Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{1668739, author = {Sedláček, Vladimír and Jančár, Ján and Švenda, Petr}, address = {Švýcarsko}, booktitle = {25th European Symposium on Research in Computer Security (ESORICS) 2020}, doi = {http://dx.doi.org/10.1007/978-3-030-59013-0_11}, editor = {Liqun Chen, Ninghui Li, Kaitai Liang and Steve Schneider}, keywords = {ECC; primality; pseudoprimes; smartcards}, howpublished = {tištěná verze "print"}, language = {eng}, location = {Švýcarsko}, isbn = {978-3-030-59012-3}, pages = {209-229}, publisher = {Springer}, title = {Fooling primality tests on smartcards}, url = {https://crocs.fi.muni.cz/public/papers/primality_esorics20}, year = {2020} }
TY - JOUR ID - 1668739 AU - Sedláček, Vladimír - Jančár, Ján - Švenda, Petr PY - 2020 TI - Fooling primality tests on smartcards PB - Springer CY - Švýcarsko SN - 9783030590123 KW - ECC KW - primality KW - pseudoprimes KW - smartcards UR - https://crocs.fi.muni.cz/public/papers/primality_esorics20 L2 - https://crocs.fi.muni.cz/public/papers/primality_esorics20 N2 - We analyse whether the smartcards of the JavaCard platform correctly validate primality of domain parameters. The work is inspired by Albrecht et al. (Prime and Prejudice) [1], where the authors analysed many open-source libraries and constructed pseudoprimes fooling the primality testing functions. However, in the case of smartcards, often there is no way to invoke the primality test directly, so we trigger it by replacing (EC)DSA and (EC)DH prime domain parameters by adversarial composites. Such a replacement results in vulnerability to Pohlig-Hellman [30] style attacks, leading to private key recovery. Out of nine smartcards (produced by five major manufacturers) we tested (See https://crocs.fi.muni.cz/papers/primality_esorics20 for more information), all but one have no primality test in parameter validation. As the JavaCard platform provides no public primality testing API, the problem cannot be fixed by an extra parameter check, making it difficult to mitigate in already deployed smartcards. ER -
SEDLÁČEK, Vladimír, Ján JANČÁR a Petr ŠVENDA. Fooling primality tests on smartcards. In Liqun Chen, Ninghui Li, Kaitai Liang and Steve Schneider. \textit{25th European Symposium on Research in Computer Security (ESORICS) 2020}. Švýcarsko: Springer, 2020, s.~209-229. ISBN~978-3-030-59012-3. Dostupné z: https://dx.doi.org/10.1007/978-3-030-59013-0\_{}11.
|