Biased RSA private keys: Origin attribution of GCD-factorable keys

JANOVSKÝ, Adam, Matúš NEMEC, Petr ŠVENDA, Peter SEKAN and Václav MATYÁŠ. Biased RSA private keys: Origin attribution of GCD-factorable keys. In Liqun Chen and Ninghui Li and Kaitai Liang and Steve Schneider. Computer Security – ESORICS 2020. Cham, Switzerland: Springer, 2020, p. 505-524. ISBN 978-3-030-59012-3. Available from: https://dx.doi.org/10.1007/978-3-030-59013-0_25.

Basic information

Original name

Biased RSA private keys: Origin attribution of GCD-factorable keys

Name in Czech

neuniformní privátní RSA klíče: Určování původu klíčů faktorizovatelných algoritmem GCD

Authors

JANOVSKÝ, Adam (203 Czech Republic, guarantor, belonging to the institution), Matúš NEMEC (703 Slovakia), Petr ŠVENDA (203 Czech Republic, belonging to the institution), Peter SEKAN (703 Slovakia) and Václav MATYÁŠ (203 Czech Republic, belonging to the institution)

Edition

Cham, Switzerland, Computer Security – ESORICS 2020, p. 505-524, 20 pp. 2020

Publisher

Springer

---

Other information

Language

English

Type of outcome

Stať ve sborníku

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

Switzerland

Confidentiality degree

není předmětem státního či obchodního tajemství

Publication form

printed version "print"

References:

URL

Impact factor

Impact factor: 0.402 in 2005

RIV identification code

RIV/00216224:14330/20:00115914

Organization unit

Faculty of Informatics

ISBN

978-3-030-59012-3

ISSN

DOI

http://dx.doi.org/10.1007/978-3-030-59013-0_25

UT WoS

001229989600025

Keywords in English

Cryptographic library; RSA factorization; Measurement; RSA key classification; Statistical model

Tags

core_A, firank_A

Tags

International impact, Reviewed

---

Abstract

V originále

In 2016, Švenda et al. (USENIX 2016, The Million-key Question) reported that the implementation choices in cryptographic libraries allow for qualified guessing about the origin of public RSA keys. We extend the technique to two new scenarios when not only public but also private keys are available for the origin attribution -- analysis of a source of GCD-factorable keys in IPv4-wide TLS scans and forensic investigation of an unknown source. We learn several representatives of the bias from the private keys to train a model on more than 150 million keys collected from 70 cryptographic libraries, hardware security modules and cryptographic smartcards. Our model not only doubles the number of distinguishable groups of libraries (compared to public keys from Švenda et al.) but also improves more than twice in accuracy w.r.t. random guessing when a single key is classified. For a forensic scenario where at least 10 keys from the same source are available, the correct origin library is correctly identified with average accuracy of 89\% compared to 4\% accuracy of a random guess. The technique was also used to identify libraries producing GCD-factorable TLS keys, showing that only three groups are the probable suspects.

---

Links

GA20-03426S, research and development project	Name: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek Investor: Czech Science Foundation
MUNI/A/1076/2019, interní kód MU	Name: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20 (Acronym: SKOMU) Investor: Masaryk University, Category A