Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans

Result code in IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F17%3A00095055" target="_blank" >RIV/00216224:14330/17:00095055 - isvavai.cz</a>

Result on the web

<a href="https://dl.acm.org/citation.cfm?id=3134612" target="_blank" >https://dl.acm.org/citation.cfm?id=3134612</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3134600.3134612" target="_blank" >10.1145/3134600.3134612</a>

Result language

angličtina

Original language name

Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans

Original language description

We measure the popularity of cryptographic libraries in large datasets of RSA public keys. We do so by improving a recently proposed method based on biases introduced by alternative implementations of prime selection in different cryptographic libraries. We extend the previous work by applying statistical inference to approximate a share of libraries matching an observed distribution of RSA keys in an inspected dataset (e.g., Internet-wide scan of TLS handshakes). The sensitivity of our method is sufficient to detect transient events such as a periodic insertion of keys from a specific library into Certificate Transparency logs and inconsistencies in archived datasets. We apply the method on keys from multiple Internet-wide scans collected in years 2010 through 2017, on Certificate Transparency logs and on separate datasets for PGP keys and SSH keys. The results quantify a strong dominance of OpenSSL with more than 84% TLS keys for Alexa 1M domains, steadily increasing since the first measurement. OpenSSL is even more popular for GitHub client-side SSH keys, with a share larger than 96%. Surprisingly, new certificates inserted in Certificate Transparency logs on certain days contain more than 20% keys most likely originating from Java libraries, while TLS scans contain less than 5% of such keys. Since the ground truth is not known, we compared our measurements with other estimates and simulated different scenarios to evaluate the accuracy of our method. To our best knowledge, this is the first accurate measurement of the popularity of cryptographic libraries not based on proxy information like web server fingerprinting, but directly on the number of observed unique keys.

Czech name

—

Czech description

—

Type

D - Article in proceedings

CEP classification

—

OECD FORD branch

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Project

<a href="/en/project/GA16-08565S" target="_blank" >GA16-08565S: Advancing cryptanalytic methods through evolutionary computing</a><br>

Continuities

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Publication year

2017

Confidentiality

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Article name in the collection

Proceedings of the 33rd Annual Computer Security Applications Conference

ISBN

9781450353458

ISSN

—

e-ISSN

—

Number of pages

14

Pages from-to

162-175

Publisher name

ACM

Place of publication

New York, NY, USA

Event location

Orlando, FL, USA

Event date

Dec 4, 2017

Type of event by nationality

WRD - Celosvětová akce

UT code for WoS article

—