Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:papers:acsac2017 [2017-12-04 20:54]
xnemec1 [Q&A section]
public:papers:acsac2017 [2017-12-08 17:36] (current)
xnemec1 [Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans [ACSAC 2017]]
Line 13: Line 13:
   * Conference page: [[https://​www.acsac.org/​2017/​ | ACSAC 2017]] | [[https://​www.acsac.org/​2017/​openconf/​modules/​request.php?​module=oc_program&​action=summary.php&​id=106 | Paper page]]   * Conference page: [[https://​www.acsac.org/​2017/​ | ACSAC 2017]] | [[https://​www.acsac.org/​2017/​openconf/​modules/​request.php?​module=oc_program&​action=summary.php&​id=106 | Paper page]]
   * Download author pre-print of the paper: {{ :​public:​papers:​acsac2017_nemec_rsa_fingerprints.pdf | pdf}}   * Download author pre-print of the paper: {{ :​public:​papers:​acsac2017_nemec_rsa_fingerprints.pdf | pdf}}
-  * Download presentation:​ {{ fixme | pdf}}+  * Download presentation:​ {{ :​public:​papers:​acsac-nemec-handout.pdf ​Handout-PDF}} | {{ :​public:​papers:​acsac-nemec.pdf | Conference-PDF ​}}
  
 **Bibtex (regular paper)** **Bibtex (regular paper)**
  
   @inproceedings{2017-acsac-nemec,​   @inproceedings{2017-acsac-nemec,​
-    ​Author ​       ​= {Matus Nemec and Dusan Klinec and Petr Svenda and Peter Sekan and Vashek ​Matyas}, +    ​author ​= {Nemec, Matus and Klinec, Dusan and Svenda, Petr and Sekan, Peter and Matyas, Vashek}, 
-    ​Title         = {Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans}, +    ​title = {Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans}, 
-    ​BookTitle ​    = {Proceedings of the 33rd Annual Computer Security Applications Conference ​(ACSAC'2017)}, +    ​booktitle ​= {Proceedings of the 33rd Annual Computer Security Applications Conference}, 
-    ​Year          ​= {2017}, +    series = {ACSAC 2017}, 
-    ​Pages         = {??--??}, +    ​year = {2017}, 
-    ​ISBN          ​= {??}, +    ​isbn = {978-1-4503-5345-8},​ 
-    ​Publisher ​    = {ACM}+    pages = {162--175},​ 
 +    url = {http://​doi.acm.org/​10.1145/​3134600.3134612}, 
 +    ​doi = {10.1145/​3134600.3134612}, 
 +    ​publisher ​= {ACM}
   }   }
  
Line 42: Line 45:
  
 ==Q: Does it mean the biased RSA key generation methods are broken?== ==Q: Does it mean the biased RSA key generation methods are broken?==
-A: No, in general, the bias is not enough for key factorization. However, we did break the Infineon implementation in our recent paper [[https://​crocs.fi.muni.cz/​public/​papers/​rsa_ccs17 | The Return of Coppersmith'​s Attack (ROCA)]]+A: No, in general, the bias is not enough for key factorization. However, we did break the Infineon implementation in our recent paper [[https://​crocs.fi.muni.cz/​public/​papers/​rsa_ccs17 | The Return of Coppersmith'​s Attack (ROCA)]]
 + 
 +==Q: What parts of an RSA public key are biased?== 
 +A: We extract an 8-bit feature vector from a public modulus N: we use the remainder of division of the modulus N modulo 3, remainder modulo 4, and the 2nd to 7th most significant bits of the modulus. 
 + 
 +{{:​public:​papers:​acsac2017_explain_mask_openssl.png?​400|}} 
 + 
 +==Q: What was the motivation for the measurement?​== 
 +A: We developed a method for probabilistic classification of keys based on their source in our paper [[https://​crocs.fi.muni.cz/​public/​papers/​usenix2016 | The Million-Key Question]] at [[https://​www.usenix.org/​node/​197198 | USENIX Security 2016]]. However, we were missing an accurate estimation of library popularity and could not find any papers accomplishing that. We also needed to measure the impacts of [[https://​crocs.fi.muni.cz/​public/​papers/​rsa_ccs17 | ROCA vulnerability]] and this is a general method for such measurements.
  
 ==Q: What libraries did you analyze? Can you tell all libraries apart?== ==Q: What libraries did you analyze? Can you tell all libraries apart?==
Line 48: Line 59:
  
 {{:​public:​papers:​acsac2017_dendrogram.png?​600|}} {{:​public:​papers:​acsac2017_dendrogram.png?​600|}}
 +
 +==Q: Does popularity of libraries change in time?==
 +A: Yes, for one, the number of OpenSSL keys increases significantly.
 +{{:​public:​papers:​acsac2017_intime.png?​800|}}
  
 ==Q: I want to know the popularity of library X, why wasn't it included? == ==Q: I want to know the popularity of library X, why wasn't it included? ==
-A: To suggest other sources that we can add to our analysis, please get in touch with us. If you can also provide keys generated by hardware, open-source and proprietary libraries, we will add them to the [[https://​drive.google.com/​drive/​u/​3/​folders/​0B0PpUrsKytcyMllkUHJ0RkZkdzA | Collection of RSA keys from reference libraries]]+A: To suggest other sources that we can add to our analysis, please get in touch with us. If you can also provide keys generated by hardware, open-source and proprietary libraries, we will add them to the [[https://​drive.google.com/​drive/​u/​3/​folders/​0B0PpUrsKytcyMllkUHJ0RkZkdzA | Collection of RSA keys from reference libraries]]
 + 
 +==Q: Why can't you associate a key with its source with certainty?​== 
 +A: The features extracted from the keys are not unique. Different (groups of) libraries can produce keys with the same features. Only the distribution of the features differs, as illustrated here: 
 + 
 +{{:​public:​papers:​acsac2017_reference.png?​800|}}
  
 +==Q: What is the accuracy of the measurement?​==
 +A: We performed simulations to determine the accuracy. The expected error of the measurement was within 1 percentage point of the estimation (e.g., OpenSSL being estimated at 70% means that we expect it to be between 69% and 71%). The error might be larger in some cases, however the ground truth is not always known. Our estimation of ROCA vulnerable keys in a PGP dataset was at 0.10%, that is within 0.02 percentage points from the correct proportion found by a much more reliable method specific to the ROCA keys.