Citizendia
Your Ad Here

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. A computer is a Machine that manipulates data according to a list of instructions. There are two different meanings of the word cryptosystem. One is used by the cryptographic community while the other is the meaning understood by the public In Mathematics, Computing, Linguistics and related subjects an algorithm is a sequence of finite instructions often used for Calculation Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as The backdoor may take the form of an installed program (e. g. , Back Orifice), or could be a modification to an existing program or hardware device. Back Orifice (often shortened to BO) is a controversial Computer program designed for remote system administration.

Contents

Overview

The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference. [1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J. The RAND Corporation ( R esearch AN d D evelopment is a Nonprofit global policy Think tank first formed to offer research and analysis P. Anderson and D. J. Edwards in 1970. [2]

A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. Hard coding (also hard-coding or hardcoding) refers to the software development practice of embedding input or configuration data directly into the Source A famous example of this sort of backdoor was as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode). Events February 11 - The Rolling Stones concert film Let's Spend the Night Together opens in New York WarGames is a 1983 drama / Thriller film written by Lawrence Lasker and Walter F WOPR (pronounced "Whopper" is a fictional military Computer featured in the movie and novel WarGames.

An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be. Linux is an operating system kernel used by a family of Unix-like Operating systems These are popularly termed Linux operating systems and Year 2003 ( MMIII) was a Common year starting on Wednesday of the Gregorian calendar. [3] In this case a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system. On many computer Operating systems the superuser, or root, is a special User account used for System administration. [4]

Although the number of backdoors in systems using proprietary software (that is, software whose source code is not readily available for inspection) is not widely credited, they are nevertheless periodically (and frequently) exposed. Proprietary software is Computer software on which the producer has set restrictions on use private modification copying, or republishing. In Computer science, source code (commonly just source or code) is any sequence of statements or declarations written in some Human-readable Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. A virtual Easter egg is an intentional Hidden message or feature in an object such as a movie, Book

It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. A compiler is a Computer program (or set of programs that translates text written in a computer language (the source language) into another When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust (see below). Kenneth Lane Thompson (born February 4 1943) commonly referred to as Ken Thompson (or simply

Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network and it may do so without The Sobig Worm was a Computer worm that infected millions of Internet -connected Microsoft Windows computers in August 2003. Mydoom, also known as W32MyDoom@mm, Novarg, MimailR and Shimgapi, is a Computer virus affecting Microsoft Windows. IBM PC compatible computers are those generally similar to the original IBM PC, XT, and AT. The term broadband can have different meanings in different contexts Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. Microsoft Outlook or Outlook (full name Microsoft Office Outlook since Outlook 2003 is a Personal information manager from Microsoft, and is Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. E-mail spam, also known as "bulk e-mail" or "junk e-mail" is a subset of spam that involves nearly identical messages sent to numerous recipients by Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers. The Sony BMG CD copy prevention scandal concerns the Copy prevention measures included by Sony BMG on Compact discs in 2005 Digital rights management ( DRM) is a generic term that refers to Access control technologies used by hardware manufacturers publishers and Copyright holders In Computer science, a software agent is a piece of software that acts for a user or other program in a relationship of agency.

A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e. g. , via publishing, being discovered and disclosed by reverse engineering, etc. Reverse engineering (RE is the process of discovering the technological principles of a device object or system through analysis of its structure function and operation ). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. Kleptography is the study of stealing information securely and subliminally A smart card, chip card, or Integrated circuit card ( ICC) is any pocket-sized card with embedded integrated The theory of asymmetric backdoors is part of a larger field now called cryptovirology. Cryptovirology is a field that studies how to use Cryptography to design powerful malicious software.

There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor was designed by Young and Yung, utilizes a twisted pair of elliptic curves, and has been made available.

Reflections on Trusting Trust

Ken Thompson's Reflections on Trusting Trust[5] was the first major paper to describe black box backdoor issues, and points out that trust is relative. It described a very clever backdoor mechanism based upon the fact that people only review source (human-written) code, and not compiled machine code. Machine code or machine language is a system of instructions and data executed directly by a Computer 's Central processing unit. A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job. A compiler is a Computer program (or set of programs that translates text written in a computer language (the source language) into another

Thompson's paper described a modified version of the Unix C compiler that would:

Because the compiler itself was a compiled program, users would be extremely unlikely to notice the machine code instructions that performed these tasks. (Because of the second task, the compiler's source code would appear "clean". ) What's worse, in Thompson's proof of concept implementation, the subverted compiler also subverted the analysis program (the disassembler), so that anyone who examined the binaries in the usual way would not actually see the real code that was running, but something else instead. Proof of concept is a short and/or incomplete realization (or synopsis) of a certain method or idea(s to demonstrate its feasibility or a demonstration in principle whose A disassembler is a Computer program that translates Machine language into Assembly language —the inverse operation to that of an assembler. This version was never released into the wild. It was released to a sibling Bell Labs organization as a test case; they never found the attack. Bell Laboratories (also known as Bell Labs and formerly known as AT&T Bell Laboratories and Bell Telephone Laboratories) is the Research organization

In theory, once a system has been compromised with a backdoor or Trojan horse, such as the Trusting Trust compiler, there is no way for the "rightful" user to regain control of the system. This article refers to a form of Malware in computing terminology However, several practical weaknesses in the Trusting Trust scheme have been suggested. (For example, a sufficiently motivated user could painstakingly review the machine code of the untrusted compiler before using it. As mentioned above, there are ways to counter this attack, such as subverting the disassembler; but there are ways to counter that defense, too, such as writing your own disassembler from scratch, so the infected compiler won't recognize it. )

References

  1. ^ H. E. Petersen, R. Turn. "System Implications of Information Privacy". Proceedings of the AFIPS Spring Joint Computer Conference, vol. 30, pages 291–300. AFIPS Press: 1967.
  2. ^ Security Controls for Computer Systems, Technical Report R-609, WH Ware, ed, Feb 1970, RAND Corp. The RAND Corporation ( R esearch AN d D evelopment is a Nonprofit global policy Think tank first formed to offer research and analysis
  3. ^ Linux-Kernel Archive: Re: BK2CVS problem
  4. ^ Thwarted Linux backdoor hints at smarter hacks; Kevin Poulsen; SecurityFocus, 6 November 2003. Events 355 - Roman Emperor Constantius II promotes his cousin Julian to the rank of Caesar, entrusting him with Year 2003 ( MMIII) was a Common year starting on Wednesday of the Gregorian calendar.
  5. ^ Reflections on Trusting Trust

External links

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
 Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic