Öz
Geçmişten günümüze şifreleme, pek çok uygulamada kullanılan farklı yöntemleriyle büyük bir evrim geçirmiştir. Güçlü şifreleme algoritmalarının zaman içerisindeki gelişimi, dijital iletişimde güvenliği sağlayan Açık Anahtar Altyapısını oluşturmuştur. Bu altyapının önemli bir bileşeni olan dijital imzalama günümüzde yaygın olarak kullanılmaktadır ve verinin doğruluğunu, bütünlüğünü ve güvenilirliğini önemli ölçüde sağlamaktadır. Bu çalışmada dijital imzalama yöntemlerinin, günümüz siber güvenlik dünyasında, zararlı yazılımların güvenilirliği üzerindeki etkisi değerlendirilmektedir. Zararlı yazılımların etkileri ve sonuçları her geçen gün artmakta olup, yaygın olarak kullanılan e-imza ve dijital sertifikalar da bu etkileri artırabilmektedir. Bu bağlamda çalışma, farklı yöntemlerle oluşturulan örneklere dijital imzalama uygulanarak, zararlı yazılımların güvenilirlik ölçütlerinin karşılaştırmasını içermektedir. Testler sonucunda imzalı olan zararlı uygulamaların imzasız olan zararlı uygulamalara göre daha düşük olasılıkla güvenlik sistemlerine yakalandıkları ölçülmüştür. Özetle araştırma, dijital imzalamanın zararlı yazılımların yayılımını ne ölçüde etkilediğini ortaya koymayı ve siber güvenlik önlemlerinin geliştirilmesine katkı sağlamayı amaçlamaktadır.
Anahtar Kelimeler
Açık Anahtar Altyapısı Dijital İmza Şifreleme Zararlı Yazılım.
Kaynakça
- Balakrishnan, A. & Schulze, C. (2005). Code Obfuscation Literature Survey. Computer Sciences Department, University of Wisconsin.
- Balaoura, S. (2018). Process Injection Techniques and Detection Using the Volatility Framework. Master’s thesis, University of Piraeus, Greece.
- Europol. (2021). “World’s Most Dangerous Malware EMOTET Disrupted Through Global Action”. https://www.europol.europa.eu/media-press/newsroom/news/world’s-most-dangerous-malware-emotet-disrupted-through-global-action
- Fayi, S. (2018). What Petya/NotPetya Ransomware Is and What Its Remidiations Are. 10.1007/978-3-319-77028-4_15.
- Garfinkel, S. & Spafford, E. (2002). Web Security, Privacy and Commerce. O'Reilly Media.
- Greenberg, A. (2017). The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes. Wired. https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur- mistakes/.
- Haizler, O. (2017). The United States’ Cyber Warfare History: Implications on Modern Cyber Operational Structures and Policymaking in Cyberspace, Intelligence, and Security. Vol 1. Nr.1. The Institute for Natural Security Studies. https://www.inss.org.il/wp-content/uploads/2017/03/The-United-States’-Cyber-Warfare-History-Implications-on.pdf
- Kili, A. (2019). How to Generate a CSR (Certificate Signing Request) in Linux. Tecmint https://www.tecmint.com/generate-csr-certificate-signing-request-in-linux
- Klimburg-Witjes, N. & Wentland, A. (2021). “Hacking Humans? Social Engineering and the Construction of the Deficient User in Cybersecurity Discourses”, Science, Technology, & Human 46(6). 1316-1339. SAGE Journals.
- Mike, C. & David, S, "Cryptography and the Public Key Infrastructure," in CompTIA Security+ Study Guide: Exam SY0-601, Wiley, 2021, pp.179-227.
- Monnappa, K. A. (2018). Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware. Packt Publishing Ltd.
- Nash, A., William, D. & Celia, J. (2001) PKI Implementing and Managing e-Security. McGraw-Hill.
- Paar, C. & Pelzl J. (2010). Understanding Cryptography: a Textbook for Students and Practitioners. Springer.
- Peterson, A. (2014). The Sony Pictures hack, explained. The Washingthon Post: https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
- Rad, B.B., Masrom, M. & Ibrahim, S. (2012) Camouflage in Malware: From Encryption to Metamorphism. International Journal of Computer Science Network. Security. 12 (74–83).
- Robertson, J. & Turton, W. (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News.
- Spafford, E.H. (1988). The Internet Worm Program: An Analysis. Purdue Technical Report CSD-TR-823. https://spaf.cerias.purdue.edu/tech-reps/823.pdf
- Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
- Sporx. (2024). AnyDesk hacklendi mi? Anydesk hack nedir? https://www.sporx.com/anydesk-hacklendi-mi-anydesk-hacked-nedir-SXHBQ1056445SXQ
- Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
- Tasiopoulos, V.G. & Katsikas, S.K. (2014). Bypassing Antivirus Detection with Encryption. In Proceedings of the 18th Panhellenic Conference on Informatics.
