Intel SGX Enabled Ransomware: A Potentially New Malware Strain In the Future?

支持英特尔 SGX 的勒索软件：未来潜在的新恶意软件菌株？

• 批准号: 2744527
• 金额: --
• 依托单位: Royal Holloway University of London
• 依托单位国家: 英国
• 项目类别: Studentship
• 财政年份: 2018
• 资助国家: 英国
• 起止时间: 2018 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=studentship-2744527
• 关键词: Intel; SGX; Enabled; Ransomware; Potentially

Ransomware is a type of malware that uses a security mechanism based on cryptography to hijack user resources and files to demand a ransom in exchange for a private key that decrypts the data. This led to the creation of a unique ecosystem and a highly lucrative business for cybercriminals to effectively extort money from organisations and individuals whose computers they infect. Unlike traditional malware, without the co-operation and decryption key from its creator, the effect from ransomware in most cases is difficult to mitigate and irreversible even after removal. There are a number of reasons why ransomware has gained increasing popularity over the past decade. Firstly, the use of encryption is effective and virtually unbreakable, providing the attacker great confidence due to its high probability of successful return on malware investment. Secondly, the use of an anonymous cyber-currency can make traceability hard. Thirdly, the readily available ransomware tools enables easy entry.This research aims to shed some light on how a cybercriminal could develop new ransomware variants that could leverage Intel's SGX secure and private execution capability to securely manage secret cryptographic keys on victim's untrusted memory and potentially use it for offensive purposes. The research is mainly focused on investigating how Intel SGX could be leveraged by an attacker to overcome limitations faced by existing ransomware strains, in particular on key management schemes. The following objectives have been set for the project:-Conduct a thorough investigation into how ransomware currently manages the cryptographic keys.-Investigate how ransomware authors could leverage innovative technology, such as Intel SGX, to enhance the current key management schemes.-Develop a proof-of-concept showing the feasibility of using Intel SGX to manage the cryptographic keys.-Investigate how an attacker can initiate the release of the key once the ransom is paid

勒索软件是一种恶意软件，它使用基于加密的安全机制劫持用户资源和文件，以要求赎金，以换取解密数据的私钥。这导致创建了一个独特的生态系统，并为网络犯罪分子创造了一项利润丰厚的业务，以便有效地从他们感染其计算机的组织和个人那里敲诈钱财。与传统恶意软件不同，如果没有创建者的合作和解密密钥，勒索软件在大多数情况下的影响很难缓解，即使在删除后也是不可逆转的。勒索软件在过去十年中越来越受欢迎，原因有很多。首先，加密的使用是有效的，几乎牢不可破，由于其成功获得恶意软件投资回报的可能性很高，因此为攻击者提供了极大的信心。其次，匿名网络货币的使用可能会使追踪变得困难。第三，随时可用的勒索软件工具使进入变得容易。这项研究旨在揭示网络罪犯如何开发新的勒索软件变体，这些变体可以利用英特尔的SGX安全和私人执行能力来安全地管理受害者不受信任的内存中的秘密密钥，并可能将其用于攻击性目的。这项研究主要集中在调查攻击者如何利用Intel SGX来克服现有勒索软件版本面临的限制，特别是在密钥管理方案方面。该项目设定了以下目标：-对勒索软件目前如何管理加密密钥进行彻底调查。-调查勒索软件作者如何利用创新技术(如英特尔SGX)来增强当前的密钥管理方案。-开发一份概念验证，展示使用英特尔SGX管理加密密钥的可行性。-调查一旦支付赎金，攻击者如何启动密钥发布