Biased RSA private keys: Origin attribution of GCD-factorable keys

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F20%3A00115914" target="_blank" >RIV/00216224:14330/20:00115914 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007%2F978-3-030-59013-0_25" target="_blank" >https://link.springer.com/chapter/10.1007%2F978-3-030-59013-0_25</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-030-59013-0_25" target="_blank" >10.1007/978-3-030-59013-0_25</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Biased RSA private keys: Origin attribution of GCD-factorable keys

Popis výsledku v původním jazyce

In 2016, Švenda et al. (USENIX 2016, The Million-key Question) reported that the implementation choices in cryptographic libraries allow for qualified guessing about the origin of public RSA keys. We extend the technique to two new scenarios when not only public but also private keys are available for the origin attribution -- analysis of a source of GCD-factorable keys in IPv4-wide TLS scans and forensic investigation of an unknown source. We learn several representatives of the bias from the private keys to train a model on more than 150 million keys collected from 70 cryptographic libraries, hardware security modules and cryptographic smartcards. Our model not only doubles the number of distinguishable groups of libraries (compared to public keys from Švenda et al.) but also improves more than twice in accuracy w.r.t. random guessing when a single key is classified. For a forensic scenario where at least 10 keys from the same source are available, the correct origin library is correctly identified with average accuracy of 89% compared to 4% accuracy of a random guess. The technique was also used to identify libraries producing GCD-factorable TLS keys, showing that only three groups are the probable suspects.

Název v anglickém jazyce

Biased RSA private keys: Origin attribution of GCD-factorable keys

Popis výsledku anglicky

In 2016, Švenda et al. (USENIX 2016, The Million-key Question) reported that the implementation choices in cryptographic libraries allow for qualified guessing about the origin of public RSA keys. We extend the technique to two new scenarios when not only public but also private keys are available for the origin attribution -- analysis of a source of GCD-factorable keys in IPv4-wide TLS scans and forensic investigation of an unknown source. We learn several representatives of the bias from the private keys to train a model on more than 150 million keys collected from 70 cryptographic libraries, hardware security modules and cryptographic smartcards. Our model not only doubles the number of distinguishable groups of libraries (compared to public keys from Švenda et al.) but also improves more than twice in accuracy w.r.t. random guessing when a single key is classified. For a forensic scenario where at least 10 keys from the same source are available, the correct origin library is correctly identified with average accuracy of 89% compared to 4% accuracy of a random guess. The technique was also used to identify libraries producing GCD-factorable TLS keys, showing that only three groups are the probable suspects.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Computer Security – ESORICS 2020

ISBN

9783030590123

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

20

Strana od-do

505-524

Název nakladatele

Springer

Místo vydání

Cham, Switzerland

Místo konání akce

Cham, Switzerland

Datum konání akce

1. 1. 2020

Typ akce podle státní příslušnosti

CST - Celostátní akce

Kód UT WoS článku

—