====== Bias in RSA keypair detection, vulnerabilities, classification ======

===== Datasets =====
**Private and public RSA keys generated on smartcard or by software library**
  * Dataset: [[https://drive.google.com/folderview?id=0B0PpUrsKytcyUUV5d3kwX0VRNFk&usp=sharing | RSA keys from software libraries]]
    * Separate zip files for every library and length of RSA keys. Naming format: //library_version_keylength.zip// 
  * Dataset: [[https://drive.google.com/open?id=0B_DMu_2XOQ9XQWYyQmxXbDZuems | RSA keys from cryptographic smartcards]]
    * Separate zip files for every library and length of RSA keys. Format: //smartcard-numberOfKeys-keyLength.zip//
  * Updated datasets:
    * https://drive.google.com/drive/u/3/folders/0B0PpUrsKytcyMllkUHJ0RkZkdzA

**Random data generated by smartcards**

  * Dataset: [[https://drive.google.com/open?id=0B4LeBLNCWpOWN0MzM2tjcjhVNEk | Random data from cryptographic smartcards, up to 100MB]] 
    * Separate binary files for every smartcard obtained using RandomData.generate() on-card method. If more files for the same card were generated, appendix _0/1/2 is used. Format: //smartcard_type.bin//
  * Dataset: [[https://drive.google.com/open?id=0B4LeBLNCWpOWYzNVcTJpdE1acFU | Random data from cryptographic smartcards, up to 1GB]] 
    * Separate binary files for every smartcard obtained using RandomData.generate() on-card method. If more files for the same card were generated, appendix _0/1/2 is used. Format: //smartcard_type.bin//

===== Tooling =====
  * Tools for classification of single keys: https://github.com/crocs-muni/classifyRSAkey
  * Tools for classification of large-scale datasets (e.g., IPv4 TLS scan, Certificate Transparency log...): https://github.com/crocs-muni/acsac2017-data-tools
  * Detection tool for ROCA vulnerable keys: https://github.com/crocs-muni/roca


===== Related research papers =====
  * The Million-Key Question – Investigating the Origins of RSA Public Keys (detection of bias in RSA keys, attribution of public key to generating library) [USENIX Security 2016] https://crocs.fi.muni.cz/public/papers/usenix2016
  * The Million-Key Question - extended technical report [2016] https://crocs.fi.muni.cz/_media/public/papers/usenixsec16_1mrsakeys_trfimu_201603.pdf
  * ROCA: Vulnerable RSA generation (CVE-2017-15361) [CCS 2017]: https://crocs.fi.muni.cz/public/papers/rsa_ccs17
  * Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans [ACSAC 2017]: https://crocs.fi.muni.cz/papers/acsac2017