Black-box cryptography is dangerous III
Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries wit...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/53222 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-53222 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-532222023-03-03T20:41:00Z Black-box cryptography is dangerous III Lee, Esther Yu Ling. Leong Peng Chor School of Computer Engineering DRNTU::Library and information science::Cryptography Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries without knowing its functionality is similar to using cryptography as a black box device. The issue of a SETUP(Secretly Embedded Trapdoor with Universal Protection) mechanism can be used to leak encrypted information inside a cryptographic algorithm has been raised by Adam Young and Moti Yung, hence this project will explore SETUP attacks on security APIs that are used in a black box manner. This project focuses on the implementation of a SETUP attack on RSA on a Windows OS and on the Java Security Architecture. The project is able to show that Windows OS and the Java Security Architecture are quite easily vulnerable to SETUP attacks as security APIs can be modified into contaminated code rather easily. The project is somewhat unsuccessful in emulating a SETUP attack on RSA by affecting the prime factor generation due to fluctuations in its runtime, however, it is still able to show much potential in being a feasible mode of attack if that aspect can be improved on. Bachelor of Engineering (Computer Engineering) 2013-05-30T08:48:57Z 2013-05-30T08:48:57Z 2013 2013 Final Year Project (FYP) http://hdl.handle.net/10356/53222 en Nanyang Technological University 57 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Library and information science::Cryptography |
| spellingShingle |
DRNTU::Library and information science::Cryptography Lee, Esther Yu Ling. Black-box cryptography is dangerous III |
| description |
Cryptographic libraries are readily available for developers to use and download however, many a times, developers do not understand or check the exact codes that they have downloaded and are implementing. Developers who do not check the implementation of the libraries and just use the libraries without knowing its functionality is similar to using cryptography as a black box device. The issue of a SETUP(Secretly Embedded Trapdoor with Universal Protection) mechanism can be used to leak encrypted information inside a cryptographic algorithm has been raised by Adam Young and Moti Yung, hence this project will explore SETUP attacks on security APIs that are used in a black box manner.
This project focuses on the implementation of a SETUP attack on RSA on a Windows OS and on the Java Security Architecture. The project is able to show that Windows OS and the Java Security Architecture are quite easily vulnerable to SETUP attacks as security APIs can be modified into contaminated code rather easily.
The project is somewhat unsuccessful in emulating a SETUP attack on RSA by affecting the prime factor generation due to fluctuations in its runtime, however, it is still able to show much potential in being a feasible mode of attack if that aspect can be improved on. |
| author2 |
Leong Peng Chor |
| author_facet |
Leong Peng Chor Lee, Esther Yu Ling. |
| format |
Final Year Project |
| author |
Lee, Esther Yu Ling. |
| author_sort |
Lee, Esther Yu Ling. |
| title |
Black-box cryptography is dangerous III |
| title_short |
Black-box cryptography is dangerous III |
| title_full |
Black-box cryptography is dangerous III |
| title_fullStr |
Black-box cryptography is dangerous III |
| title_full_unstemmed |
Black-box cryptography is dangerous III |
| title_sort |
black-box cryptography is dangerous iii |
| publishDate |
2013 |
| url |
http://hdl.handle.net/10356/53222 |
| _version_ |
1759858144247283712 |