Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:papers:acsac2017 [2017-12-04 19:54] – [Q&A section] xnemec1 | public:papers:acsac2017 [2017-12-04 20:19] – [Q&A section] xnemec1 | ||
---|---|---|---|
Line 42: | Line 42: | ||
==Q: Does it mean the biased RSA key generation methods are broken?== | ==Q: Does it mean the biased RSA key generation methods are broken?== | ||
- | A: No, in general, the bias is not enough for key factorization. However, we did break the Infineon implementation in our recent paper [[https:// | + | A: No, in general, the bias is not enough for key factorization. However, we did break the Infineon implementation in our recent paper [[https:// |
+ | |||
+ | ==Q: What parts of an RSA public key are biased?== | ||
+ | A: We extract an 8-bit feature vector from a public modulus N: we use the remainder of division of the modulus N modulo 3, remainder modulo 4, and the 2nd to 7th most significant bits of the modulus. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ==Q: What was the motivation for the measurement? | ||
+ | A: We developed a method for probabilistic classification of keys based on their source in our paper [[https:// | ||
==Q: What libraries did you analyze? Can you tell all libraries apart?== | ==Q: What libraries did you analyze? Can you tell all libraries apart?== | ||
Line 48: | Line 56: | ||
{{: | {{: | ||
+ | |||
+ | ==Q: Does popularity of libraries change in time?== | ||
+ | A: Yes, for one, the number of OpenSSL keys increases significantly. | ||
+ | {{: | ||
==Q: I want to know the popularity of library X, why wasn't it included? == | ==Q: I want to know the popularity of library X, why wasn't it included? == | ||
- | A: To suggest other sources that we can add to our analysis, please get in touch with us. If you can also provide keys generated by hardware, open-source and proprietary libraries, we will add them to the [[https:// | + | A: To suggest other sources that we can add to our analysis, please get in touch with us. If you can also provide keys generated by hardware, open-source and proprietary libraries, we will add them to the [[https:// |
+ | |||
+ | ==Q: Why can't you associate a key with its source with certainty? | ||
+ | A: The features extracted from the keys are not unique. Different (groups of) libraries can produce keys with the same features. Only the distribution of the features differs, as illustrated here: | ||
+ | |||
+ | {{: | ||
+ | ==Q: What is the accuracy of the measurement? | ||
+ | A: We performed simulations to determine the accuracy. The expected error of the measurement was within 1 percentage point of the estimation (e.g., OpenSSL being estimated at 70% means that we expect it to be between 69% and 71%). The error might be larger in some cases, however the ground truth is not always known. Our estimation of ROCA vulnerable keys in a PGP dataset was at 0.10%, that is within 0.02 percentage points from the correct proportion found by a much more reliable method specific to the ROCA keys. | ||