Measuring Popularity of Cryptographic Libraries in
Internet-Wide Scans

D 2017

Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans

NEMEC, Matúš, Dušan KLINEC, Petr ŠVENDA, Peter SEKAN, Václav MATYÁŠ et. al.

Základní údaje

Originální název

Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans

Autoři

NEMEC, Matúš (703 Slovensko, domácí), Dušan KLINEC (703 Slovensko, domácí), Petr ŠVENDA (203 Česká republika, domácí), Peter SEKAN (703 Slovensko, domácí) a Václav MATYÁŠ (203 Česká republika, domácí)

Vydání

New York, NY, USA, Proceedings of the 33rd Annual Computer Security Applications Conference, od s. 162-175, 14 s. 2017

Nakladatel

ACM

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

Proceedings of the 33rd Annual Computer Security Applications Conference Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans Supplementary materials

Kód RIV

RIV/00216224:14330/17:00095055

Organizační jednotka

Fakulta informatiky

ISBN

978-1-4503-5345-8

DOI

http://dx.doi.org/10.1145/3134600.3134612

UT WoS

000540643200014

Klíčová slova anglicky

RSA algorithm; cryptographic library; prime generation

Štítky

best3, core_A, firank_A

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 27. 4. 2018 10:51, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

We measure the popularity of cryptographic libraries in large datasets of RSA public keys. We do so by improving a recently proposed method based on biases introduced by alternative implementations of prime selection in different cryptographic libraries. We extend the previous work by applying statistical inference to approximate a share of libraries matching an observed distribution of RSA keys in an inspected dataset (e.g., Internet-wide scan of TLS handshakes). The sensitivity of our method is sufficient to detect transient events such as a periodic insertion of keys from a specific library into Certificate Transparency logs and inconsistencies in archived datasets. We apply the method on keys from multiple Internet-wide scans collected in years 2010 through 2017, on Certificate Transparency logs and on separate datasets for PGP keys and SSH keys. The results quantify a strong dominance of OpenSSL with more than 84% TLS keys for Alexa 1M domains, steadily increasing since the first measurement. OpenSSL is even more popular for GitHub client-side SSH keys, with a share larger than 96%. Surprisingly, new certificates inserted in Certificate Transparency logs on certain days contain more than 20% keys most likely originating from Java libraries, while TLS scans contain less than 5% of such keys. Since the ground truth is not known, we compared our measurements with other estimates and simulated different scenarios to evaluate the accuracy of our method. To our best knowledge, this is the first accurate measurement of the popularity of cryptographic libraries not based on proxy information like web server fingerprinting, but directly on the number of observed unique keys.

Návaznosti

GA16-08565S, projekt VaV

Název: Rozvoj kryptoanalytických metod prostřednictvím evolučních výpočtů

Investor: Grantová agentura ČR, Advancing cryptanalytic methods through evolutionary computing

MUNI/A/0992/2016, interní kód MU

Název: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity (Akronym: SKOMU)

Investor: Masarykova univerzita, Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity, DO R. 2020_Kategorie A - Specifický výzkum - Studentské výzkumné projekty

Citovat

NEMEC, Matúš, Dušan KLINEC, Petr ŠVENDA, Peter SEKAN a Václav MATYÁŠ. Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans. Online. In Proceedings of the 33rd Annual Computer Security Applications Conference. New York, NY, USA: ACM, 2017, s. 162-175. ISBN 978-1-4503-5345-8. Dostupné z: https://dx.doi.org/10.1145/3134600.3134612.

@inproceedings{1392143,
   author = {Nemec, Matúš and Klinec, Dušan and Švenda, Petr and Sekan, Peter and Matyáš, Václav},
   address = {New York, NY, USA},
   booktitle = {Proceedings of the 33rd Annual Computer Security Applications Conference},
   doi = {http://dx.doi.org/10.1145/3134600.3134612},
   keywords = {RSA algorithm; cryptographic library; prime generation},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York, NY, USA},
   isbn = {978-1-4503-5345-8},
   pages = {162-175},
   publisher = {ACM},
   title = {Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans},
   url = {https://dl.acm.org/citation.cfm?id=3134600},
   year = {2017}
}

TY  - JOUR
ID  - 1392143
AU  - Nemec, Matúš - Klinec, Dušan - Švenda, Petr - Sekan, Peter - Matyáš, Václav
PY  - 2017
TI  - Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans
PB  - ACM
CY  - New York, NY, USA
SN  - 9781450353458
KW  - RSA algorithm
KW  - cryptographic library
KW  - prime generation
UR  - https://dl.acm.org/citation.cfm?id=3134600
L2  - https://dl.acm.org/citation.cfm?id=3134612
N2  - We measure the popularity of cryptographic libraries in large datasets of RSA public keys. We do so by improving a recently proposed method based on biases introduced by alternative implementations of prime selection in different cryptographic libraries. We extend the previous work by applying statistical inference to approximate a share of libraries matching an observed distribution of RSA keys in an inspected dataset (e.g., Internet-wide scan of TLS handshakes). The sensitivity of our method is sufficient to detect transient events such as a periodic insertion of keys from a specific library into Certificate Transparency logs and inconsistencies in archived datasets. We apply the method on keys from multiple Internet-wide scans collected in years 2010 through 2017, on Certificate Transparency logs and on separate datasets for PGP keys and SSH keys. The results quantify a strong dominance of OpenSSL with more than 84% TLS keys for Alexa 1M domains, steadily increasing since the first measurement. OpenSSL is even more popular for GitHub client-side SSH keys, with a share larger than 96%. Surprisingly, new certificates inserted in Certificate Transparency logs on certain days contain more than 20% keys most likely originating from Java libraries, while TLS scans contain less than 5% of such keys. Since the ground truth is not known, we compared our measurements with other estimates and simulated different scenarios to evaluate the accuracy of our method. To our best knowledge, this is the first accurate measurement of the popularity of cryptographic libraries not based on proxy information like web server fingerprinting, but directly on the number of observed unique keys.
ER  -

NEMEC, Matúš, Dušan KLINEC, Petr ŠVENDA, Peter SEKAN a Václav MATYÁŠ. Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans. Online. In \textit{Proceedings of the 33rd Annual Computer Security Applications Conference}. New York, NY, USA: ACM, 2017, s.~162-175. ISBN~978-1-4503-5345-8. Dostupné z: https://dx.doi.org/10.1145/3134600.3134612.

Podrobný výpis o publikaci