[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Origin Attribution of RSA Public Keys

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2021)

Abstract

In spite of strong mathematical foundations of cryptographic algorithms, the practical implementations of cryptographic protocols continue to fail. Insufficient entropy, faulty library implementation, API misuse do not only jeopardize the security of cryptographic keys, but also lead to distinct patterns that can result in keys’ origin attribution. In this work, we examined attribution of cryptographic keys based on their moduli. We analyzed over 6.5 million keys generated by 43 cryptographic libraries versions on 20 Linux OS versions released over the past 8 years. We showed that with only a few moduli characteristics, we can accurately (with 75% accuracy) attribute an individual key to the originating library. Depending on the library, our approach is sensitive enough to pinpoint the corresponding major, minor, and build release of several libraries that generated an individual key with an accuracy of 81%–98%. We further explore attribution of SSH keys collected from publicly facing IPv4 addresses showing that our approach is able to differentiate individual libraries of RSA keys with 95% accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 79.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 99.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    For example, setting last bit to 1 ensures that the number is odd.

  2. 2.

    We refer to library version using a conventional notation of software versioning where each version is represented by major.minor[.build[.patch]].

  3. 3.

    GnuTLS: https://gitlab.com/gnutls/gnutls/blob/master/news.

    OpenSSH: https://www.openssh.com/releasenotes.html.

    GPG: https://gnupg.org/download/release_notes.html.

    OpenSSL: https://www.openssl.org/news/changelog.html.

References

  1. Acar, Y., et al.: Comparing the usability of cryptographic apis. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 154–171 (2017)

    Google Scholar 

  2. Acer, M.E., et al.: Where the wild warnings are: Root causes of chrome https certificate errors. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1407–1420. ACM, New York (2017)

    Google Scholar 

  3. Aly, M.: Survey on multiclass classification methods. Neural Netw. 19, 1–9 (2005)

    Google Scholar 

  4. Barker, E., Chen, L., Roginsky, A., Vassilev, A., Davis, R., Simon, S.: Recommendation for pair-wise key establishment using integer factorization cryptography. Tech. rep., National Institute of Standards and Technology, Gaithersburg (2019). DOI: https://doi.org/10.6028/NIST.SP.800-56Br2,https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf

  5. Bassham, L.E., et al.: Sp 800–22 rev. 1a. a statistical test suite for random and pseudorandom number generators for cryptographic applications. Tech. rep., Gaithersburg (2010)

    Google Scholar 

  6. Bayes, T.: LII. an essay towards solving a problem in the doctrine of chances. by the late rev. Mr. Bayes, FRS communicated by Mr. price, in a letter to john canton, AMFR S. Philos. Trans. R. Soc. Lond. 53, 370–418 (1763)

    Google Scholar 

  7. Breiman, L., Friedman, J.H., Stone, C.J., Olshen, R.A.: Classification and Regression Trees. Wadsworth International Group, Franklin (1984)

    MATH  Google Scholar 

  8. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 95–110. USENIX Association, Berkeley (2014)

    Google Scholar 

  9. Cox, D.R., Snell, E.J.: Analysis of Binary Data, vol. 32. CRC Press, Boca Raton (1989)

    MATH  Google Scholar 

  10. Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the https certificate ecosystem. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 291–304. ACM, New York (2013)

    Google Scholar 

  11. Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 475–488. ACM, New York (2014)

    Google Scholar 

  12. Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 2013, pp. 73–84. Association for Computing Machinery, New York (2013)

    Google Scholar 

  13. Everspaugh, A., Zhai, Y., Jellinek, R., Ristenpart, T., Swift, M.: Not-so-random numbers in virtualized linux and the whirlwind rng. In: 2014 IEEE Symposium on Security and Privacy, pp. 559–574, May 2014

    Google Scholar 

  14. Faugère, J.-C., Marinier, R., Renault, G.: Implicit factoring with shared most significant and middle bits. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 70–87. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_5

    Chapter  Google Scholar 

  15. Fernando, D.W., Komninos, N., Chen, T.: A study on the evolution of ransomware detection using machine learning and deep learning techniques. IoT 1(2), 551–604 (2020)

    Article  Google Scholar 

  16. Gasser, O., Holz, R., Carle, G.: A deeper understanding of SSH: Results from internet-wide scans. In: 2014 IEEE Network Operations and Management Symposium (NOMS), pp. 1–9, May 2014

    Google Scholar 

  17. Hastings, M., Fried, J., Heninger, N.: Weak keys remain widespread in network devices. In: Proceedings of the 2016 Internet Measurement Conference, IMC 2016, pp. 49–63. ACM, New York (2016)

    Google Scholar 

  18. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your PS and QS: detection of widespread weak keys in network devices. In: Proceedings of 21st USENIX Security Symposium (USENIX Security 12), pp. 205–220. USENIX, Bellevue (2012)

    Google Scholar 

  19. Ho, T.K.: Random decision forests. In: Proceedings of 3rd International Conference on Document Analysis and Recognition, vol. 1, pp. 278–282. IEEE (1995)

