Black-box cryptography is dangerous III

Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries wit...

Full description

Saved in:
Bibliographic Details
Main Author: Lee, Esther Yu Ling.
Other Authors: Leong Peng Chor
Format: Final Year Project
Language:English
Published: 2013
Subjects:
Online Access:http://hdl.handle.net/10356/53222
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries without knowing its functionality is similar to using cryptography as a black box device. The issue of a SETUP(Secretly Embedded Trapdoor with Universal Protection) mechanism can be used to leak encrypted information inside a cryptographic algorithm has been raised by Adam Young and Moti Yung, hence this project will explore SETUP attacks on security APIs that are used in a black box manner. This project focuses on the implementation of a SETUP attack on RSA on a Windows OS and on the Java Security Architecture. The project is able to show that Windows OS and the Java Security Architecture are quite easily vulnerable to SETUP attacks as security APIs can be modified into contaminated code rather easily. The project is somewhat unsuccessful in emulating a SETUP attack on RSA by affecting the prime factor generation due to fluctuations in its runtime, however, it is still able to show much potential in being a feasible mode of attack if that aspect can be improved on.