Skip to main content
SpringerLink
Log in

Managing Your Kleptographic Subscription Plan

  • Conference paper
  • First Online:
Codes, Cryptology and Information Security (C2SI 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11445))

Abstract

In the classical kleptographic business models, the manufacturer of a device D is paid either in advance or in installments by a malicious entity to backdoor D. Unfortunately, these models have an inherent high risk for the manufacturer. This translates in high costs for clients. To address this issue, we introduce a subscription based business model and tackle some of the technical difficulties that arise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    By definition a malicious entity.

  2. 2.

    In [8] is noted that complex open-source software (e.g. OpenSSL) is also vulnerable to these attacks.

  3. 3.

    As in the previous model, the transaction is illegal and thus, M can not take legal action against C.

  4. 4.

    M is exposed only for a limited period of time.

  5. 5.

    Cheating a client will only bring M a small amount of revenue.

  6. 6.

    By means of special triggers.

  7. 7.

    As in Definiton 6.

  8. 8.

    i.e. by trying each t-combination \(c_{try}\) of \(c_i\)s, until on input \(c_{try}\) the Extract algorithm outputs a message m such that Check\((m) = \mathtt{true}\).

  9. 9.

    Further used by the whole group to access messages.

References

  1. Bitcoin: Average Confirmation Time. https://www.blockchain.com/charts/avg-confirmation-time

  2. Frequently Asked Questions About Netflix Billing. https://help.netflix.com/en/node/41049?ui_action=kb-article-popular-categories

  3. How to Manage Your Prime Video Channel Subscriptions. https://www.amazon.com/gp/help/customer/display.html?nodeId=201975160

  4. How to Order HBO: Subscriptios & Pricing Options. https://www.hbo.com/ways-to-get

  5. Albertini, A., Aumasson, J.-P., Eichlseder, M., Mendel, F., Schläffer, M.: Malicious hashing: eve’s variant of SHA-1. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 1–19. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_1

    Chapter  Google Scholar 

  6. Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: ACM-CCS 2015, pp. 364–375. ACM (2015)

    Google Scholar 

  7. Bellare, M., Jaeger, J., Kane, D.: Mass-Surveillance without the state: strongly undetectable algorithm-substitution attacks. In: ACM-CCS 2015, pp. 1431–1440. ACM (2015)

    Google Scholar 

  8. Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1

    Chapter  Google Scholar 

  9. Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: WWW 2013, pp. 213–224. ACM (2013)

    Google Scholar 

  10. Degabriele, J.P., Farshim, P., Poettering, B.: A more cautious approach to security against mass surveillance. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 579–598. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_28

    Chapter  Google Scholar 

  11. Degabriele, J.P., Paterson, K.G., Schuldt, J.C.N., Woodage, J.: Backdoors in pseudorandom number generators: possibility and impossibility results. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 403–432. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_15

    Chapter  MATH  Google Scholar 

  12. Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 101–126. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_5

    Chapter  Google Scholar 

  13. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    Article  MathSciNet  Google Scholar 

  14. Fischlin, M., Janson, C., Mazaheri, S.: Backdoored Hash Functions: Immunizing HMAC and HKDF. IACR Cryptology ePrint Archive 2018/362 (2018)

    Google Scholar 

  15. Hanzlik, L., Kluczniak, K., Kutyłowski, M.: Controlled randomness – a defense against backdoors in cryptographic devices. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 215–232. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61273-7_11

    Chapter  MATH  Google Scholar 

  16. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, London (1996)

    Book  Google Scholar 

  17. Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock Puzzles and Timed-release Crypto. Technical report (1996)

    Google Scholar 

  18. Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34–64. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_2

    Chapter  Google Scholar 

  19. Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Generic semantic security against a kleptographic adversary. In: ACM-CCS 2017, pp. 907–922. ACM (2017)

    Google Scholar 

  20. Shoup, V.: Sequences of Games: A Tool for Taming Complexity in Security Proofs. IACR Cryptology ePrint Archive 2004/332 (2004)

    Google Scholar 

  21. Teşeleanu, G.: Unifying kleptographic attacks. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 73–87. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03638-6_5

    Chapter  Google Scholar 

  22. Young, A., Yung, M.: The dark side of “black-box” cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_8

    Chapter  Google Scholar 

  23. Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_6

    Chapter  Google Scholar 

  24. Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052241

    Chapter  Google Scholar 

  25. Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. John Wiley & Sons, Hoboken (2004)

    Google Scholar 

  26. Young, A., Yung, M.: Malicious cryptography: kleptographic aspects. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 7–18. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30574-3_2

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, “Al.I.Cuza” University of Iaşi, 700506, Iaşi, Romania

    George Teşeleanu

  2. Advanced Technologies Institute, 10 Dinu Vintilă, Bucharest, Romania

    George Teşeleanu

Authors
  1. George Teşeleanu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to George Teşeleanu .

Editor information

Editors and Affiliations

  1. Université Paris 8, Saint-Denis, France

    Claude Carlet

  2. Institut MINES-TELECOM, Paris, France

    Sylvain Guilley

  3. Université de Caen, Caen, France

    Abderrahmane Nitaj

  4. Mohammed V University, Rabat, Morocco

    El Mamoun Souidi

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Teşeleanu, G. (2019). Managing Your Kleptographic Subscription Plan. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-16458-4_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-16457-7

  • Online ISBN: 978-3-030-16458-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation