Research Article
BibTex RIS Cite

Açık Anahtar Altyapısı ile Dijital İmzalamanın Zararlı Yazılımlar Üzerindeki Etkisi

Year 2024, Volume: 8 Issue: 2, 99 - 109
https://doi.org/10.33461/uybisbbd.1507316

Abstract

Geçmişten günümüze şifreleme, pek çok uygulamada kullanılan farklı yöntemleriyle büyük bir evrim geçirmiştir. Güçlü şifreleme algoritmalarının zaman içerisindeki gelişimi, dijital iletişimde güvenliği sağlayan Açık Anahtar Altyapısını oluşturmuştur. Bu altyapının önemli bir bileşeni olan dijital imzalama günümüzde yaygın olarak kullanılmaktadır ve verinin doğruluğunu, bütünlüğünü ve güvenilirliğini önemli ölçüde sağlamaktadır. Bu çalışmada dijital imzalama yöntemlerinin, günümüz siber güvenlik dünyasında, zararlı yazılımların güvenilirliği üzerindeki etkisi değerlendirilmektedir. Zararlı yazılımların etkileri ve sonuçları her geçen gün artmakta olup, yaygın olarak kullanılan e-imza ve dijital sertifikalar da bu etkileri artırabilmektedir. Bu bağlamda çalışma, farklı yöntemlerle oluşturulan örneklere dijital imzalama uygulanarak, zararlı yazılımların güvenilirlik ölçütlerinin karşılaştırmasını içermektedir. Testler sonucunda imzalı olan zararlı uygulamaların imzasız olan zararlı uygulamalara göre daha düşük olasılıkla güvenlik sistemlerine yakalandıkları ölçülmüştür. Özetle araştırma, dijital imzalamanın zararlı yazılımların yayılımını ne ölçüde etkilediğini ortaya koymayı ve siber güvenlik önlemlerinin geliştirilmesine katkı sağlamayı amaçlamaktadır.

References

  • Balakrishnan, A. & Schulze, C. (2005). Code Obfuscation Literature Survey. Computer Sciences Department, University of Wisconsin.
  • Balaoura, S. (2018). Process Injection Techniques and Detection Using the Volatility Framework. Master’s thesis, University of Piraeus, Greece.
  • Europol. (2021). “World’s Most Dangerous Malware EMOTET Disrupted Through Global Action”. https://www.europol.europa.eu/media-press/newsroom/news/world’s-most-dangerous-malware-emotet-disrupted-through-global-action
  • Fayi, S. (2018). What Petya/NotPetya Ransomware Is and What Its Remidiations Are. 10.1007/978-3-319-77028-4_15.
  • Garfinkel, S. & Spafford, E. (2002). Web Security, Privacy and Commerce. O'Reilly Media.
  • Greenberg, A. (2017). The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes. Wired. https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur- mistakes/.
  • Haizler, O. (2017). The United States’ Cyber Warfare History: Implications on Modern Cyber Operational Structures and Policymaking in Cyberspace, Intelligence, and Security. Vol 1. Nr.1. The Institute for Natural Security Studies. https://www.inss.org.il/wp-content/uploads/2017/03/The-United-States’-Cyber-Warfare-History-Implications-on.pdf
  • Kili, A. (2019). How to Generate a CSR (Certificate Signing Request) in Linux. Tecmint https://www.tecmint.com/generate-csr-certificate-signing-request-in-linux
  • Klimburg-Witjes, N. & Wentland, A. (2021). “Hacking Humans? Social Engineering and the Construction of the Deficient User in Cybersecurity Discourses”, Science, Technology, & Human 46(6). 1316-1339. SAGE Journals.
  • Mike, C. & David, S, "Cryptography and the Public Key Infrastructure," in CompTIA Security+ Study Guide: Exam SY0-601, Wiley, 2021, pp.179-227.
  • Monnappa, K. A. (2018). Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware. Packt Publishing Ltd.
  • Nash, A., William, D. & Celia, J. (2001) PKI Implementing and Managing e-Security. McGraw-Hill.
  • Paar, C. & Pelzl J. (2010). Understanding Cryptography: a Textbook for Students and Practitioners. Springer.
  • Peterson, A. (2014). The Sony Pictures hack, explained. The Washingthon Post: https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
  • Rad, B.B., Masrom, M. & Ibrahim, S. (2012) Camouflage in Malware: From Encryption to Metamorphism. International Journal of Computer Science Network. Security. 12 (74–83).
  • Robertson, J. & Turton, W. (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News.
  • Spafford, E.H. (1988). The Internet Worm Program: An Analysis. Purdue Technical Report CSD-TR-823. https://spaf.cerias.purdue.edu/tech-reps/823.pdf
  • Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
  • Sporx. (2024). AnyDesk hacklendi mi? Anydesk hack nedir? https://www.sporx.com/anydesk-hacklendi-mi-anydesk-hacked-nedir-SXHBQ1056445SXQ
  • Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
  • Tasiopoulos, V.G. & Katsikas, S.K. (2014). Bypassing Antivirus Detection with Encryption. In Proceedings of the 18th Panhellenic Conference on Informatics.
  • Taylor, C. (2020). Melissa Virus. CyberHoot. https://cyberhoot.com/cybrary/melissa-virus/
  • Zetter, K. (2014) An Unprecedented Look at Stuxnet, the World's First Digital Weapon. Magazine Wired. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

