Analyzing Standards for RSA Integers

Loebenberger, Daniel; Nüsken, Michael

doi:10.1007/978-3-642-21969-6_16

Cited by 4 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e generation of RSA keys is described in several standards (e.g., FIPS 186-4 [46], IEEE 1363-2000 [1] -see [53] for an overview), many having di erent requirements for the form of the primes. One feature is common to all these standards -the primes should be generated randomly using a large amount of entropy.…”

Section: Related Workmentioning

confidence: 99%

Universelle Referenzarchitektur für eine sichere cloudbasierte Automation

Bartsch¹,

Hübner

2019

atp

View full text Add to dashboard Cite

In the first of a series of articles, we introduce the term “Symbiotic Security” to denote an ideal architecture where all essential components (e.g. hardware, software or networks) contribute to raising the architectural security bar. The growing importance of cloud computing for secure and resilient automation and its intended independence from hardware to accommodate all platforms have led us to observe a disconnect between well-known cloud service providers and manufacturers of embedded devices or IoT: the unsolved problem of initial enrolment. After elaborating on the root cause of this gulf we present a non-invasiveextension and implementation of a cloud IoT reference architecture for an automated, mutually authenticated and encrypted roll-out of IoT nodes. To also enable automated key management without human intervention, the system refrains from using any static secrets usually employed by the hardware vendors – a longstanding point of criticism. Despite our practical choice of a target platform, the idea itself is uniform across such environments given their inherent similarities.

show abstract

Section: Related Workmentioning

confidence: 99%

Universelle Referenzarchitektur für eine sichere cloudbasierte Automation

Bartsch¹,

Hübner

2019

atp

View full text Add to dashboard Cite

show abstract

“…As for the entropy estimations, we do not know any related work on this. A conference version of this article, focusing on the analysis of standardized RSA key-generators only, was published in Loebenberger & Nüsken (2011).…”

Section: Introductionmentioning

confidence: 99%

Notions for RSA integers

Loebenberger

Nüsken

2014

IJACT

Self Cite

View full text Add to dashboard Cite

The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a "secure" RSA modulus it does not matter how exactly one generates RSA integers. In this work we show that this is indeed the case to a large extend: First, we give a theoretical framework that will enable us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define (up to an error of very small order) and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.

show abstract

“…Nevertheless, these 173 n-values do not comply with the standards for the generation of RSA moduli (cf. [19]) and they were discarded. Nine cases are probably due to copy-and-paste errors, as eight proper moduli were found that differed from the wrong ones in a few hexadecimal positions (two distinct wrong moduli match up with the same correct one).…”

Section: Rsamentioning

confidence: 99%

“…Key generation standards for RSA (cf. [23]) have been analysed and found to be satisfactory in [19]. In [11] and [26] (and the references therein) several problems have been identified that are mostly related to the way certificates are used.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Public Keys

Lenstra

Hughes

Augier

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We performed a sanity check of public keys collected on the web and found that the vast majority works as intended. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that this is not always the case, resulting in public keys that offer no security. Our conclusion is that generating secure public keys in the real world is challenging. We did not study usage of public keys.

show abstract

Analyzing Standards for RSA Integers

Cited by 4 publications

References 8 publications

Universelle Referenzarchitektur für eine sichere cloudbasierte Automation

Universelle Referenzarchitektur für eine sichere cloudbasierte Automation

Notions for RSA integers

Public Keys

Contact Info

Product

Resources

About