Paper Info
Title
Mining your Ps and Qs: detection of widespread weak keys in network devices
Abstract
RSA and DSA can fail catastrophically when used with malfunctioning random number generators, but the extent to which these problems arise in practice has never been comprehensively studied at Internet scale. We perform the largest ever network survey of TLS and SSH servers and present evidence that vulnerable keys are surprisingly widespread. We find that 0.75% of TLS certificates share keys due to insufficient entropy during key generation, and we suspect that another 1.70% come from the same faulty implementations and may be susceptible to compromise. Even more alarmingly, we are able to obtain RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their public keys shared nontrivial common factors due to entropy problems, and DSA private keys for 1.03% of SSH hosts, because of insufficient signature randomness. We cluster and investigate the vulnerable hosts, finding that the vast majority appear to be headless or embedded devices. In experiments with three software components commonly used by these devices, we are able to reproduce the vulnerabilities and identify specific software behaviors that induce them, including a boot-time entropy hole in the Linux random number generator. Finally, we suggest defenses and draw lessons for developers, users, and the security community.
Year
Venue
Keywords
2012
USENIX Security Symposium
dsa private key,tls host,widespread weak key,network device,insufficient entropy,ssh server,insufficient signature randomness,tls certificates share,rsa private key,ssh host,boot-time entropy hole,linux random number generator
Field
DocType
Citations 
Key generation,Internet privacy,Computer science,Computer security,Server,Networking hardware,Component-based software engineering,Random number generation,Public-key cryptography,The Internet,Randomness
Conference
131
PageRank 
References 
Authors
6.79
23
4
Search Limit
100131
Name
Order
Citations
PageRank
Nadia Heninger188550.78
Zakir Durumeric293548.86
Eric Wustrow356437.93
J. Alex Halderman42301149.67