- Taylor, C. (2020). Melissa Virus. CyberHoot. https://cyberhoot.com/cybrary/melissa-virus/
- Zetter, K. (2014) An Unprecedented Look at Stuxnet, the World's First Digital Weapon. Magazine Wired. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
Öz
From past to present, cryptography has undergone a significant evolution from past to present, with various methods used in many applications. The development of strong encryption algorithms over time has established the Public Key Infrastructure, which ensures security in digital communication. A key component of this infrastructure, digital signing, is widely used today and plays a crucial role in ensuring the accuracy, integrity, and reliability of data. This study evaluates the impact of digital signing methods on the reliability of malware in the context of today's cybersecurity landscape. The effects and consequences of malware are increasing day by day, and commonly used e-signatures and digital certificates may also exacerbate these impacts. In this context, the study includes a comparison of the reliability metrics of malware by applying digital signing to examples created using different methods. Tests have shown that signed malware applications are less likely to be detected by security systems compared to unsigned ones. In summary, this research aims to reveal the extent to which digital signing affects the spread of malware and to contribute to the development of cybersecurity measures.
Anahtar Kelimeler
Public Key Infrastructure Digital Signature Cryptography Malware
Kaynakça
- Balakrishnan, A. & Schulze, C. (2005). Code Obfuscation Literature Survey. Computer Sciences Department, University of Wisconsin.
- Balaoura, S. (2018). Process Injection Techniques and Detection Using the Volatility Framework. Master’s thesis, University of Piraeus, Greece.
- Europol. (2021). “World’s Most Dangerous Malware EMOTET Disrupted Through Global Action”. https://www.europol.europa.eu/media-press/newsroom/news/world’s-most-dangerous-malware-emotet-disrupted-through-global-action
- Fayi, S. (2018). What Petya/NotPetya Ransomware Is and What Its Remidiations Are. 10.1007/978-3-319-77028-4_15.
- Garfinkel, S. & Spafford, E. (2002). Web Security, Privacy and Commerce. O'Reilly Media.
- Greenberg, A. (2017). The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes. Wired. https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur- mistakes/.
- Haizler, O. (2017). The United States’ Cyber Warfare History: Implications on Modern Cyber Operational Structures and Policymaking in Cyberspace, Intelligence, and Security. Vol 1. Nr.1. The Institute for Natural Security Studies. https://www.inss.org.il/wp-content/uploads/2017/03/The-United-States’-Cyber-Warfare-History-Implications-on.pdf
- Kili, A. (2019). How to Generate a CSR (Certificate Signing Request) in Linux. Tecmint https://www.tecmint.com/generate-csr-certificate-signing-request-in-linux
- Klimburg-Witjes, N. & Wentland, A. (2021). “Hacking Humans? Social Engineering and the Construction of the Deficient User in Cybersecurity Discourses”, Science, Technology, & Human 46(6). 1316-1339. SAGE Journals.
- Mike, C. & David, S, "Cryptography and the Public Key Infrastructure," in CompTIA Security+ Study Guide: Exam SY0-601, Wiley, 2021, pp.179-227.
- Monnappa, K. A. (2018). Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware. Packt Publishing Ltd.
- Nash, A., William, D. & Celia, J. (2001) PKI Implementing and Managing e-Security. McGraw-Hill.
- Paar, C. & Pelzl J. (2010). Understanding Cryptography: a Textbook for Students and Practitioners. Springer.
- Peterson, A. (2014). The Sony Pictures hack, explained. The Washingthon Post: https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
- Rad, B.B., Masrom, M. & Ibrahim, S. (2012) Camouflage in Malware: From Encryption to Metamorphism. International Journal of Computer Science Network. Security. 12 (74–83).
- Robertson, J. & Turton, W. (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News.
- Spafford, E.H. (1988). The Internet Worm Program: An Analysis. Purdue Technical Report CSD-TR-823. https://spaf.cerias.purdue.edu/tech-reps/823.pdf
- Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
- Sporx. (2024). AnyDesk hacklendi mi? Anydesk hack nedir? https://www.sporx.com/anydesk-hacklendi-mi-anydesk-hacked-nedir-SXHBQ1056445SXQ
- Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
- Tasiopoulos, V.G. & Katsikas, S.K. (2014). Bypassing Antivirus Detection with Encryption. In Proceedings of the 18th Panhellenic Conference on Informatics.
- Taylor, C. (2020). Melissa Virus. CyberHoot. https://cyberhoot.com/cybrary/melissa-virus/
- Zetter, K. (2014) An Unprecedented Look at Stuxnet, the World's First Digital Weapon. Magazine Wired. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
Ayrıntılar
| Birincil Dil | Türkçe |
|---|---|
| Konular | Bilgi Güvenliği Yönetimi, Bilgi Güvenliği ve Kriptoloji, Kriptografi, Sistem ve Ağ Güvenliği, Siber Güvenlik ve Gizlilik (Diğer) |
| Bölüm | Araştırma Makaleleri |
| Yazarlar | |
| Erken Görünüm Tarihi | 30 Ekim 2024 |
| Yayımlanma Tarihi | 30 Aralık 2024 |
| Gönderilme Tarihi | 29 Haziran 2024 |
| Kabul Tarihi | 19 Ağustos 2024 |
| Yayımlandığı Sayı | Yıl 2024 |
