Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
public:papers:acsac2017 [2017-12-04 20:14] – [Q&A section] xnemec1public:papers:acsac2017 [2017-12-08 16:36] – [Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans [ACSAC 2017]] xnemec1
Line 13: Line 13:
   * Conference page: [[https://www.acsac.org/2017/ | ACSAC 2017]] | [[https://www.acsac.org/2017/openconf/modules/request.php?module=oc_program&action=summary.php&id=106 | Paper page]]   * Conference page: [[https://www.acsac.org/2017/ | ACSAC 2017]] | [[https://www.acsac.org/2017/openconf/modules/request.php?module=oc_program&action=summary.php&id=106 | Paper page]]
   * Download author pre-print of the paper: {{ :public:papers:acsac2017_nemec_rsa_fingerprints.pdf | pdf}}   * Download author pre-print of the paper: {{ :public:papers:acsac2017_nemec_rsa_fingerprints.pdf | pdf}}
-  * Download presentation: {{ fixme | pdf}}+  * Download presentation: {{ :public:papers:acsac-nemec-handout.pdf Handout-PDF}} | {{ :public:papers:acsac-nemec.pdf | Conference-PDF }}
  
 **Bibtex (regular paper)** **Bibtex (regular paper)**
  
   @inproceedings{2017-acsac-nemec,   @inproceedings{2017-acsac-nemec,
-    Author        = {Matus Nemec and Dusan Klinec and Petr Svenda and Peter Sekan and Vashek Matyas}, +    author = {Nemec, Matus and Klinec, Dusan and Svenda, Petr and Sekan, Peter and Matyas, Vashek}, 
-    Title         = {Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans}, +    title = {Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans}, 
-    BookTitle     = {Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC'2017)}, +    booktitle = {Proceedings of the 33rd Annual Computer Security Applications Conference}, 
-    Year          = {2017}, +    series = {ACSAC 2017}, 
-    Pages         = {??--??}, +    year = {2017}, 
-    ISBN          = {??}, +    isbn = {978-1-4503-5345-8}, 
-    Publisher     = {ACM}+    pages = {162--175}, 
 +    url = {http://doi.acm.org/10.1145/3134600.3134612}, 
 +    doi = {10.1145/3134600.3134612}, 
 +    publisher = {ACM}
   }   }
  
Line 56: Line 59:
  
 {{:public:papers:acsac2017_dendrogram.png?600|}} {{:public:papers:acsac2017_dendrogram.png?600|}}
 +
 +==Q: Does popularity of libraries change in time?==
 +A: Yes, for one, the number of OpenSSL keys increases significantly.
 +{{:public:papers:acsac2017_intime.png?800|}}
  
 ==Q: I want to know the popularity of library X, why wasn't it included? == ==Q: I want to know the popularity of library X, why wasn't it included? ==
Line 63: Line 70:
 A: The features extracted from the keys are not unique. Different (groups of) libraries can produce keys with the same features. Only the distribution of the features differs, as illustrated here: A: The features extracted from the keys are not unique. Different (groups of) libraries can produce keys with the same features. Only the distribution of the features differs, as illustrated here:
  
 +{{:public:papers:acsac2017_reference.png?800|}}
  
 ==Q: What is the accuracy of the measurement?== ==Q: What is the accuracy of the measurement?==
 A: We performed simulations to determine the accuracy. The expected error of the measurement was within 1 percentage point of the estimation (e.g., OpenSSL being estimated at 70% means that we expect it to be between 69% and 71%). The error might be larger in some cases, however the ground truth is not always known. Our estimation of ROCA vulnerable keys in a PGP dataset was at 0.10%, that is within 0.02 percentage points from the correct proportion found by a much more reliable method specific to the ROCA keys. A: We performed simulations to determine the accuracy. The expected error of the measurement was within 1 percentage point of the estimation (e.g., OpenSSL being estimated at 70% means that we expect it to be between 69% and 71%). The error might be larger in some cases, however the ground truth is not always known. Our estimation of ROCA vulnerable keys in a PGP dataset was at 0.10%, that is within 0.02 percentage points from the correct proportion found by a much more reliable method specific to the ROCA keys.