Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
- LecturerDr. Nadia Heninger (Microsoft Research New England)
Host: Bo-Yin Yang - Time2012-11-14 (Wed.) 14:00 ~ 15:00
- LocationAuditorium 106 at new IIS Building
Abstract
We performed the largest ever network survey of TLS and SSH servers and found that a surprisingly large fraction of cryptographic keys in our survey were vulnerable or completely compromised due to faulty implementations of random number generators. We were able to cluster and investigate the vulnerable hosts, finding that the vast majority were headless or embedded devices. In this talk, I will describe how RSA and DSA can fail catastrophically when used with malfunctioning random number generators, how we uncovered these problems, and discuss specific software behaviors that induce them. Finally, I will suggest defenses and draw lessons for developers, users, and the security community.