factoring rsa keys from certified smart cards coppersmith
play

Factoring RSA keys from certified smart cards: Coppersmith in the - PowerPoint PPT Presentation

Dec 28, 2022 •45 likes •545 views

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren 5 December 2013 Problems with non-randomness 2012

  1. Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren 5 December 2013

  2. Problems with non-randomness ◮ 2012 Heninger–Durumeric–Wustrow–Halderman (USENIX), ◮ 2012 Lenstra–Hughes–Augier–Bos–Kleinjung–Wachter (CRYPTO). ◮ Factored tens of thousands of public keys on the Internet . . . typically keys for your home router, not for your bank. ◮ Why? Many deployed devices shared RSA prime factors. ◮ Most common problem: horrifyingly bad interactions between OpenSSL key generation, /dev/urandom seeding, entropy sources. ◮ Typically keys for your home router, not for your bank because those keys are usually generated by special hardware. ◮ The Heninger team has lots of material online at http://factorable.net D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  3. Nice followup student projects in data mining 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  4. Nice followup student projects in data mining 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. MOICA: Certificate Authority of MOI (Ministry of the Interior). In Taiwan all citizens can get a smartcard with signing and encryption ability to ◮ make transactions with government agencies (property registries, national labor insurance, public safety, and immigration, file personal income taxes, update car registration, D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  5. Nice followup student projects in data mining 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. MOICA: Certificate Authority of MOI (Ministry of the Interior). In Taiwan all citizens can get a smartcard with signing and encryption ability to ◮ make transactions with government agencies (property registries, national labor insurance, public safety, and immigration, file personal income taxes, update car registration, file grant applications), D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  6. Nice followup student projects in data mining 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. MOICA: Certificate Authority of MOI (Ministry of the Interior). In Taiwan all citizens can get a smartcard with signing and encryption ability to ◮ make transactions with government agencies (property registries, national labor insurance, public safety, and immigration, file personal income taxes, update car registration, file grant applications), ◮ interact with companies (e.g. Chunghwa Telecom). ◮ interact with other citizens (encrypt & sign). D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  7. Taiwan Citizen Digital Certificate ◮ Smart cards are issued by the government. ◮ FIPS-140 and Common Criteria Level 4+ certified. ◮ RSA keys are generated on card. ◮ Certificates stored on national LDAP directory. This is publicly accessible to enable citizen-to-citizen and citizen-to-commerce interactions. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  8. Certificate of Chen-Mou Cheng Data: Version: 3 (0x2) Serial Number: d7:15:33:8e:79:a7:02:11:7d:4f:25:b5:47:e8:ad:38 Signature Algorithm: sha1WithRSAEncryption Issuer: C=TW, O=XXX Validity Not Before: Feb 24 03:20:49 2012 GMT Not After : Feb 24 03:20:49 2017 GMT Subject: C=TW, CN=YYY serialNumber=0000000112831644 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bf:e7:7c:28:1d:c8:78:a7:13:1f:cd:2b:f7:63: 2c:89:0a:74:ab:62:c9:1d:7c:62:eb:e8:fc:51:89: b3:45:0e:a4:fa:b6:06:de:b3:24:c0:da:43:44:16: e5:21:cd:20:f0:58:34:2a:12:f9:89:62:75:e0:55: 8c:6f:2b:0f:44:c2:06:6c:4c:93:cc:6f:98:e4:4e: 3a:79:d9:91:87:45:cd:85:8c:33:7f:51:83:39:a6: 9a:60:98:e5:4a:85:c1:d1:27:bb:1e:b2:b4:e3:86: a3:21:cc:4c:36:08:96:90:cb:f4:7e:01:12:16:25: 90:f2:4d:e4:11:7d:13:17:44:cb:3e:49:4a:f8:a9: a0:72:fc:4a:58:0b:66:a0:27:e0:84:eb:3e:f3:5d: 5f:b4:86:1e:d2:42:a3:0e:96:7c:75:43:6a:34:3d: 6b:96:4d:ca:f0:de:f2:bf:5c:ac:f6:41:f5:e5:bc: fc:95:ee:b1:f9:c1:a8:6c:82:3a:dd:60:ba:24:a1: eb:32:54:f7:20:51:e7:c0:95:c2:ed:56:c8:03:31: 96:c1:b6:6f:b7:4e:c4:18:8f:50:6a:86:1b:a5:99: d9:3f:ad:41:00:d4:2b:e4:e7:39:08:55:7a:ff:08: 30:9e:df:9d:65:e5:0d:13:5c:8d:a6:f8:82:0c:61: c8:6b Exponent: 65537 (0x10001) . . . D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  9. This project took a slightly different turn 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. April 2012: downloaded all certificates from LDAP server: ◮ 2,300,000 1024-bit RSA public keys ◮ 360,000 2048-bit RSA public keys D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  10. This project took a slightly different turn 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. April 2012: downloaded all certificates from LDAP server: ◮ 2,300,000 1024-bit RSA public keys ◮ 360,000 2048-bit RSA public keys HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 RSA-1024 Taiwan Citizen Digital Certificates D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  11. This project took a slightly different turn 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. April 2012: downloaded all certificates from LDAP server: ◮ 2,300,000 1024-bit RSA public keys ◮ 360,000 2048-bit RSA public keys HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 RSA-1024 Taiwan Citizen Digital Certificates Wrote report that some keys are factored, informed MOI. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  12. This project took a slightly different turn 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. April 2012: downloaded all certificates from LDAP server: ◮ 2,300,000 1024-bit RSA public keys ◮ 360,000 2048-bit RSA public keys HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 RSA-1024 Taiwan Citizen Digital Certificates Wrote report that some keys are factored, informed MOI. End of story. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  13. This project took a slightly different turn 1. Download all certificates of type X ; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. April 2012: downloaded all certificates from LDAP server: ◮ 2,300,000 1024-bit RSA public keys ◮ 360,000 2048-bit RSA public keys HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 RSA-1024 Taiwan Citizen Digital Certificates Wrote report that some keys are factored, informed MOI. End of story? D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

