Imperfect forward secrecy

Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul

doi:10.1145/3292035

Cited by 11 publications

(6 citation statements)

References 17 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, it is important to consider these factors when examining the usage of these protocols among Portuguese municipal council websites. However, vulnerabilities in HTTPS and its implementation have been identified, such as the Logjam attack which allows for MitM downgrades to "export-grade" Diffie-Hellman (Adrian et al, 2018).…”

Section: Related Workmentioning

confidence: 99%

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

2023

IJMCNM

View full text Add to dashboard Cite

The services supporting the websites, both public and private entities, may support security protocols such as HTTPS or DNSSEC. Public and private entities have a responsibility to ensure the security of their online platforms. Entities in the public domain such as city councils provide their services through their websites. However, each city council has its systems, configurations, and IT teams, and this means they have different standings regarding the security protocols supported. This paper analyzes the status of security protocols on Portuguese city council websites, specifically HTTPS and DNSSEC. The study evaluated 308 city council websites using a script developed for the research, and data was collected from the website of Direção Geral das Autarquias Locais (DGAL) on December 14, 2022, and the websites were scanned on December 22, 2022. The results of this assessment reveal that around 97% of city council websites use RSA as their encryption algorithm and around 84% use 2048-bit length keys for digital certificate signing. Furthermore, about 53% of the city council websites are still supporting outdated and potentially insecure SSL/TLS versions, and around 95% of the councils are not implementing DNSSEC in their domains. These results highlight potential areas for improvement in cybersecurity measures and can serve as a baseline to track progress toward improving cybersecurity maturity in Portuguese city councils.

show abstract

Section: Related Workmentioning

confidence: 99%

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

2023

IJMCNM

View full text Add to dashboard Cite

show abstract

“…Hence, researchers frequently conduct own active Internet measurement, e.g., using ZMap [26]. On the web, these measurements allowed to analyze the deployment of new TLS versions [41,51] and revealed wide security configuration mistakes [7, 10, 38-40, 48, 52] or implementation deficits [1,36,73]. Aside the web, researchers assessed the security of SSH services [29,81] and key-value stores leaking confidential data [34].…”

Section: Related Workmentioning

confidence: 99%

“…Since users will most likely not use such keys to secure their deployments, we filter out test keys that are included in kompromat [69], a repository listing already compromised secrets (filter Kompromat). More specifically, we filter keys occurring in RFCs (6), libraries for software tests (1,820), or as special test vectors (3).…”

Section: Match Validationmentioning

confidence: 99%

“…While the procedure of automatic key generation is beneficial on real hardware, i.e., users are not tempted to reuse keys on different hosts, in published Docker images it automatically leads to compromised keys and thus puts the authenticity of all containers relying on this image in danger. Further 8.1 % of found private keys were generated by a direct call of ssh-keygen, e.g., to generate fresh 1 Images found by both query groups are not included. 2 Secrets can be associated with both, File and Exec.…”

Section: Fresh Private Keys Andmentioning

confidence: 99%

See 1 more Smart Citation

Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact

Dahlmanns

Sander

Decker

et al. 2023

Proceedings of the ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets-either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear.In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5 % of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse. CCS CONCEPTS• Security and privacy → Network security; Key management.

show abstract

“…The early practical building blocks of public-key cryptography are attributed to the Diffie-Hellman protocol over finite fields and the RSA cryptosystem. Though several other cryptographic primitives have entered the landscape, the RSA and finite field Diffie-Hellman methods are more prevalent in terms of their use for secure information transmission and key exchange in the computing field [22].…”

Section: Introductionmentioning

confidence: 99%

Continued Fractions Applied to the One Line Factoring Algorithm for Breaking RSA

Overmars,

Venkatraman

2024

JCP

View full text Add to dashboard Cite

The RSA (Rivest–Shamir–Adleman) cryptosystem is an asymmetric public key cryptosystem popular for its use in encryptions and digital signatures. However, the Wiener’s attack on the RSA cryptosystem utilizes continued fractions, which has generated much interest in developing competitive factoring algorithms. A general-purpose integer factorization method first proposed by Lehmer and Powers formed the basis of the well-known Continued Fraction Factorization (CFRAC) method. Recent work on the one line factoring algorithm by Hart and its connection with Lehman’s factoring method have motivated this paper. The emphasis of this paper is to explore the representations of PQ as continued fractions and the suitability of lower ordered convergences as representations of ab. These simpler convergences are then prescribed to Hart’s one line factoring algorithm. As an illustration, we demonstrate the working of our approach with two numbers: one smaller number and another larger number occupying 95 bits. Using our method, the fourth convergence finds the factors as the solution for the smaller number, while the eleventh convergence finds the factors for the larger number. The security of the RSA public key cryptosystem relies on the computational difficulty of factoring large integers. Among the challenges in breaking RSA semi-primes, RSA250, which is an 829-bit semi-prime, continues to hold a research record. In this paper, we apply our method to factorize RSA250 and present the practical implementation of our algorithm. Our approach’s theoretical and experimental findings demonstrate the reduction of the search space and a faster solution to the semi-prime factorization problem, resulting in key contributions and practical implications. We identify further research to extend our approach by exploring limitations and additional considerations such as the difference of squares method, paving the way for further research in this direction.

show abstract

Imperfect forward secrecy

Cited by 11 publications

References 17 publications

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact

Continued Fractions Applied to the One Line Factoring Algorithm for Breaking RSA

Contact Info

Product

Resources

About