Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
public:papers:acsac2017 [2017-12-04 20:14] – [Q&A section] xnemec1public:papers:acsac2017 [2017-12-04 20:19] – [Q&A section] xnemec1
Line 56: Line 56:
  
 {{:public:papers:acsac2017_dendrogram.png?600|}} {{:public:papers:acsac2017_dendrogram.png?600|}}
 +
 +==Q: Does popularity of libraries change in time?==
 +A: Yes, for one, the number of OpenSSL keys increases significantly.
 +{{:public:papers:acsac2017_intime.png?800|}}
  
 ==Q: I want to know the popularity of library X, why wasn't it included? == ==Q: I want to know the popularity of library X, why wasn't it included? ==
Line 63: Line 67:
 A: The features extracted from the keys are not unique. Different (groups of) libraries can produce keys with the same features. Only the distribution of the features differs, as illustrated here: A: The features extracted from the keys are not unique. Different (groups of) libraries can produce keys with the same features. Only the distribution of the features differs, as illustrated here:
  
 +{{:public:papers:acsac2017_reference.png?800|}}
  
 ==Q: What is the accuracy of the measurement?== ==Q: What is the accuracy of the measurement?==
 A: We performed simulations to determine the accuracy. The expected error of the measurement was within 1 percentage point of the estimation (e.g., OpenSSL being estimated at 70% means that we expect it to be between 69% and 71%). The error might be larger in some cases, however the ground truth is not always known. Our estimation of ROCA vulnerable keys in a PGP dataset was at 0.10%, that is within 0.02 percentage points from the correct proportion found by a much more reliable method specific to the ROCA keys. A: We performed simulations to determine the accuracy. The expected error of the measurement was within 1 percentage point of the estimation (e.g., OpenSSL being estimated at 70% means that we expect it to be between 69% and 71%). The error might be larger in some cases, however the ground truth is not always known. Our estimation of ROCA vulnerable keys in a PGP dataset was at 0.10%, that is within 0.02 percentage points from the correct proportion found by a much more reliable method specific to the ROCA keys.