  14. January 2013: Closer look at the 119 primes p82 p108 p29 p73 p85 p32 p3 p42 p101 p27 p116 p49 p71 p70 p11 p115 p84 p23 p90 p40 p14 p80 p104 p111 p95 p6 p86 p4 p68 p48 p83 p60 p21 p79 p26 p87 p96 p51 p1 p99 p67 p47 p56 p7 p93 p59 p20 p54 p34 p24 p37 p107 p110 p36 p55 p91 p117 p77 p50 p89 p13 p8 p62 p92 p10 p75 p19 p35 p109 p30 p22 p102 p88 p0 p18 p17 p16 p65 p5 p43 p97 p74 p76 p100 p72 p9 p118 p25 p63 p98 p12 p46 p66 p78 p61 p52 p15 p31 p44 p113 p38 p112 p2 p58 p114 p94 p57 p106 p81 p45 p69 p64 p33 p103 p105 p41 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild p39 p53 p28

  15. Look at the primes! Prime factor p110 appears 46 times c0000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000000 000000000000000000000000000002f9 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: Coppersmith in the wild

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein,

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein,

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren September 16, 2013 Problems with non-randomness 2012

810 views • 32 slides
SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE

SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE

SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE KEYS, CERTIFICATES: WHAT ARE THEY USED FOR? PRIVATE KEYS, CERTIFICATES: WHAT ARE THEY USED FOR? Email signatures & encryption SSH authentication

708 views • 34 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart Cards to NFC Smart Phone Attacks/countermeasures Security Near Field Communication (NFC) Keith Mayes NFC Security Elements

550 views • 8 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to

The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to

The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to the Smart Grid Ken Van Meter Principal, Energy and Cyber Services Lockheed Martin The Smart Grid is, and must be, a national priority Security

333 views • 9 slides
Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya HAMADOUCHE , Jean-Louis LANET , Mohamed MEZGHICHE 1 LIMOSE Laboratory, University

898 views • 36 slides
Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus Labs Gemplus Labs Pierre.Paradinas Paradinas@ @gemplus gemplus.com .com Pierre. Agenda Agenda Smart Card Technologies Smart Card

358 views • 31 slides
Factors 2 12 Factors Factors 3 13 and Unique Unique 14 4 to 10 to 15 Greatest Common

Factors 2 12 Factors Factors 3 13 and Unique Unique 14 4 to 10 to 15 Greatest Common

