factoring rsa keys from certified smart cards coppersmith
play

Factoring RSA keys from certified smart cards: Coppersmith in the - PowerPoint PPT Presentation

Apr 01, 2024 •478 likes •810 views

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren September 16, 2013 Problems with non-randomness 2012

  1. Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren September 16, 2013

  2. Problems with non-randomness ◮ 2012 Heninger–Durumeric–Wustrow–Halderman, ◮ 2012 Lenstra–Hughes–Augier–Bos–Kleinjung–Wachter. ◮ Factored tens of thousands of public keys on the Internet . . . typically keys for your home router, not for your bank. ◮ Why? Many deployed devices shared prime factors. ◮ Most common problem: horrifyingly bad interactions between OpenSSL key generation, /dev/urandom seeding, entropy sources. ◮ The Heninger team has lots of material online at http://factorable.net D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  3. Nice followup student projects in data mining 1. Download all certificates of type X; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  4. Nice followup student projects in data mining 1. Download all certificates of type X; extract RSA keys. 2. Check for common factors. 3. Write report that you’ve done the work and there are none. This started as such a student project on a very nice system: MOICA: Certificate Authoritiy of MOI (Ministry of the Interior). In Taiwan all citizens can get a smartcard with signing and encryption ability to ◮ file personal income taxes, ◮ update car registration, ◮ make transactions with government agencies (property registries, national labor insurance, public safety, and immigration), ◮ file grant applications, ◮ interact with companies (e.g. Chunghwa Telecom). D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  5. Taiwan Citizen Digital Certificate ◮ Smart cards are issued by the government. ◮ FIPS-140 and Common Criteria Level 4+ certified. ◮ RSA keys are generated on card. ◮ About 3,002,000 certificates (all using RSA keys) stored on national LDAP directory. This is publicly accessible to enable citizen-to-citizen and citizen-to-commerce interactions. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  6. Certificate of Chen-Mou Cheng Data: Version: 3 (0x2) Serial Number: d7:15:33:8e:79:a7:02:11:7d:4f:25:b5:47:e8:ad:38 Signature Algorithm: sha1WithRSAEncryption Issuer: C=TW, O=XXX Validity Not Before: Feb 24 03:20:49 2012 GMT Not After : Feb 24 03:20:49 2017 GMT Subject: C=TW, CN=YYY serialNumber=0000000112831644 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bf:e7:7c:28:1d:c8:78:a7:13:1f:cd:2b:f7:63: 2c:89:0a:74:ab:62:c9:1d:7c:62:eb:e8:fc:51:89: b3:45:0e:a4:fa:b6:06:de:b3:24:c0:da:43:44:16: e5:21:cd:20:f0:58:34:2a:12:f9:89:62:75:e0:55: 8c:6f:2b:0f:44:c2:06:6c:4c:93:cc:6f:98:e4:4e: 3a:79:d9:91:87:45:cd:85:8c:33:7f:51:83:39:a6: 9a:60:98:e5:4a:85:c1:d1:27:bb:1e:b2:b4:e3:86: a3:21:cc:4c:36:08:96:90:cb:f4:7e:01:12:16:25: 90:f2:4d:e4:11:7d:13:17:44:cb:3e:49:4a:f8:a9: a0:72:fc:4a:58:0b:66:a0:27:e0:84:eb:3e:f3:5d: 5f:b4:86:1e:d2:42:a3:0e:96:7c:75:43:6a:34:3d: 6b:96:4d:ca:f0:de:f2:bf:5c:ac:f6:41:f5:e5:bc: fc:95:ee:b1:f9:c1:a8:6c:82:3a:dd:60:ba:24:a1: eb:32:54:f7:20:51:e7:c0:95:c2:ed:56:c8:03:31: 96:c1:b6:6f:b7:4e:c4:18:8f:50:6a:86:1b:a5:99: d9:3f:ad:41:00:d4:2b:e4:e7:39:08:55:7a:ff:08: 30:9e:df:9d:65:e5:0d:13:5c:8d:a6:f8:82:0c:61: c8:6b Exponent: 65537 (0x10001) . . . D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  7. This project took a slightly different turn HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 Taiwan Citizen Digital Certificates (out of 2.26 million keys with 1024 bits). D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  8. This project took a slightly different turn HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 Taiwan Citizen Digital Certificates (out of 2.26 million keys with 1024 bits). Wrote report that some keys are factored, informed MOI. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  9. This project took a slightly different turn HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 Taiwan Citizen Digital Certificates (out of 2.26 million keys with 1024 bits). Wrote report that some keys are factored, informed MOI. End of story. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  10. This project took a slightly different turn HITCON 2012 (July 20–21): Prof. Li-Ping Chou presents “Cryptanalysis in real life” (based on work with Yun-An Chang and Chen-Mou Cheng) Factored 103 Taiwan Citizen Digital Certificates (out of 2.26 million keys with 1024 bits). Wrote report that some keys are factored, informed MOI. End of story? D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  11. January 2013: Closer look at the 119 primes p82 p108 p29 p73 p85 p32 p3 p42 p101 p27 p116 p49 p71 p70 p11 p115 p84 p23 p90 p40 p14 p80 p104 p111 p95 p6 p86 p4 p68 p48 p83 p60 p21 p79 p26 p87 p96 p51 p1 p99 p67 p47 p56 p7 p93 p59 p20 p54 p34 p24 p37 p107 p110 p36 p55 p91 p117 p77 p50 p89 p13 p8 p62 p92 p10 p75 p19 p35 p109 p30 p22 p102 p88 p0 p18 p17 p16 p65 p5 p43 p97 p74 p76 p100 p72 p9 p118 p25 p63 p98 p12 p46 p66 p78 p61 p52 p15 p31 p44 p113 p38 p112 p2 p58 p114 p94 p57 p106 p81 p45 p69 p64 p33 p103 p105 p41 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/ p39 p53 p28

