Petr Švenda is security researcher at the Masaryk University, Brno, Czech Republic. He engages in the research of a randomness and pseudo-randomness and key distribution protocols usable for systems with multiple parties, often with the devices significantly limited in performance capabilities and/or working in partially compromised environment, e.g., cryptographic smart cards or wireless sensor networks. He also focuses on a utilization of secure hardware in complex scenarios and the development of secure applications on such platforms in Enigma Bridge, Cambridge, UK.
[Abstract]
==========
Can bits of an RSA public key leak information about design and implementation choices such as the prime generation algorithm? We analysed over 60 million freshly generated key pairs from 22 open- and closed-source libraries and from 16 different smartcards, revealing significant leakage. The bias introduced by different choices is sufficiently large to classify a probable library or smartcard with high accuracy based only on the values of public keys. Such a classification can be used to identify library responsible for the occurrence of weak keys, to quickly detect other keys from the same vulnerable library, decrease the anonymity set of users of anonymous mailers or operators of linked Tor hidden services or to verify a claim of use of secure hardware by a remote party. The classification of the key origins of more than 10 million RSA-based IPv4 TLS keys and 1.4 million PGP keys also provides an independent estimation of the libraries that are most commonly used to generate the keys found on the Internet.
Our broad inspection also provides deep insight regarding which of the recommendations for RSA key pair generation are followed in practice, including closed-source libraries and smartcards. The talk will be based on Usenix Security 2016 paper and will provide additional fresh details from our continuous analysis of more libraries and smartcards we currently perform.