Research Article
Origin Attribution of RSA Public Keys
@INPROCEEDINGS{10.1007/978-3-030-90019-9_19, author={Enrico Branca and Farzaneh Abazari and Ronald Rivera Carranza and Natalia Stakhanova}, title={Origin Attribution of RSA Public Keys}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2021}, month={11}, keywords={RSA security Cryptographic libraries Attribution}, doi={10.1007/978-3-030-90019-9_19} }
- Enrico Branca
Farzaneh Abazari
Ronald Rivera Carranza
Natalia Stakhanova
Year: 2021
Origin Attribution of RSA Public Keys
SECURECOMM
Springer
DOI: 10.1007/978-3-030-90019-9_19
Abstract
In spite of strong mathematical foundations of cryptographic algorithms, the practical implementations of cryptographic protocols continue to fail. Insufficient entropy, faulty library implementation, API misuse do not only jeopardize the security of cryptographic keys, but also lead to distinct patterns that can result in keys’ origin attribution. In this work, we examined attribution of cryptographic keys based on their moduli. We analyzed over 6.5 million keys generated by 43 cryptographic libraries versions on 20 Linux OS versions released over the past 8 years. We showed that with only a few moduli characteristics, we can accurately (with 75% accuracy) attribute an individual key to the originating library. Depending on the library, our approach is sensitive enough to pinpoint the corresponding major, minor, and build release of several libraries that generated an individual key with an accuracy of 81%–98%. We further explore attribution of SSH keys collected from publicly facing IPv4 addresses showing that our approach is able to differentiate individual libraries of RSA keys with 95% accuracy.