91 Hits in 5.8 sec

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

Tibor Jager, Jörg Schwenk, Juraj Somorovsky
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Encrypted key transport with RSA-PKCS#1 v1.5 is the most commonly deployed key exchange method in all current versions of the Transport Layer Security (TLS) protocol, including the most recent version  ...  A long history of attacks shows that RSA-PKCS#1 v1.5 is extremely difficult to implement securely. The current draft of TLS version 1.3 dispenses with this encrypted key transport method.  ...  certificate collection, the reviewers of USENIX Security 2015 for suggesting to analyze the applicability of our attacks to QUIC, and the reviewers of ACM CCS 2015 for their helpful comments.  ... 
doi:10.1145/2810103.2813657 dblp:conf/ccs/JagerSS15 fatcat:iiopfpxglzd5xhfwf7giozblze

Security Proof for Partial-Domain Hash Signature Schemes [chapter]

Jean-Sébastien Coron
2002 Lecture Notes in Computer Science  
This provides a security proof for a variant of the signature standards ISO 9796-2 and PKCS#1 v1.5, in which a larger digest size is used.  ...  We study the security of partial-domain hash signature schemes, in which the output size of the hash function is only a fraction of the modulus size.  ...  Acknowledgements I wish to thanks the anonymous referees for their helpful comments.  ... 
doi:10.1007/3-540-45708-9_39 fatcat:25glh5dy5jaqfm5thcd3qo7kfu

Weakened Random Oracle Models with Target Prefix [article]

Masayuki Tezuka, Yusuke Yoshida, Keisuke Tanaka
2021 arXiv   pre-print
Analyzing the security of cryptographic schemes in WROMs, we can specify the property of a hash function on which the security of cryptographic schemes depends.  ...  In particular, we focus on signature schemes such as RSA-FDH, its variants, and DSA, in order to understand essential roles of WROMs in their security proofs.  ...  We are grateful to Kazuo Ohta (University of Electro-Communications) and Shiho Moriai (National Institute of Information and Communications Technology) for giving us the opportunity to do this research  ... 
arXiv:2107.05411v1 fatcat:66m2rfgoubcmzhv7jhao3fgy7e

Return Of Bleichenbacher's Oracle Threat (ROBOT)

Hanno Böck, Juraj Somorovsky, Craig Young
2018 Zenodo  
In 1998 Bleichenbacher presented an adaptive chosen-ciphertext attack on the RSA PKCS~#1~v1.5 padding scheme.  ...  Given the importance of this attack, countermeasures were defined in TLS and other cryptographic standards using RSA PKCS~#1~v1.5.  ...  Acknowledgments The authors thank Tibor Jager for providing a Python implementation of the Bleichenbacher attack, Adam Langley for feedback on QUIC and timing problems in Go TLS, Eric Mill from GSA for  ... 
doi:10.5281/zenodo.3610288 fatcat:cqu5bd5nlndota5nlgl5gnwgiq

Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption [chapter]

Tibor Jager, Sebastian Schinzel, Juraj Somorovsky
2012 Lecture Notes in Computer Science  
We describe several attacks against the PKCS#1 v1.5 key transport mechanism of XML Encryption.  ...  An interesting novelty of one of our attacks is that it combines a weakness of a public-key scheme (transporting an ephemeral session key) with a different weakness of a symmetric encryption scheme (which  ...  We thank Felix Freiling, Thorsten Holz, Kenny Paterson, Jörg Schwenk, and the anonymous reviewers for their helpful comments.  ... 
doi:10.1007/978-3-642-33167-1_43 fatcat:r77vnt5qczcyjk757o3skvo44u

Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3 [chapter]

Phong Q. Nguyen
2004 Lecture Notes in Computer Science  
In this paper, we illustrate this point by examining the case of a basic Internet application of cryptography: secure email.  ...  The most serious flaw has been present in GPG for almost four years: we show that as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer's private  ...  Signature GPG implements RSA signatures as defined by PKCS#1 v1.5.  ... 
doi:10.1007/978-3-540-24676-3_33 fatcat:o54ati3tkvfqfnqycfdxpp3vry

The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10

Daniel De Almeida Braga, Pierre-Alain Fouque, Mohamed Sabt
2020 Transactions on Cryptographic Hardware and Embedded Systems  
In this paper, we analyze SCP10, which is the Secure Channel Protocol (SCP) that relies on RSA for key exchange and authentication. Our findings are twofold.  ...  Second, we propose a secure implementation of SCP10 and discuss how it can mitigate the discovered flaws. Finally, we measure the overhead incurred by the implemented countermeasures.  ...  We would like to thank Gil Bernabeu, the Technical Director of GlobalPlatform, for his responsiveness regarding the identified vulnerabilities.  ... 
doi:10.13154/tches.v2020.i3.196-218 dblp:journals/tches/BragaFS20 fatcat:dh5cieht2jcfdojvyz4nujsbl4

Public Key Cryptography Standards: PKCS [article]

Yongge Wang
2012 arXiv   pre-print
PKCS standards are a set of standards, called PKCS #1 through #15.  ...  This chapter discusses Public-Key Cryptography Standards (PKCS) which have significant impact on the use of public key cryptography in practice.  ...  The author would like to thank anonymous referees for the constructive comments on improving the presentation of this Chapter.  ... 
arXiv:1207.5446v1 fatcat:hsxkotdacjehjjbktwut74stba

