Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:papers:rsa_ccs17 [2017-10-30 14:40] – [Paper details] xsvenda | public:papers:rsa_ccs17 [2018-01-01 20:50] – [Paper details] xnemec1 | ||
---|---|---|---|
Line 4: | Line 4: | ||
A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided [[https:// | A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided [[https:// | ||
+ | |||
+ | Download full paper: {{ : | ||
**</ | **</ | ||
Line 57: | Line 59: | ||
===== Updates ===== | ===== Updates ===== | ||
- | * 2nd of November | + | * 2nd of November - Presentation of ROCA at the ACM CCS conference, received Real-World Impact Award |
- | * 16th of October 2017 - The initial version of the public disclosure published | + | * 30th October 2017 - Full paper made public: [[https:// |
+ | * 16th of October 2017 - The initial version of the public disclosure published, detector of vulnerable keys [[https:// | ||
* May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability | * May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability | ||
* 1st of February - The vulnerability disclosed to Infineon Technologies AG | * 1st of February - The vulnerability disclosed to Infineon Technologies AG | ||
Line 97: | Line 100: | ||
* Google, The Chromium project Trusted Platform Module firmware vulnerability: | * Google, The Chromium project Trusted Platform Module firmware vulnerability: | ||
* CVE-2017-15361: | * CVE-2017-15361: | ||
+ | * National Cyber Security Centre, UK: https:// | ||
+ | * D.J.Bernstein and T. Lange, Reconstructing ROCA: https:// | ||
===== Media ===== | ===== Media ===== | ||
Line 109: | Line 114: | ||
* The Register: https:// | * The Register: https:// | ||
* ArsTechnica: | * ArsTechnica: | ||
+ | * RSA Security: https:// | ||
+ | * ArsTechnica: | ||
+ | * SC Media: https:// | ||
+ | * Cybernetica: | ||
Line 117: | Line 126: | ||
* Conference page: [[https:// | * Conference page: [[https:// | ||
- | * Download author | + | * Author |
+ | * Conference slides: {{ {{ : | ||
- | **Bibtex (regular paper):** | + | **Bibtex (regular paper)** |
@inproceedings{2017-ccs-nemec, | @inproceedings{2017-ccs-nemec, | ||
Author | Author | ||
- | Title = {The Return of Coppersmith' | + | Title |
BookTitle | BookTitle | ||
Year = {2017}, | Year = {2017}, |