Random and Key Generation Evaluation of Tokens and Smart Cards Boorghany et al. ISCISC 2014 م حی ر ل ن ا حم ر ل ا م ا بسRandom Data and Key Generation Evaluation of Some Commercial Tokens and Smart Cards Ahmad Boorghany, Siavash Bayat Sarmadi, Parnian Yousefi, Pouneh Gorji, Rasool Jalili Data & Network Security Lab (DNSL) Computer Engineering Dept., Sharif Univ. of Technology ISCISC’14 September 3, 2014
22
Embed
میحرلانمحرلاللهامسبce.sharif.edu/~boorghany/pubdown/tokenrand-slides.pdf · o Randomness Failures in Cryptography ... Java Card: How to talk to these ... “Randomly
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
بسم اهلل الرحمن الرحیم
Random Data and Key Generation Evaluation of Some Commercial Tokens and Smart Cards
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
Evaluation Results
Eval. Results
15 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
Simple frequency diagram
Randomness Evaluation
Eval. Results
16 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
Randomness Evaluation – STS Results
Eval. Results
17 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
Token 5: very small prime factors: 3, 5, 7, … .
RSA Key Evaluation
Eval. Results
18 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
Evaluation is a must!
Better evaluation methods required
Note: only simple vulnerabilities can be foundby statistical testing
Other schemes: ECDSA, etc.
Conclusion and Future Works
19 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
Thanks for your attention
Questions?
20 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
[GM84] S. Goldwasser, S. Micali, “Probabilistic encryption,” J. Computer and System Sciences, vol. 28, no. 2, pp. 270-299, 1984.
[YRS+09] S. Yilek, E. Rescorla, H. Shacham, B. Enright, and S. Savage, “When private keys are public: results from the 2008 Debian OpenSSL vulnerability," In Proc. 9th ACM SIGCOMM Conf., 2009, pp. 15-27.
[HDWH12] N. Heninger, Z. Durumeric., E. Wustrow, and J. A. Halderman, “Mining your Ps and Qs: Detection of widespread weak keys in network devices,” In Proc. 21st USENIX Security Symp., 2012, pp. 205-220.
[MMS13] K. Michaelis, C. Meyer, and J. Schwenk, “Randomly failed! The state of randomness in current Java implementations.” In Proc. Topics in Cryptology–CT-RSA, 2013, pp. 129-144.
References
21 / 20
Random and Key Generation Evaluation of Tokens and Smart CardsBoorghany et al. ISCISC 2014
Eval. ResultsOur ExperimentsBackground
[But13] V. Buterin. (2013, August 11). Critical Vulnerability Found In Android Wallets [Online]. Available: http://bitcoinmagazine.com/6251/critical-vulnerability-found-in-android-wallets/
[BCC+13] D. J. Bernstein et al., “Factoring RSA keys from certified smart cards: Coppersmith in the wild,” In Proc. 19th Advances in Cryptology-ASIACRYPT, 2013, pp. 341-360.