Slide 1 / 128 Slide 2 / 128 Table of Contents Factors and GCF Factoring out GCF's Polynomials Factoring Trinomials x 2 + bx + c Factoring Using Special Patterns Factoring Trinomials ax 2 + bx + c Factoring 4 Term Polynomials

472 views • 22 slides
Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming

Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming

Gaming & Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming Industry Challenges Customer Experience Customer Experience Security and Privacy Security and Privacy Integration

544 views • 27 slides
National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO) www.sabteahval.ir/houshmand/ National Organization for Civil Tell: 60902701-2 Fax: 66736526 Registration(NOCR) Agenda 1. Traditional ID

370 views • 23 slides
The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of OpenCard Pascal Paillier CryptoExperts Real World Crypto 2015 Jan 2015 Real World Crypto 2015 Jan 2015 What are Smart Cards? Real World

968 views • 51 slides
Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Carrying certificates around How do you use your [digital] identity? Install your certificate in browser Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski

215 views • 5 slides
Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable communication hardware standard card

468 views • 20 slides
www.worldofinsights.co How to use the cards REFLECT CARDS Use as an ice-breaker to create

www.worldofinsights.co How to use the cards REFLECT CARDS Use as an ice-breaker to create

www.worldofinsights.co How to use the cards REFLECT CARDS Use as an ice-breaker to create dialogue on learning. RETHINK CARDS Use as a brainstorming tool to spark new ideas. ACT CARDS Use to transform insights into action. Licence to Dare

434 views • 24 slides
Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela E.Fourneret J.Jurjens P. Yousefi ARES 2011 OUTLINE Introduction Background UMLsec Model-based Testing Security in smart-card

356 views • 17 slides
Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

917 views • 55 slides
The BEACON use case under the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands Workshop 7. June

The BEACON use case under the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands Workshop 7. June

The BEACON use case under the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands Workshop 7. June 2018 The BEACON tool Processing genetic data to make it Findable Processing genetic data to make it Findable What does the GDPR

891 views • 15 slides
The IDEM Project Energy Management vs. Data Privacy Cornelia Kappler (deZem) Holger Kinkelin,

The IDEM Project Energy Management vs. Data Privacy Cornelia Kappler (deZem) Holger Kinkelin,

I n d ividualisierbares E nergiecontrollingsystem I D E M mit M andantenfhigkeit The IDEM Project Energy Management vs. Data Privacy Cornelia Kappler (deZem) Holger Kinkelin, Marcel von Maltitz (TUM) 21.05.2014 M Agenda I D E Motivation

1.01k views • 37 slides
Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
Synthesis of distributed mobile programs using monadic types in Coq Marino Miculan Marco

Synthesis of distributed mobile programs using monadic types in Coq Marino Miculan Marco

Synthesis of distributed mobile programs using monadic types in Coq Marino Miculan Marco Paviotti Dept. of Mathematics and Computer Science University of Udine ITP 2012 August 13th, 2012 1 / 22 The problem The extraction of certified

934 views • 51 slides
Developments in Adversarial Machine Learning Florian Tramr September 19 th 2019 Based on joint

Developments in Adversarial Machine Learning Florian Tramr September 19 th 2019 Based on joint

Developments in Adversarial Machine Learning Florian Tramr September 19 th 2019 Based on joint work with Jens Behrmannn, Dan Boneh, Nicholas Carlini, Edward Chou, Pascal Dupr, Jrn-Henrik Jacobsen, Nicolas Papernot, Giancarlo Pellegrino,

610 views • 21 slides
Aims of the course The aim of this course to show that logic is a natural bridge between

Aims of the course The aim of this course to show that logic is a natural bridge between

Program Extraction From Proofs 1 Ulrich Berger Swansea University Autumn School Proof and Computation Fischbachau, September 16-22, 2018 1 available at www.cs.swan.ac.uk/ csulrich/slides.html 1 / 68 Aims of the course The aim of this

1.64k views • 150 slides
probability in the mind Kim Scott 1 Probcomp tutorial 11/1/2012 Marrs levels of analysis for

probability in the mind Kim Scott 1 Probcomp tutorial 11/1/2012 Marrs levels of analysis for

(How) does the brain do Bayesian inference? Sampling, search, and conditional probability in the mind Kim Scott 1 Probcomp tutorial 11/1/2012 Marrs levels of analysis for Bayesian inference Computation Implementation Algorithm a

656 views • 27 slides

More recommend