SEDLÁČEK, Vladimír, Ján JANČÁR and Petr ŠVENDA. Fooling primality tests on smartcards. In Liqun Chen, Ninghui Li, Kaitai Liang and Steve Schneider. 25th European Symposium on Research in Computer Security (ESORICS) 2020. Švýcarsko: Springer, 2020, p. 209-229. ISBN 978-3-030-59012-3. Available from: https://dx.doi.org/10.1007/978-3-030-59013-0_11.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Fooling primality tests on smartcards
Authors SEDLÁČEK, Vladimír (203 Czech Republic, guarantor, belonging to the institution), Ján JANČÁR (703 Slovakia, belonging to the institution) and Petr ŠVENDA (203 Czech Republic, belonging to the institution).
Edition Švýcarsko, 25th European Symposium on Research in Computer Security (ESORICS) 2020, p. 209-229, 21 pp. 2020.
Publisher Springer
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Confidentiality degree is not subject to a state or trade secret
Publication form printed version "print"
WWW Website
Impact factor Impact factor: 0.402 in 2005
RIV identification code RIV/00216224:14330/20:00114216
Organization unit Faculty of Informatics
ISBN 978-3-030-59012-3
ISSN 0302-9743
Doi http://dx.doi.org/10.1007/978-3-030-59013-0_11
Keywords in English ECC; primality; pseudoprimes; smartcards
Tags best2, core_A, firank_A
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 29/4/2021 12:26.
Abstract
We analyse whether the smartcards of the JavaCard platform correctly validate primality of domain parameters. The work is inspired by Albrecht et al. (Prime and Prejudice) [1], where the authors analysed many open-source libraries and constructed pseudoprimes fooling the primality testing functions. However, in the case of smartcards, often there is no way to invoke the primality test directly, so we trigger it by replacing (EC)DSA and (EC)DH prime domain parameters by adversarial composites. Such a replacement results in vulnerability to Pohlig-Hellman [30] style attacks, leading to private key recovery. Out of nine smartcards (produced by five major manufacturers) we tested (See https://crocs.fi.muni.cz/papers/primality_esorics20 for more information), all but one have no primality test in parameter validation. As the JavaCard platform provides no public primality testing API, the problem cannot be fixed by an extra parameter check, making it difficult to mitigate in already deployed smartcards.
Links
GA20-03426S, research and development projectName: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek
Investor: Czech Science Foundation
MUNI/C/1701/2018, interní kód MUName: Side channel analysis of elliptic curve cryptography on smart cards (Acronym: ECSCA)
Investor: Masaryk University, Rector's Program
PrintDisplayed: 18/7/2024 14:21