature of the above quantum vernal algorithms is that EPR pairs are applied as a sharing key between the two legitimate users called Alice and Bob. These algorithms are provably secure for the SFD and the SOI. However, they cannot circumvent the THAS. In the following we investigate the fragility of these algorithms against the THAS which employs perjured Trojan horse (in this section and the following section we suppose the Trojan horse is a tiny device pre-inserted in Alice's or Bob's apparatus). Quantum Cryptography offers a very secure technique of sharing random numbers sequence which can be used as cryptographic keys.

Many of the weaknesses of classical cryptographic methods can be potentially eliminated by the help of cryptographic keys.

Trojan horse attacking strategy (THAS) arose from the drawbacks of construction of the system (e.g., device, computer program, algorithm or protocol et al.). When a Trojan horse can be hidden without easy detection in a system, an attacker can make use of this kind of strategy to break the system and then obtain useful information. Unfortunately, this strategy is not only available in classic cryptography but also in the recently proposed quantum cryptography. The security of many cryptographic systems is generally dependant on the generation of unpredictable quantities [56, 78, 60, 31]. These quantities are commonly referred to as random numbers, and are critical in every aspect of cryptography: cryptographers design algorithms such as DSA and ElGamal encryption, protocols such as SSL and SET, and padding schemes such as OAEP and PSS, with the assumption that random numbers are available. Specifically, random numbers are used in cryptography in the following applications:

1. Session and message keys for symmetric ciphers, such as the AES or 3DES to protect an SSL communication;

2. Random values for routines that generate mathematical values such as large primes for ElGamal- or RSA-based algorithms;

3. Random values for specific instances of many digital signature schemes or encryption methods such as ElGamal holomorphic encryption, the Probabilistic Signature Scheme (PSS), or the Optimal Asymmetric Encryption Padding (OAEP);

4. Initialization vectors for block cipher chaining modes;

5. Random challenges in challenge-response protocols;

6. Nonce for protocols, to ensure that different runs of the same protocol are unique, e.g., for an SSL-connection.

The amount of spam sent by any authorized MTA should also be maintained, for example, MTA A, these type of maintenance are not compulsory but help to increase the security. The main mechanisms available to the domain are to use content filtering to identify and discard outgoing spam to apply rational quotas on total number of email sent by each user and to recognize and block spamming users, and to. The two last measures require identification of the email sender; this is usually trivial for a user inside the domain, and somewhat a little more complex for a user outside the domain. This can be done in a number of ways, e.g. from using SMTP AUTH extension, which simply sends a vibrant password, through cryptographic authentication mechanisms such as running a connection of Simple Mail Transfer Protocol connection over a Secure Socket Layer protocol.

Despite of the very impressive improvements and achievement that have been made over the last decades or last couple of years, there is still a very long way to go former quantum cryptography will be used by big mass of people or we can say it will used world-wide. The difference by which we can say that quantum cryptography is a somewhat practical solution this difference must be increased to at least that of currently used security systems. Quantum protocols must be incorporated into the current network technologies, so that a more translucent or rather transparent use can be made of the technology, and by a wider group of users. However well the intrusion techniques may somewhat seem to work, unfortunately we do not currently possess a greater enough understanding of intrusion and detection techniques to confidently say that the protocols are not crack able. In order to be totally secure though, more extensive interference detection algorithms will be needed.

Admittedly, cryptography is not considered as very practical right now, it is still in the need of study for several reasons. Unlike public-key cryptosystems, it provides forward and provable security which will not be compromised with increase in computational speed, or even if P = NP. Currently it can work only over not long distances, but there are many situations where even short distance transmission is useful. The concept of privacy extension by public discussion can be extended to any grave situation where Eve has partial knowledge of a string shared by Alice and Bob. In general, the differences between quantum cryptography and other cryptographic techniques are enough to motivate researchers to explore new ideas and techniques for wide spread use of quantum cryptosystem.