Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
public:papers:rsabias [2018-05-17 08:40] – created xsvendapublic:papers:rsabias [2018-09-07 11:56] (current) – [Datasets] xnemec1
Line 1: Line 1:
-====== RSA bias ======+====== Bias in RSA keypair detection, vulnerabilities, classification ======
  
-  Basic info +===== Datasets ===== 
-  * Links to datasets +**Private and public RSA keys generated on smartcard or by software library*
-  * Links to tooling +  * Dataset: [[https://drive.google.com/folderview?id=0B0PpUrsKytcyUUV5d3kwX0VRNFk&usp=sharing | RSA keys from software libraries]] 
-  * Links to related papers (usenixacsac, roca)+    * Separate zip files for every library and length of RSA keys. Naming format: //library_version_keylength.zip//  
 +  * Dataset: [[https://drive.google.com/open?id=0B_DMu_2XOQ9XQWYyQmxXbDZuems | RSA keys from cryptographic smartcards]] 
 +    * Separate zip files for every library and length of RSA keys. Format: //smartcard-numberOfKeys-keyLength.zip// 
 +  * Updated datasets
 +    * https://drive.google.com/drive/u/3/folders/0B0PpUrsKytcyMllkUHJ0RkZkdzA 
 + 
 +**Random data generated by smartcards** 
 + 
 +  * Dataset: [[https://drive.google.com/open?id=0B4LeBLNCWpOWN0MzM2tjcjhVNEk | Random data from cryptographic smartcards, up to 100MB]]  
 +    * Separate binary files for every smartcard obtained using RandomData.generate() on-card method. If more files for the same card were generated, appendix _0/1/2 is used. Format: //smartcard_type.bin// 
 +  * Dataset: [[https://drive.google.com/open?id=0B4LeBLNCWpOWYzNVcTJpdE1acFU | Random data from cryptographic smartcards, up to 1GB]]  
 +    * Separate binary files for every smartcard obtained using RandomData.generate() on-card method. If more files for the same card were generatedappendix _0/1/2 is used. Format: //smartcard_type.bin// 
 + 
 +===== Tooling ===== 
 +  * Tools for classification of single keys: https://github.com/crocs-muni/classifyRSAkey 
 +  * Tools for classification of large-scale datasets (e.g.IPv4 TLS scan, Certificate Transparency log...): https://github.com/crocs-muni/acsac2017-data-tools 
 +  * Detection tool for ROCA vulnerable keys: https://github.com/crocs-muni/roca 
 + 
 + 
 +===== Related research papers ===== 
 +  * The Million-Key Question – Investigating the Origins of RSA Public Keys (detection of bias in RSA keys, attribution of public key to generating library[USENIX Security 2016] https://crocs.fi.muni.cz/public/papers/usenix2016 
 +  * The Million-Key Question - extended technical report [2016] https://crocs.fi.muni.cz/_media/public/papers/usenixsec16_1mrsakeys_trfimu_201603.pdf 
 +  * ROCA: Vulnerable RSA generation (CVE-2017-15361) [CCS 2017]: https://crocs.fi.muni.cz/public/papers/rsa_ccs17 
 +  * Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans [ACSAC 2017]: https://crocs.fi.muni.cz/papers/acsac2017