  12. Look at the primes! Prime factor p110 appears 46 times c0000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000000 000000000000000000000000000002f9 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  13. Look at the primes! Prime factor p110 appears 46 times c0000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000000 000000000000000000000000000002f9 which is the next prime after 2 511 + 2 510 . The next most common factor, repeated 7 times, is c9242492249292499249492449242492 24929249924949244924249224929249 92494924492424922492924992494924 492424922492924992494924492424e5 Several other factors exhibit such a pattern. D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  14. How is this pattern generated? 1100100100100100001001001001001000100100100100101001001001001001 1001001001001001010010010010010001001001001001000010010010010010 0010010010010010100100100100100110010010010010010100100100100100 0100100100100100001001001001001000100100100100101001001001001001 1001001001001001010010010010010001001001001001000010010010010010 0010010010010010100100100100100110010010010010010100100100100100 0100100100100100001001001001001000100100100100101001001001001001 1001001001001001010010010010010001001001001001000010010011100101 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  15. How is this pattern generated? Swap every 16 bits in a 32 bit word 0010010010010010 1100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010010010010 0100100100100100 1001001001001001 0010010011100101 0100100100100100 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

  16. How is this pattern generated? Realign 001001001001001011001001001001001001001001001001001001001001001001 001001001001001001001001001001001001001001001001001001001001001001 001001001001001001001001001001001001001001001001001001001001001001 001001001001001001001001001001001001001001001001001001001001001001 001001001001001001001001001001001001001001001001001001001001001001 001001001001001001001001001001001001001001001001001001001001001001 001001001001001001001001001001001001001001001001001001001001001001 00100100100100100100100100111001010100100100100100 D J Bernstein, Y-A Chang, C-M Cheng, L-P Chou, N Heninger, T Lange, N van Someren: http://smartfacts.cr.yp.to/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein,

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein,

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren 5 December 2013 Problems with non-randomness 2012

545 views • 50 slides
SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE

SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE

SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE KEYS, CERTIFICATES: WHAT ARE THEY USED FOR? PRIVATE KEYS, CERTIFICATES: WHAT ARE THEY USED FOR? Email signatures & encryption SSH authentication

708 views • 34 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart Cards to NFC Smart Phone Attacks/countermeasures Security Near Field Communication (NFC) Keith Mayes NFC Security Elements

550 views • 8 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to

The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to

The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to the Smart Grid Ken Van Meter Principal, Energy and Cyber Services Lockheed Martin The Smart Grid is, and must be, a national priority Security

333 views • 9 slides
Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya HAMADOUCHE , Jean-Louis LANET , Mohamed MEZGHICHE 1 LIMOSE Laboratory, University

898 views • 36 slides
Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus Labs Gemplus Labs Pierre.Paradinas Paradinas@ @gemplus gemplus.com .com Pierre. Agenda Agenda Smart Card Technologies Smart Card

358 views • 31 slides
Factors 2 12 Factors Factors 3 13 and Unique Unique 14 4 to 10 to 15 Greatest Common

Factors 2 12 Factors Factors 3 13 and Unique Unique 14 4 to 10 to 15 Greatest Common

Slide 1 / 128 Slide 2 / 128 Table of Contents Factors and GCF Factoring out GCF's Polynomials Factoring Trinomials x 2 + bx + c Factoring Using Special Patterns Factoring Trinomials ax 2 + bx + c Factoring 4 Term Polynomials

472 views • 22 slides
Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming

Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming

Gaming & Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming Industry Challenges Customer Experience Customer Experience Security and Privacy Security and Privacy Integration

