Black-box cryptography is dangerous III
Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries wit...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
2013
|
Subjects: | |
Online Access: | http://hdl.handle.net/10356/53222 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries without knowing its functionality is similar to using cryptography as a black box device. The issue of a SETUP(Secretly Embedded Trapdoor with Universal Protection) mechanism can be used to leak encrypted information inside a cryptographic algorithm has been raised by Adam Young and Moti Yung, hence this project will explore SETUP attacks on security APIs that are used in a black box manner.
This project focuses on the implementation of a SETUP attack on RSA on a Windows OS and on the Java Security Architecture. The project is able to show that Windows OS and the Java Security Architecture are quite easily vulnerable to SETUP attacks as security APIs can be modified into contaminated code rather easily.
The project is somewhat unsuccessful in emulating a SETUP attack on RSA by affecting the prime factor generation due to fluctuations in its runtime, however, it is still able to show much potential in being a feasible mode of attack if that aspect can be improved on. |
---|