    Google Scholar 

  20. Hurley-Smith, D., Hernandez-Castro, J.: Great expectations: a critique of current approaches to random number generation testing & certification. In: Cremers, C., Lehmann, A. (eds.) Sec. Standardisation Res., pp. 143–163. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  21. IETF: Brotli compressed data format. https://tools.ietf.org/html/rfc7932

  22. Lachenbruch, P.A., Goldstein, M.: Discriminant analysis. Biometrics 69–85 (1979)

    Google Scholar 

  23. Lazar, D., Chen, H., Wang, X., Zeldovich, N.: Why does cryptographic software fail? a case study and open problems. In: Proceedings of 5th Asia-Pacific Workshop on Systems, APSys 2014. Association for Computing Machinery, New York (2014)

    Google Scholar 

  24. Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, whit is right. IACR Cryptol. ePrint Arch. 2012, 64 (2012)

    Google Scholar 

  25. Leurent, G., Peyrin, T.: Sha-1 is a shambles: First chosen-prefix collision on sha-1 and application to the PGP web of trust. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1839–1856. USENIX Association, August 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/leurent

  26. Li, J., Lin, Z., Caballero, J., Zhang, Y., Gu, D.: K-hunt: pinpointing insecure cryptographic keys from execution traces. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 412–425. ACM, New York (2018)

    Google Scholar 

  27. Li, Y., Zhang, Y., Li, J., Gu, D.: iCryptoTracer: dynamic analysis on misuse of cryptography functions in iOS applications. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 349–362. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11698-3_27

    Chapter  Google Scholar 

  28. McCulloch, W.S., Pitts, W.: A logical calculus of the ideas immanent in nervous activity. Bull. Math. Biophys. 5(4), 115–133 (1943)

    Article  MathSciNet  Google Scholar 

  29. Muslukhov, I., Boshmaf, Y., Beznosov, K.: Source attribution of cryptographic api misuse in android applications. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 133–146. Association for Computing Machinery, New York (2018)

    Google Scholar 

  30. Nadi, S., Krüger, S., Mezini, M., Bodden, E.: Jumping through hoops: why do java developers struggle with cryptography apis? In: Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, pp. 935–946. Association for Computing Machinery, New York (2016)

    Google Scholar 

  31. Nemec, M., Klinec, D., Svenda, P., Sekan, P., Matyas, V.: Measuring popularity of cryptographic libraries in internet-wide scans. In: Proceedings of the 33rd Annual Computer Security Applications Conference, ACSAC 2017, pp. 162–175. ACM, New York (2017)

    Google Scholar 

  32. OpenSSL: Bn_generate_prime (2021). https://www.openssl.org/docs/man1.1.1/man3/BN_generate_prime.html

  33. Piccolboni, L., Di Guglielmo, G., Carloni, L.P., Sethumadhavan, S.: Crylogger: Detecting crypto misuses dynamically. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE (2021)

    Google Scholar 

  34. Python: The Lempel–Ziv–Markov chain (LZMA) compression algorithm. https://docs.python.org/3/library/lzma.html

  35. Rahaman, S., et al.: Cryptoguard: high precision detection of cryptographic vulnerabilities in massive-sized java projects. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2455–2472. Association for Computing Machinery, New York (2019)

    Google Scholar 

  36. Seznec, A., Sendrier, N.: Havege: a user-level software heuristic for generating empirically strong random numbers. ACM Trans. Model. Comput. Simul. 13(4), 334–346 (2003)

    Article  Google Scholar 

  37. Svenda, P., et al.: The million-key question—investigating the origins of RSA public keys. In: Proceedings of 25th USENIX Security Symposium (USENIX Security 16), pp. 893–910. USENIX Association, Austin, August 2016

    Google Scholar 

  38. ubld.it: TrueRNG. https://hackaday.io/project/630-truerng

  39. Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 debian openssl vulnerability. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC 2009, pp. 15–27. Association for Computing Machinery, New York (2009)

    Google Scholar 

  40. Yutaka, N.: NeuG: a true random number generator implementation. Tech. rep. (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Saskatchewan, SK, Canada

    Enrico Branca, Farzaneh Abazari, Ronald Rivera Carranza & Natalia Stakhanova

Authors
  1. Enrico Branca
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Farzaneh Abazari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ronald Rivera Carranza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Natalia Stakhanova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Natalia Stakhanova .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. University of Kent Canterbury, Canterbury, Kent, UK

    Shujun Li

  3. University of Washington, Seattle, WA, USA

    Radha Poovendran

  4. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Hervé Debar

  5. Google Inc., New York, NY, USA

    Moti Yung

9 Appendix

9 Appendix

See Table 10.

Table 10. The top 14 features extracted for attribution of generated and collected keys
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Branca, E., Abazari, F., Carranza, R.R., Stakhanova, N. (2021). Origin Attribution of RSA Public Keys. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90019-9_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90018-2

  • Online ISBN: 978-3-030-90019-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation