weak keys remain widespread in network devices
play

Weak keys remain widespread in network devices Marcella Hastings, - PowerPoint PPT Presentation

Dec 15, 2022 •124 likes •358 views

Weak keys remain widespread in network devices Marcella Hastings, Joshua Fried, Nadia Heninger University of Pennsylvania Motivation [Mining Your Ps & Qs: Detection of Widespread Weak Keys in Network Devices: Heninger Durumeric Wustrow

  1. Weak keys remain widespread in network devices Marcella Hastings, Joshua Fried, Nadia Heninger University of Pennsylvania

  2. Motivation [Mining Your Ps & Qs: Detection of Widespread Weak Keys in Network Devices: Heninger Durumeric Wustrow Halderman 2012; Public Keys: Lenstra et al. 2012] ◮ Factored 0.5% of HTTPS RSA public keys on the internet ◮ Weak keys were due to random number generator failures ◮ Affected only small network devices ◮ Major disclosure process to companies producing vulnerable products

  3. What happened? A follow-up study. ◮ What happened since 2012? ◮ Did vendors fix their broken implementations? ◮ Can we observe patching behavior in end users?

  4. Background on Ps and Qs: The GCD Vulnerability Public Key Private Key N = pq modulus p , q primes Vulnerability N 1 = pq 1 N 2 = pq 2 gcd( N 1 , N 2 ) = p = ⇒ Detect vulnerability by presence of factored key on host.

  5. Methodology for this study What happens when we ask vendors to fix a vulnerability? 1. Aggregated internet-wide TLS scans from 2010-2016 2. Computed GCDs for 81.2 million RSA moduli 3. Identified vendors of vulnerable implementations 4. Examined results based on response to 2012 notification

  6. Data sources: how to read the plots ◮ Scan sources along top of plot ◮ Scan dates on x-axis ◮ Absolute counts on y-axis Ecosystem Rapid7 Censys P&Q EFF 40M 30M Total 20M 10M 0M 80K Vulnerable 60K 40K 20K 0K 07/2010 12/2010 10/2011 06/2012 02/2014 07/2015 05/2016

  7. Fingerprinting specific implementations Certificate subjects ◮ Cisco: OU=RV120W,O=Cisco Systems, Inc. ◮ Juniper: CN=system generated ◮ HP: O=Hewlett-Packard ◮ Xerox: O=Xerox Corporation ◮ Innominate: O=Innominate Shared primes heuristic Shared prime ⇒ same implementation.

  8. Original notification ◮ Low response rates from vendors ◮ Took place March-June 2012 Vendor response to original notification Public Private Auto- No response Response Response responder 5 11 3 18

  9. Research questions: what are we looking for? Prior work: what we hope to see ◮ Patch one implementation, notify many users [Debian OpenSSL: Yilek et al. 2009; Heartbleed: Durumeric et al. 2014] [Durumeric et al. 2014]

  10. Research questions: what are we looking for? Prior work: what we hope to see ◮ Patch one implementation, notify many users [Debian OpenSSL: Yilek et al. 2009; Heartbleed: Durumeric et al. 2014] Questions ◮ What happened with different vendors? ◮ Did patch rates improve when vendors released a public advisory? ◮ Do we see the same trends as previous studies?

  11. Innominate mGuard network security devices (Smart, PCI, Industrial RS, Blade, Delta, EAGLE) ◮ Public advisory in June 2012 ◮ Consistent population of vulnerable devices since 2012 ◮ New devices not vulnerable, but old devices not patched Ecosystem Rapid7 Censys P&Q EFF 600 400 Hosts Total 200 Vulnerable 0 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  12. Juniper SRX Series Service Gateways (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650), LN1000 Mobile Secure Router ◮ Public security bulletin in April 2012, out-of-cycle security notice in July 2012 ◮ Majority of factored keys in 2012 were Juniper hosts ◮ Weird behavior in April 2014 Ecosystem Rapid7 Censys P&Q EFF 80K Total 60K Hosts 40K Vulnerable 20K 0K 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  13. Juniper SRX Series Service Gateways (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650), LN1000 Mobile Secure Router ◮ 30,000 Juniper-fingerprinted hosts (9000 vulnerable) came offline after Heartbleed ◮ IPs do not reappear in later scans: TLS disabled, scans blocked, devices offline? Ecosystem Rapid7 Censys P&Q EFF 80K Total 60K Hosts Heartbleed 40K Vulnerable 20K 0K 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  14. IBM Remote Supervisor Adapter II, BladeCenter Management Module ◮ Public security advisory (CVE-2012-2187) in September 2012 ◮ Prime generation bug: 36 possible public keys from 9 primes ◮ 100% of fingerprintable moduli are vulnerable P&Q Ecosystem Rapid7 Censys EFF Vulnerable Hosts 600 400 200 Heartbleed 0 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  15. Cisco RV120W/220W, WRVS4400N, SA520/520W, RVS4000, SA540, RV180/180W, RV130, RV320, RV130W, ISA550/550W, ISA570 ◮ Substantial private response; no public advisory ◮ Vulnerable population rises for several years after notification Ecosystem Rapid7 Censys P&Q EFF 200K Total 100K 0K 10K Vulnerable 8K 6K 4K 2K 0K 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  16. HP Integrated Lights-Out management card ◮ Substantial private response; no public advisory ◮ Internet reports: Integrated Lights-Out (iLO) management cards crash when scanned for Heartbleed Ecosystem Rapid7 Censys P&Q EFF 100 , 000 Total 50 , 000 Heartbleed 0 Vulnerable 30 20 10 0 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  17. Linksys ◮ Did not respond to 2012 notification ◮ No evidence of patching: vulnerability decrease correlated with total decrease P&Q Ecosystem Rapid7 Censys EFF 150 , 000 Total 100 , 000 50 , 000 0 1 , 500 Vulnerable 1 , 000 500 0 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  18. Huawei ◮ Introduced vulnerability in 2014 ◮ Security advisory published Aug 2016 Ecosystem Rapid7 Censys P&Q EFF 60 , 000 Total 40 , 000 20 , 000 0 Vulnerable 3 , 000 2 , 000 1 , 000 0 07-2010 12-2010 10-2011 06-2012 02-2014 07-2015 05-2016

  19. End-User Patching Behavior ◮ Few vendors released patches; limited visibility into patching behavior. ◮ Patching rate is low: Decreasing vulnerability due to device churn. ◮ Low patch rate for devices has distressing implications for “Internet of Things” security [Yu et al. 2015] ◮ Vulnerability publicity campaigns (Heartbleed) effective, with unintended consequences

  20. Failure in the Vendor Notification Process ◮ Security contact information is not available (16/42 vendors had discoverable contacts) ◮ Few public security advisories ◮ Organizations such as CERT/CC may increase vendor responses, but don’t result in signficant patching behavior [Arora et al. 2010, Li et al. 2016]

  21. Standardizations: RFC 4086 “Care must be taken that enough entropy has been added to the pool to support particular output uses desired.” “Once one has gathered sufficient entropy, it can be used as the seed to produce the required amount of cryptographically strong pseudo-randomness”

  22. Weak keys remain widespread in network devices Marcella Hastings, Joshua Fried, Nadia Heninger University of Pennsylvania

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mining Your P s and Q s Detection of Widespread Weak Keys in Embedded Devices Nadia Heninger UC

Mining Your P s and Q s Detection of Widespread Weak Keys in Embedded Devices Nadia Heninger UC

Mining Your P s and Q s Detection of Widespread Weak Keys in Embedded Devices Nadia Heninger UC San Diego Microsoft Research New England Zakir Durumeric Eric Wustrow Alex Halderman University of Michigan January 10, 2012 or

490 views • 46 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong University of Waterloo, Canada CANS 2013 Nov 20, 2013 1 of 28 MAC Forgeries, Weak Keys and Provable Security of GCM Galois/Counter Mode (GCM)

957 views • 56 slides
Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

491 views • 46 slides
Overview Weak entity sets and keys Design principles CS 235: Examples Introduction to

Overview Weak entity sets and keys Design principles CS 235: Examples Introduction to

Overview Weak entity sets and keys Design principles CS 235: Examples Introduction to Databases Svetlozar Nestorov Lecture Notes #3 CS 235: Intro to DB; S. Nestorov 12 Example: Email Addresses Weak Entity Sets Sometimes an

522 views • 3 slides
On Weak Keys and Forgery Attacks Against Polynomial-based MAC Schemes Gordon Procter and Carlos

On Weak Keys and Forgery Attacks Against Polynomial-based MAC Schemes Gordon Procter and Carlos

On Weak Keys and Forgery Attacks Against Polynomial-based MAC Schemes Gordon Procter and Carlos Cid Information Security Group, Royal Holloway, University of London Our Contributions 1 Study the underlying algebraic structure of

409 views • 24 slides
A New Class Of Weak Keys for Blowfish Orhun KARA and Cevat MANAP T UB ITAK - UEKAE

A New Class Of Weak Keys for Blowfish Orhun KARA and Cevat MANAP T UB ITAK - UEKAE

A New Class Of Weak Keys for Blowfish Orhun KARA and Cevat MANAP T UB ITAK - UEKAE (National Research Institute of Electronics and Cryptology) 1 Redefining Blowfish Key XORs in Blowfish can be moved around to generate two building blocks

286 views • 12 slides
America and the Caribbean The global economy saw widespread growth in 2017 (2.9%), and will

America and the Caribbean The global economy saw widespread growth in 2017 (2.9%), and will

A slightly more favourable external context for Latin America and the Caribbean The global economy saw widespread growth in 2017 (2.9%), and will remain strong in 2018 (3%) Emerging economies are the engines of growth (4.5% in 2017 and

351 views • 31 slides
What do you do to become and remain What do you do to become and remain a Christian? a

What do you do to become and remain What do you do to become and remain a Christian? a

What do you do to become and remain What do you do to become and remain a Christian? a Christian? Give your heart to God Surrender your will to Jesus Lay your all on the altar Fall on the rock and be broken Behold the Lamb of God Use the

633 views • 49 slides
To the weak I became weak, that I might win the weak. I have become all things to all people,

To the weak I became weak, that I might win the weak. I have become all things to all people,

To the weak I became weak, that I might win the weak. I have become all things to all people, that by all means I might save some. I do it all for the sake of the gosepl, that I might share with them in its blessing. Do you not know that in

652 views • 40 slides
Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver

Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver

Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys Rolf Haenni and Oliver Spycher Bern University of Applied Sciences, Switzerland http://e-voting.bfh.ch EVT/WOTE11, San Francisco August 9th, 2011 1 Outline

550 views • 23 slides
CS 598: Network Security Matthew Caesar February 7, 2011 1 This lecture Network devices

CS 598: Network Security Matthew Caesar February 7, 2011 1 This lecture Network devices

Lecture 4: Device Security and Router Mechanisms CS 598: Network Security Matthew Caesar February 7, 2011 1 This lecture Network devices Their internals and how they work Network connections How to plug devices together 2

1.41k views • 119 slides
2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys >

2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys >

2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys > 100 uses 4450 keys > 1000 uses An excursion in to the world of OSM tagging presets Simon Poole, SOtM 2018 In the beginning Bus

686 views • 50 slides
what explains widespread open defecation in India? links between widespread open defecation and

what explains widespread open defecation in India? links between widespread open defecation and

what explains widespread open defecation in India? links between widespread open defecation and culture Sangita Vyas & Dean Spears @NEEDLE_2015 5 February 2015 80% India 70% 60% 50% Vietnam 40% Bangladesh 30% world 20% China

628 views • 38 slides
WEAK INTERPOLATION PROPERTY over THE MINIMAL LOGIC Larisa Maksimova Sobolev Institute of

WEAK INTERPOLATION PROPERTY over THE MINIMAL LOGIC Larisa Maksimova Sobolev Institute of

Abstract Weak interpolation and joint consistency Propositional J-logics Reduction of WIP Weak interpolation and weak amalgamation Weak interpolation and weak amalgamation Logics with WIP over Gl Description of logics with WIP over Gl and J

621 views • 41 slides
Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center

Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center

Open Programmable Architecture for Java-enabled Network Devices Tal Lavian Technology Center Nortel Networks tlavian@NortelNetworks.com Santa Clara University 9/29/99 1 Programmable Network Devices Openly Programmable devices

1k views • 44 slides
Assessment of Library Instruction: the Influence on Search Behaviour of First and Third year

