430

Book reviews

This book is about cryptovirology – the art of

turning the very methods designed to protect data

into a means of subverting it. As the Foreword

states:

The realisation that a key could be placed in avirus so that part of its payload would be toperform a one-way operation on the hostcomputer that could only be undone using theprivate key held by the virus’ author, was thediscovery from which this book sprang.

The aim of the book, therefore, is to capture the

essence of how security can be subverted in what is

clearly a non standard environment in which security

represents the value of an ongoing competition

between the system designer and its attackers. The

authors argue that since security or integrity is

directly measured by the probability the secret key

can be discovered by unauthorized attackers, the

information content of the key must be great enough

that it is computationally infeasible to simply try all

possible values. But this means that it is also

infeasible for a monitor to tell whether the random

values produced were actually randomly chosen as

supposed or not. The dilemma then is that, if the key

is large enough to be secure, it is also large enough to

make it impossible to detect a bias in the selection

process. It, therefore, becomes possible to hide

information in the keys, to communicate other keys

subliminally, or to subvert information integrity

protocols within. The authors of this book explain

these issues and how to fight against them.

Available from: John Wiley & Sons Limited,

Distribution Centre, 1 Oldlands Way, Bognor

Regis, West Sussex, PO22 9SA. Tel: +44 (0) 1243

843291; email: cs-books@Wiley.co.uk : Internet:

www.wileyeurope.com

CRYPTOGRAPHY

Malicious

Cryptography –

Exposing

Cryptovirology

Dr. Adam L. Young and

Dr. Moti Yung, 2004,

soft-cover, Wiley

Publishing Inc., 392 pp.,

£29.99, ISBN 0 7645

4975 8.