Backdoor (computing) - Overview

Overview

The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference. They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.

A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was used as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the artificial intelligence).

An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be. In this case, a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system.

Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.

It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust (see below).

Many computer worms, such as Sobig and Mydoom (and the covert Skynet), install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.

A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors is part of a larger field now called cryptovirology.

There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor was designed by Young and Yung, utilizes a twisted pair of elliptic curves, and has been made available.

Read more about this topic:  Backdoor (computing)

Other articles related to "overview":

International Union Of Pure And Applied Chemistry - Publications - Series of Books On Analytical and Physical Chemistry of Environmental Systems
... in Environmental Systems is meant to give an overview of a technique based on fractal geometry and the processes of environmental systems ... It also gives an overview of the knowledge needed to solve environmental problems ... The book gives an overview of chemical mechanisms, transport, kinetics, and interactions that occur in environmental systems ...
Unified Modeling Language - Topics - Diagrams Overview - Interaction Diagrams
... Interaction overview diagram provides an overview in which the nodes represent communication diagrams ... Communication diagram Interaction overview diagram Sequence diagram The Protocol State Machine is a sub-variant of the State Machine ...
Kewanee, Illinois - Schools - Overview
... There are also other schools in Kewanee like Visitation Catholic School home of the Giants, and a community college, Black Hawk College ... Black Hawk College-East Campus is recognized nationally for its equestrian program, as well as livestock judging teams ...
United States Presidential Election, 1992 - Nominations - Democratic Party Nomination - Overview
... U.S ... Senator Tom Harkin (Iowa) ran as a populist liberal with labor union support ...
Golden Brown - Overview
... The single was a hit around the world, scaling the Top 10 as far away as Australia ... Its commercial success was probably the single factor that secured The Stranglers their continuing life in pop mainstream for the remainder of the 1980s ...