The Million-Key Question – Investigating the Origins of RSA Public Keys

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F16%3A00088076" target="_blank" >RIV/00216224:14330/16:00088076 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/svenda" target="_blank" >https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/svenda</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

The Million-Key Question – Investigating the Origins of RSA Public Keys

Popis výsledku v původním jazyce

Can bits of an RSA public key leak information about design and implementation choices such as the prime generation algorithm? We analysed over 60 million freshly generated key pairs from 22 open- and closedsource libraries and from 16 different smartcards, revealing significant leakage. The bias introduced by different choices is sufficiently large to classify a probable library or smartcard with high accuracy based only on the values of public keys. Such a classification can be used to decrease the anonymity set of users of anonymous mailers or operators of linked Tor hidden services, to quickly detect keys from the same vulnerable library or to verify a claim of use of secure hardware by a remote party. The classification of the key origins of more than 10 million RSA-based IPv4 TLS keys and 1.4 million PGP keys also provides an independent estimation of the libraries that are most commonly used to generate the keys found on the Internet.

Název v anglickém jazyce

The Million-Key Question – Investigating the Origins of RSA Public Keys

Popis výsledku anglicky

Can bits of an RSA public key leak information about design and implementation choices such as the prime generation algorithm? We analysed over 60 million freshly generated key pairs from 22 open- and closedsource libraries and from 16 different smartcards, revealing significant leakage. The bias introduced by different choices is sufficiently large to classify a probable library or smartcard with high accuracy based only on the values of public keys. Such a classification can be used to decrease the anonymity set of users of anonymous mailers or operators of linked Tor hidden services, to quickly detect keys from the same vulnerable library or to verify a claim of use of secure hardware by a remote party. The classification of the key origins of more than 10 million RSA-based IPv4 TLS keys and 1.4 million PGP keys also provides an independent estimation of the libraries that are most commonly used to generate the keys found on the Internet.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/GA16-08565S" target="_blank" >GA16-08565S: Rozvoj kryptoanalytických metod prostřednictvím evolučních výpočtů</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2016

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of 25th USENIX Security Symposium

ISBN

9781931971324

ISSN

—

e-ISSN

—

Počet stran výsledku

18

Strana od-do

893-910

Název nakladatele

USENIX Association

Místo vydání

Austin, Texas

Místo konání akce

Austin, Texas

Datum konání akce

1. 1. 2016

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—