Impact of Digital Signing on Malware in Public Key Infrastructure

Year 2024, Volume: 8 Issue: 2, 99 - 109
https://doi.org/10.33461/uybisbbd.1507316

Abstract

From past to present, cryptography has undergone a significant evolution from past to present, with various methods used in many applications. The development of strong encryption algorithms over time has established the Public Key Infrastructure, which ensures security in digital communication. A key component of this infrastructure, digital signing, is widely used today and plays a crucial role in ensuring the accuracy, integrity, and reliability of data. This study evaluates the impact of digital signing methods on the reliability of malware in the context of today's cybersecurity landscape. The effects and consequences of malware are increasing day by day, and commonly used e-signatures and digital certificates may also exacerbate these impacts. In this context, the study includes a comparison of the reliability metrics of malware by applying digital signing to examples created using different methods. Tests have shown that signed malware applications are less likely to be detected by security systems compared to unsigned ones. In summary, this research aims to reveal the extent to which digital signing affects the spread of malware and to contribute to the development of cybersecurity measures.

References

  • Balakrishnan, A. & Schulze, C. (2005). Code Obfuscation Literature Survey. Computer Sciences Department, University of Wisconsin.
  • Balaoura, S. (2018). Process Injection Techniques and Detection Using the Volatility Framework. Master’s thesis, University of Piraeus, Greece.
  • Europol. (2021). “World’s Most Dangerous Malware EMOTET Disrupted Through Global Action”. https://www.europol.europa.eu/media-press/newsroom/news/world’s-most-dangerous-malware-emotet-disrupted-through-global-action
  • Fayi, S. (2018). What Petya/NotPetya Ransomware Is and What Its Remidiations Are. 10.1007/978-3-319-77028-4_15.
  • Garfinkel, S. & Spafford, E. (2002). Web Security, Privacy and Commerce. O'Reilly Media.
  • Greenberg, A. (2017). The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes. Wired. https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur- mistakes/.
  • Haizler, O. (2017). The United States’ Cyber Warfare History: Implications on Modern Cyber Operational Structures and Policymaking in Cyberspace, Intelligence, and Security. Vol 1. Nr.1. The Institute for Natural Security Studies. https://www.inss.org.il/wp-content/uploads/2017/03/The-United-States’-Cyber-Warfare-History-Implications-on.pdf
  • Kili, A. (2019). How to Generate a CSR (Certificate Signing Request) in Linux. Tecmint https://www.tecmint.com/generate-csr-certificate-signing-request-in-linux
  • Klimburg-Witjes, N. & Wentland, A. (2021). “Hacking Humans? Social Engineering and the Construction of the Deficient User in Cybersecurity Discourses”, Science, Technology, & Human 46(6). 1316-1339. SAGE Journals.
  • Mike, C. & David, S, "Cryptography and the Public Key Infrastructure," in CompTIA Security+ Study Guide: Exam SY0-601, Wiley, 2021, pp.179-227.
  • Monnappa, K. A. (2018). Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware. Packt Publishing Ltd.
  • Nash, A., William, D. & Celia, J. (2001) PKI Implementing and Managing e-Security. McGraw-Hill.
  • Paar, C. & Pelzl J. (2010). Understanding Cryptography: a Textbook for Students and Practitioners. Springer.
  • Peterson, A. (2014). The Sony Pictures hack, explained. The Washingthon Post: https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
  • Rad, B.B., Masrom, M. & Ibrahim, S. (2012) Camouflage in Malware: From Encryption to Metamorphism. International Journal of Computer Science Network. Security. 12 (74–83).
  • Robertson, J. & Turton, W. (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News.
  • Spafford, E.H. (1988). The Internet Worm Program: An Analysis. Purdue Technical Report CSD-TR-823. https://spaf.cerias.purdue.edu/tech-reps/823.pdf
  • Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
  • Sporx. (2024). AnyDesk hacklendi mi? Anydesk hack nedir? https://www.sporx.com/anydesk-hacklendi-mi-anydesk-hacked-nedir-SXHBQ1056445SXQ
  • Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
  • Tasiopoulos, V.G. & Katsikas, S.K. (2014). Bypassing Antivirus Detection with Encryption. In Proceedings of the 18th Panhellenic Conference on Informatics.
  • Taylor, C. (2020). Melissa Virus. CyberHoot. https://cyberhoot.com/cybrary/melissa-virus/
  • Zetter, K. (2014) An Unprecedented Look at Stuxnet, the World's First Digital Weapon. Magazine Wired. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
There are 23 citations in total.

Details

Primary Language Turkish
Subjects Information Security Management, Information Security and Cryptology, Cryptography, System and Network Security, Cybersecurity and Privacy (Other)
Journal Section Research Paper
Authors

Mehmetcan Topal 0009-0002-8640-0998

Zeynep Altan 0000-0002-0383-9261

Early Pub Date October 30, 2024
Publication Date
Submission Date June 29, 2024
Acceptance Date August 19, 2024
Published in Issue Year 2024 Volume: 8 Issue: 2

Cite

APA Topal, M., & Altan, Z. (2024). Açık Anahtar Altyapısı ile Dijital İmzalamanın Zararlı Yazılımlar Üzerindeki Etkisi. Uluslararası Yönetim Bilişim Sistemleri Ve Bilgisayar Bilimleri Dergisi, 8(2), 99-109. https://doi.org/10.33461/uybisbbd.1507316