Assessment of Library Instruction: the Influence on Search Behaviour of First and Third year

Assessment of Library Instruction: the Influence on Search Behaviour of First and Third year Students. By Torunn Skofsrud Boger, Hanne Dybvik, Anne-Lise Eng and Else Helene Norheim Dybvik & Norheim | stfold University College 20.06.2016

549 views • 25 slides
A follow-up study on the issue of i.i.d. points in tennis Mathsport International 2017

A follow-up study on the issue of i.i.d. points in tennis Mathsport International 2017

Francesco Matteazzi Francesco Lisi University of Padua Department of Statistical Sciences A follow-up study on the issue of i.i.d. points in tennis Mathsport International 2017 Conference, Padua 26-28 June 2017 The problem and the

658 views • 27 slides
Protein molecular dynamics on OSG using CHARMM Ana Damjanovic, Tim Miller, Bernard Brooks (NIH)

Protein molecular dynamics on OSG using CHARMM Ana Damjanovic, Tim Miller, Bernard Brooks (NIH)

Protein molecular dynamics on OSG using CHARMM Ana Damjanovic, Tim Miller, Bernard Brooks (NIH) Petar Maksimovic (JHU) Wensheng Deng, Torre Wenaus (BNL), Frank Wuerthwein (UCSD) Petar Maksimovic, CHARMM @ OSG Why Molecular Dynamics (MD)

669 views • 29 slides
ENERGY LANDSCAPES AND FOLDING KINETICS OF PAIRWISE INTERACTING RNAS Stefan Badelt 1 , Christoph

ENERGY LANDSCAPES AND FOLDING KINETICS OF PAIRWISE INTERACTING RNAS Stefan Badelt 1 , Christoph

ENERGY LANDSCAPES AND FOLDING KINETICS OF PAIRWISE INTERACTING RNAS Stefan Badelt 1 , Christoph Flamm , Ivo L. Hofacker 2 2 (1) DNA and Natural Algorithms Group, California Institute of Technology (2) Theoretical Biochemistry Group (tbi),

302 views • 27 slides
Cuban Street Network Eduardo Pujol Will Scott Eric Wustrow J. Alex Halderman The Internet in

Cuban Street Network Eduardo Pujol Will Scott Eric Wustrow J. Alex Halderman The Internet in

Initial Measurements of the Cuban Street Network Eduardo Pujol Will Scott Eric Wustrow J. Alex Halderman The Internet in Cuba Unsanctioned Alternatives El Paquete WiFi Sharing Isolated Networks El Paquete Update How to survive your first

431 views • 15 slides
The Fondue Toolset Thomas Baar 3 rd International KeY-Workshop Knigswinter near Bonn June 8,

The Fondue Toolset Thomas Baar 3 rd International KeY-Workshop Knigswinter near Bonn June 8,

The Fondue Toolset Thomas Baar 3 rd International KeY-Workshop Knigswinter near Bonn June 8, 2004 Thomas Baar: The Fondue Toolset 2 Outline What is Fondue? Toolset Architecture Current State Current Problems Thomas Baar:

377 views • 19 slides
ofXnJJr.n VafXDt ffE fondue W o F w Cx 55 0 4 _E F Wfaa Xu SJ F Streaming Algs to store

ofXnJJr.n VafXDt ffE fondue W o F w Cx 55 0 4 _E F Wfaa Xu SJ F Streaming Algs to store

density fuk U nu Regarding Problem 4 EH7 EMT Van mean he r v has conditioned on U u X variance n Va a ECY7 on t fonda F x 5 Tu fuk du of Suppose E X2 fE fuk du track XI D E E Voix x w ofXnJJr.n VafXDt ffE fondue W o F w

337 views • 4 slides
BSM Tools - Summary BSM Tools - Summary Les Houches ('05): discussions, projects, and results

BSM Tools - Summary BSM Tools - Summary Les Houches ('05): discussions, projects, and results

BSM Tools - Summary BSM Tools - Summary Les Houches ('05): discussions, projects, and results Contact: Peter Skands (skands@fnal.gov) SUSY Les Houches Accord SUSY Les Houches Accord LH '03: many tools -> need to unify -> Accord.

585 views • 16 slides

More recommend