NTRUEncrypt – A Quantum Proof Replacement to RSA Cryptosystem

2020 International Journal of Advanced Trends in Computer Science and Engineering  
The purpose of encryption is to provide a secure environment for communication and to keep information safe from unauthorized.  ...  As, NTRU is relatively new and cryptosystem of future, we talk more about it in the paper.  ...  Padding used in PKCS#1 OAEP is 42 bytes whereas in PKCS#1-v1.5 it is 11 bytes. From the two schemes, only RSA-OAEP is secure.  ... 
doi:10.30534/ijatcse/2020/109952020 fatcat:rtozaobuh5clndueiys3ij3oiu

Regularity of Lossy RSA on Subdomains and Its Applications [chapter]

Mark Lewko, Adam O'Neill, Adam Smith
2013 Lecture Notes in Computer Science  
For example, consider the "simple embedding" RSA-based encryption scheme specified by RSA PKCS #1 v1.5, which is still in widespread use: roughly, the encryption of a plaintext x is f N,e (x, r) = (x r  ...  Specifically, this is the case for: (i) showing that large consecutive runs of the RSA input bits are simultaneously hardcore, (ii) showing the widely-deployed PKCS #1 v1.5 encryption is semantically secure  ...  A.O. is supported in part by NSF grants CNS-1012910 and CNS-0546614; additionally, this work was done in part while at the University of Texas at Austin, supported by NSF grants CNS-0915361 and CNS-0952692  ... 
doi:10.1007/978-3-642-38348-9_4 fatcat:6fcwq2ya2nem7muwueh476667u

Efficient Padding Oracle Attacks on Cryptographic Hardware [chapter]

Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay
2012 Lecture Notes in Computer Science  
We demonstrate the vulnerabilities on a number of commercially available cryptographic devices, including security tokens, smartcards and the Estonian electronic ID card.  ...  In the asymmetric encryption case, we modify and improve Bleichenbacher's attack on RSA PKCS#1v1.5 padding, giving new cryptanalysis that allows us to carry out the 'million message attack' in a mean of  ...  is known to be a valid PKCS#1 v1.5 block.  ... 
doi:10.1007/978-3-642-32009-5_36 fatcat:yu47h3tdljghndsrl2o6ikbucu

On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness Failures

Jacob C.N. Schuldt, Kazumasa Shinagawa
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
Specifically, we analyze the RSA-OAEP encryption scheme and RSA-PSS signature schemes, specified in PKCS#1, using the related randomness security notion introduced by Paterson et al.  ...  (PKC 2014) and its extension to signature schemes.  ...  Besides these, PKCS#1 v2.2 includes a signature scheme originating from the earlier PKCS#1 v1.5 standard, which is similar to the FDH signature scheme (unlike FDH, a simple padding scheme is used), as  ... 
doi:10.1145/3052973.3053040 dblp:conf/ccs/SchuldtS17 fatcat:6ewmxeqrrjfp7pyvkdqu55zvhy

Statistical Properties of Short RSA Distribution and Their Cryptographic Applications [chapter]

Pierre-Alain Fouque, Jean-Christophe Zapalowicz
2014 Lecture Notes in Computer Science  
Finally, we look at the semantic security of the RSA padding scheme called PKCS#1 v1.5 which is still used a lot in practice.  ...  Consequently, we extend the proof to get a new result closer to the parameters using a recent work of Wooley on exponential sums and we show some limitations of our technique.  ...  We recall the encryption scheme proposed in the standard PKCS #1 v1.5.  ... 
doi:10.1007/978-3-319-08783-2_45 fatcat:nfyk5rca7bbkvfschbidhswmym

On the Regularity of Lossy RSA [chapter]

Adam Smith, Ye Zhang
2015 Lecture Notes in Computer Science  
For example, under this assumption, we show that RSA PKCS #1 v1.5 is secure against chosenplaintext attacks for messages of length roughly log N 4 bits, whereas the previous analysis, due to Lewko et al  ...  We use these bounds to analyze the security of natural cryptographic problems related to RSA, based on the well-studied Φ-Hiding assumption.  ...  Let λ be the security parameter, k = k(λ) ∈ Z + and ϵ(λ), c(λ) > 0. Suppose ΦA holds for c and θ ≥ 4 + log 1 ϵ . Let Π P KCS be the PKCS #1 v1.5 encryption scheme.  ... 
doi:10.1007/978-3-662-46494-6_25 fatcat:vukmpo4lofdqzm7w7nam2xspsy

Why Provable Security Matters? [chapter]

Jacques Stern
2003 Lecture Notes in Computer Science  
The other comes from the area of signature schemes and is related to the security proof of ESIGN [43] .  ...  One example covers the public key encryption formatting scheme OAEP originally proposed in [3] .  ...  The present paper describes the author's view of prov-  ... 
doi:10.1007/3-540-39200-9_28 fatcat:wqiofc3fvndv5bcmifeevrc2ty
« Previous Showing results 1 — 15 out of 91 results