Fooling primality tests on smartcards

D 2020

Fooling primality tests on smartcards

SEDLÁČEK, Vladimír, Ján JANČÁR a Petr ŠVENDA

Základní údaje

Originální název

Fooling primality tests on smartcards

Autoři

SEDLÁČEK, Vladimír (203 Česká republika, garant, domácí), Ján JANČÁR (703 Slovensko, domácí) a Petr ŠVENDA (203 Česká republika, domácí)

Vydání

Švýcarsko, 25th European Symposium on Research in Computer Security (ESORICS) 2020, od s. 209-229, 21 s. 2020

Nakladatel

Springer

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Odkazy

Website

Impakt faktor

Impact factor: 0.402 v roce 2005

Kód RIV

RIV/00216224:14330/20:00114216

Organizační jednotka

Fakulta informatiky

ISBN

978-3-030-59012-3

ISSN

DOI

http://dx.doi.org/10.1007/978-3-030-59013-0_11

Klíčová slova anglicky

ECC; primality; pseudoprimes; smartcards

Štítky

best2, core_A, firank_A

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 29. 4. 2021 12:26, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

We analyse whether the smartcards of the JavaCard platform correctly validate primality of domain parameters. The work is inspired by Albrecht et al. (Prime and Prejudice) [1], where the authors analysed many open-source libraries and constructed pseudoprimes fooling the primality testing functions. However, in the case of smartcards, often there is no way to invoke the primality test directly, so we trigger it by replacing (EC)DSA and (EC)DH prime domain parameters by adversarial composites. Such a replacement results in vulnerability to Pohlig-Hellman [30] style attacks, leading to private key recovery. Out of nine smartcards (produced by five major manufacturers) we tested (See https://crocs.fi.muni.cz/papers/primality_esorics20 for more information), all but one have no primality test in parameter validation. As the JavaCard platform provides no public primality testing API, the problem cannot be fixed by an extra parameter check, making it difficult to mitigate in already deployed smartcards.

Návaznosti

GA20-03426S, projekt VaV

Název: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

Investor: Grantová agentura ČR, Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

MUNI/C/1701/2018, interní kód MU

Název: Side channel analysis of elliptic curve cryptography on smart cards (Akronym: ECSCA)

Investor: Masarykova univerzita, Side channel analysis of elliptic curve cryptography on smart cards, DO R. 2020 - Program rektora

Citovat

SEDLÁČEK, Vladimír, Ján JANČÁR a Petr ŠVENDA. Fooling primality tests on smartcards. In Liqun Chen, Ninghui Li, Kaitai Liang and Steve Schneider. 25th European Symposium on Research in Computer Security (ESORICS) 2020. Švýcarsko: Springer, 2020, s. 209-229. ISBN 978-3-030-59012-3. Dostupné z: https://dx.doi.org/10.1007/978-3-030-59013-0_11.

@inproceedings{1668739,
   author = {Sedláček, Vladimír and Jančár, Ján and Švenda, Petr},
   address = {Švýcarsko},
   booktitle = {25th European Symposium on Research in Computer Security (ESORICS) 2020},
   doi = {http://dx.doi.org/10.1007/978-3-030-59013-0_11},
   editor = {Liqun Chen, Ninghui Li, Kaitai Liang and Steve Schneider},
   keywords = {ECC; primality; pseudoprimes; smartcards},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Švýcarsko},
   isbn = {978-3-030-59012-3},
   pages = {209-229},
   publisher = {Springer},
   title = {Fooling primality tests on smartcards},
   url = {https://crocs.fi.muni.cz/public/papers/primality_esorics20},
   year = {2020}
}

TY  - JOUR
ID  - 1668739
AU  - Sedláček, Vladimír - Jančár, Ján - Švenda, Petr
PY  - 2020
TI  - Fooling primality tests on smartcards
PB  - Springer
CY  - Švýcarsko
SN  - 9783030590123
KW  - ECC
KW  - primality
KW  - pseudoprimes
KW  - smartcards
UR  - https://crocs.fi.muni.cz/public/papers/primality_esorics20
L2  - https://crocs.fi.muni.cz/public/papers/primality_esorics20
N2  - We analyse whether the smartcards of the JavaCard platform correctly validate primality of domain parameters. The work is inspired by Albrecht et al. (Prime and Prejudice) [1], where the authors analysed many open-source libraries and constructed pseudoprimes fooling the primality testing functions. However, in the case of smartcards, often there is no way to invoke the primality test directly, so we trigger it by replacing (EC)DSA and (EC)DH prime domain parameters by adversarial composites. Such a replacement results in vulnerability to Pohlig-Hellman [30] style attacks, leading to private key recovery. Out of nine smartcards (produced by five major manufacturers) we tested (See https://crocs.fi.muni.cz/papers/primality_esorics20 for more information), all but one have no primality test in parameter validation. As the JavaCard platform provides no public primality testing API, the problem cannot be fixed by an extra parameter check, making it difficult to mitigate in already deployed smartcards.
ER  -

SEDLÁČEK, Vladimír, Ján JANČÁR a Petr ŠVENDA. Fooling primality tests on smartcards. In Liqun Chen, Ninghui Li, Kaitai Liang and Steve Schneider. \textit{25th European Symposium on Research in Computer Security (ESORICS) 2020}. Švýcarsko: Springer, 2020, s.~209-229. ISBN~978-3-030-59012-3. Dostupné z: https://dx.doi.org/10.1007/978-3-030-59013-0\_{}11.

Podrobný výpis o publikaci