Large-scale analysis of the security of cryptographic keys
Date
2021-01-27
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
ORCID
0000-0002-2841-7954
Type
Thesis
Degree Level
Masters
Abstract
Cryptographic algorithms are considered provably secure due to their strong mathematical foundation. Notwithstanding, real-life application of cryptographic algorithms and protocols continues to fail. These failures are frequently due to low entropy, faulty library implementation, and Application Programming Interface (API) misuse. Biases introduced during the generation process incorporate distinct bit patterns in RSA cryptographic keys allowing their attribution, thus endangering their advertised security.
This thesis proposes a novel attribution approach to link cryptographic keys to their originating libraries based on moduli’s characteristics. We analyze over 6.5 million generated keys and show that only a few of these characteristics are enough to achieve a 75% accuracy in the attribution of individual keys to their originating library. Also, depending on the library, our approach is sensitive enough to pinpoint the corresponding major, minor, and build release information for several libraries with accuracy levels between 81% and 98%. We further explore the attribution of SSH keys collected from publicly facing IPv4 addresses proving that our approach differentiates individual libraries of RSA keys with a 95% accuracy.
Description
Keywords
Public-Key Cryptography, RSA, Cryptography, Attribution, Machine Learning
Citation
Degree
Master of Science (M.Sc.)
Department
Computer Science
Program
Computer Science