544 views • 27 slides
National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO) www.sabteahval.ir/houshmand/ National Organization for Civil Tell: 60902701-2 Fax: 66736526 Registration(NOCR) Agenda 1. Traditional ID

370 views • 23 slides
The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of OpenCard Pascal Paillier CryptoExperts Real World Crypto 2015 Jan 2015 Real World Crypto 2015 Jan 2015 What are Smart Cards? Real World

968 views • 51 slides
Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Carrying certificates around How do you use your [digital] identity? Install your certificate in browser Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski

215 views • 5 slides
Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable communication hardware standard card

468 views • 20 slides
www.worldofinsights.co How to use the cards REFLECT CARDS Use as an ice-breaker to create

www.worldofinsights.co How to use the cards REFLECT CARDS Use as an ice-breaker to create

www.worldofinsights.co How to use the cards REFLECT CARDS Use as an ice-breaker to create dialogue on learning. RETHINK CARDS Use as a brainstorming tool to spark new ideas. ACT CARDS Use to transform insights into action. Licence to Dare

434 views • 24 slides
Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela E.Fourneret J.Jurjens P. Yousefi ARES 2011 OUTLINE Introduction Background UMLsec Model-based Testing Security in smart-card

356 views • 17 slides
seaweed juice biostimulant What makes us different? Just 5 days after application on Wheat seeds

seaweed juice biostimulant What makes us different? Just 5 days after application on Wheat seeds

Organic certified pure Ascophyllum nodosum seaweed juice biostimulant What makes us different? Just 5 days after application on Wheat seeds Advanced innovation plus the highest quality of ingredients and processing High levels of vitamins,

395 views • 13 slides
2014 Budget Budget Sub-Committee #1 October 8 th , 2013 Building Markhams Future Together

2014 Budget Budget Sub-Committee #1 October 8 th , 2013 Building Markhams Future Together

2014 Budget Budget Sub-Committee #1 October 8 th , 2013 Building Markhams Future Together Journey to Excellence Markham Pan Am Centre Building Markhams Future Together Journey to Excellence Agenda 2014 Budget Process and

708 views • 69 slides
Copper Lake Resources Ontarios Next Copper Discovery Copper-Gold-Zinc-Silver VMS Camp

Copper Lake Resources Ontarios Next Copper Discovery Copper-Gold-Zinc-Silver VMS Camp

Copper Lake Resources Ontarios Next Copper Discovery Copper-Gold-Zinc-Silver VMS Camp December 2017 www.copperlakeresources.com TSX-V: CPL Disclaimer Cautionary Statement These presentation materials include certain statements which may

757 views • 24 slides
Gunn-Berit (GB) Neergrd Entrepreneurial Nurse Founder of GEM Radon Detectors Twitter:

Gunn-Berit (GB) Neergrd Entrepreneurial Nurse Founder of GEM Radon Detectors Twitter:

Gunn-Berit (GB) Neergrd Entrepreneurial Nurse Founder of GEM Radon Detectors Twitter: @Helsepleieren RISK COMMUNICATION How Politics May Affect the Health Awareness and Behaviour of a Population, Reducing Radon Induced Cancer in Norway How

1.01k views • 21 slides
An EnerPHit Certified Retrofit Joel Seagren Images courtesy of Dale Roberts & Phil Hines

An EnerPHit Certified Retrofit Joel Seagren Images courtesy of Dale Roberts & Phil Hines

An EnerPHit Certified Retrofit Joel Seagren Images courtesy of Dale Roberts & Phil Hines Project Location Bellbrae Project Bellbrae Project Bellbrae Project Decision Process New Build vs Retrofit Maintain family connection to

374 views • 23 slides
Motor Fuel Dispensers Western Weights and Measures Association Conference September 26, 2017

Motor Fuel Dispensers Western Weights and Measures Association Conference September 26, 2017

Data Skimmers in Motor Fuel Dispensers Western Weights and Measures Association Conference September 26, 2017 What are skimmers? They are illegal devices that capture customer card info Connected to the credit card readers

673 views • 42 slides
North Bay & DISTRICT Chamber of Commerce Presentation to Council 2015 Agenda Mission

North Bay & DISTRICT Chamber of Commerce Presentation to Council 2015 Agenda Mission

North Bay & DISTRICT Chamber of Commerce Presentation to Council 2015 Agenda Mission Statement Our geographic district New Mandate - Pillars Other items we have to offer Engagement of the DISTRICT Q & A Mission

122 views • 9 slides
2007 California Wildfires Economic Recovery Recommendations for the San Diego Region Business

2007 California Wildfires Economic Recovery Recommendations for the San Diego Region Business

2007 California Wildfires Economic Recovery Recommendations for the San Diego Region Business Community and Chambers of Commerce The International Economic Development Council John Zakian, CEcD Rebecca Moudry Ines Pearce Pearce Global

110 views • 10 slides

More recommend