Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Speaker: Nadia Heninger, Microsoft Research, New England
Date: Monday, December 3 2012
Time: 4:00PM to 5:00PM
Refreshments: 4:00PM
Location: Stata, G575
Contact: Raluca Ada Popa, ralucap@mit.edu
Abstract: RSA and DSA can fail catastrophically when used with malfunctioning random number generators, but the extent to which these problems arise in practice has never been comprehensively studied at Internet scale.
We perform the largest ever network survey of TLS and SSH servers and
present evidence that vulnerable keys are surprisingly widespread. We
find that 0.75% of TLS certificates share keys due to insufficient
entropy during key generation, and we suspect that another 1.70% come
from the same faulty implementations and may be susceptible to
compromise. Even more alarmingly, we are able to obtain RSA private
keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their
public keys shared nontrivial common factors due to entropy problems,
and DSA private keys for 1.03% of SSH hosts, because of insufficient
signature randomness. We cluster and investigate the vulnerable hosts,
finding that the vast majority appear to be headless or embedded devices. In experiments with three software components commonly used by these devices, we are able to reproduce the vulnerabilities and identify specific software behaviors that induce them, including a boot-time entropy hole in the Linux random number generator. Finally, we suggest defenses and draw lessons for developers, users, and the
security community.
Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman.
Bio: Nadia Heninger is a postdoctoral visiting researcher at Microsoft
Research New England. Last year she was an NSF mathematical sciences
postdoctoral fellow at UC San Diego. She finished her PhD in 2011 at
Princeton.
See other events that are part of CSAIL Security Seminar 2012/2013
See other events happening in December 2012
