Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CTRSA
2012
Springer
2012
Springer
Practical Realisation and Elimination of an ECC-Related Software Bug Attack
We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-...
Real-time TrafficBug Attack | Collaborative Software Development | Cryptology | CTRSA 2012 | Implementation Features |
| Added | 21 Apr 2012 |
| Updated | 21 Apr 2012 |
| Type | Journal |
| Year | 2012 |
| Where | CTRSA |
| Authors | Billy Bob Brumley, Manuel Barbosa, Dan Page, Frederik Vercauteren |
Comments (0)
Researcher Info
|
