| Next revision | Previous revision |
| public:papers:memics2016 [2016-09-02 15:01] – created mukrop | public:papers:memics2016 [2023-08-12 21:05] (current) – xukrop |
|---|
| ====== The Million-Key Question – Investigating the Origins of RSA Public Keys [Usenix Sec 2016] ====== | ====== Avalanche effect in improperly initialized CAESAR candidates [MEMICS 2016] ====== |
| ~~NOTOC~~ | ~~NOTOC~~ |
| **Authors: Petr Svenda, Matus Nemec, Peter Sekan, Rudolf Kvasnovsky, David Formanek, David Komarek and Vashek Matyas** | **Authors: Martin Ukrop and Petr Švenda** |
| |
| **Primary contact:** Petr Svenda <svenda@fi.muni.cz> | **Primary contact:** Martin Ukrop <mukrop@mail.muni.cz> |
| |
| **Abstract:** //Can bits of an RSA public key leak information about design and implementation choices such as the prime generation algorithm? We analysed over 60 million freshly generated key pairs from 22 open- and closed-source libraries and from 16 different smartcards, revealing significant leakage. The bias introduced by different choices is sufficiently large to classify a probable library or smartcard with high accuracy based only on the values of public keys. Such a classification can be used to decrease the anonymity set of users of anonymous mailers or operators of linked Tor hidden services, to quickly detect keys from the same vulnerable library or to verify a claim of use of secure hardware by a remote party. The classification of the key origins of more than 10 million RSA-based IPv4 TLS keys and 1.4 million PGP keys also provides an independent estimation of the libraries that are most commonly used to generate the keys found on the Internet. | **Abstract:** //Cryptoprimitives rely on thorough theoretical background, but often lack basic usability features making them prone to unintentional misuse by developers. We argue that this is true even for the state-of-the-art designs. Analyzing 52 candidates of the current CAESAR competition has shown none of them have avalanche effect in authentication tag strong enough to work properly when partially misconfigured. Although not directly decreasing their security profile, this hints at their security usability being less than perfect.// |
| |
| Our broad inspection provides a sanity check and deep insight regarding which of the recommendations for RSA key pair generation are followed in practice, including closed-source libraries and smartcards.// | * Conference page: [[http://www.memics.cz/2016/|MEMICS 2016]] |
| | * Author pre-print of the paper: {{:public:research:eacirc:papers:2016_memics2.pdf|pre-print pdf}} |
| | * Conference presentation: {{:public:papers:2016_memics_slides.pdf|presentation slides}} |
| | * Raw experiment data: [[https://zenodo.org/record/8241962|data on Zenodo]] |
| |
| * Conference page: [[https://www.usenix.org/conference/usenixsecurity16/|Usenix Security 2016]] | |
| * Download author pre-print of the paper: {{:public:papers:UsenixSec16_1MRSAKeys.pdf|pdf}} | |
| * Download extended version of paper: {{:public:papers:UsenixSec16_1MRSAKeys_TRFIMU_201603.pdf|FIMU-RS-2016-03}} (technical report, FI MUNI) | |
| * Download presentation: {{:public:papers:1mrsa_usenix2016_20160812_final.pdf|pdf}} | |
| * See 1 minute [[https://www.youtube.com/watch?v=Qa2M5JWStRw | lighting talk]] | |
| * Download [[:public:papers:usenix2016#datasets_and_tools |datasets, tools and used scripts]] | |
| * Try online key classification tool: http://crcs.cz/rsapp/ | |
| |
| **Bibtex (regular paper):** | **Bibtex (regular paper)** |
| @inproceedings{1mrsa_usenix2016, | @InProceedings{2016-memics-ukrop, |
| author = {Petr Svenda \and Matus Nemec \and Peter Sekan \and Rudolf Kvasnovsky \and David Formanek \and David Komarek \and Vashek Matyas}, | author = {Martin Ukrop and Petr Svenda}, |
| title = {The Million-Key Question – Investigating the Origins of RSA Public Keys}, | |
| booktitle = {The 25th USENIX Security Symposium (UsenixSec'2016)}, | |
| year = {2016}, | year = {2016}, |
| pages = {893--910}, | title = {Avalanche Effect in Improperly Initialized CAESAR Candidates}, |
| isbn = {978-1-931971-32-4}, | editor = {Bouda, Jan and Holík, Lukáš and Kofroň, Jan and Strejček, Jan and Rambousek, Adam}, |
| publisher = {USENIX} | booktitle = {Proceedings 11th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science, Telč, Czech Republic, 21st-23rd October 2016}, |
| } | eventtitle = {MEMICS}, |
| | eventdate = {October 23--25, 2016}, |
| | series = {Electronic Proceedings in Theoretical Computer Science}, |
| | publisher = {Open Publishing Association}, |
| | volume = {233}, |
| | pages = {72-81}, |
| | doi = {10.4204/EPTCS.233.7} |
| | } |