zenon/applied-cryptography
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
applied-cryptography/ass5/refs.bib
Tobias Eidelpes fbee5b825e Initial commit
2022-06-10 13:37:13 +02:00

37 lines
2.7 KiB
BibTeX
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

@article{drown2016,
title = "DROWN: Breaking TLS using SSLv2",
author = "Nimrod Aviram, Sebastian Schinzel",
year = "2016",
institution = "Department of Electrical Engineering, Tel Aviv University, Münster University of Applied Sciences",
month = "01",
Date-Added = "2016-01-11 10:05:52",
note = "\url{https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_aviram.pdf}"
}
@article{takahashi2018,
title = "New Bleichenbacher Records: Fault Attacks on qDSA Signatures2",
author = "Akira Takahashi, Mehdi Tibouchi and Masayuki Abe",
year = "2018",
institution = "Kyoto University, NTT Secure Platform Laboratories",
note = "\url{https://eprint.iacr.org/2018/396.pdf}"
}
@inproceedings{morpheus2021,
author = {Yahyazadeh, Moosa and Chau, Sze Yiu and Li, Li and Hue, Man Hong and Debnath, Joyanta and Ip, Sheung Chiu and Li, Chun Ngai and Hoque, Endadul and Chowdhury, Omar},
title = {Morpheus: Bringing The (PKCS) One To Meet the Oracle},
year = {2021},
isbn = {9781450384544},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3460120.3485382},
doi = {10.1145/3460120.3485382},
abstract = {This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.},
booktitle = {Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
pages = {24742496},
numpages = {23},
keywords = {non-compliance checking, reference implementation, PKCS#1 signature verification, adaptive combinatorial testing},
location = {Virtual Event, Republic of Korea},
series = {CCS '21},
note = "\url{https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8835216}"
}
Reference in New Issue View Git Blame Copy Permalink