research-article

Public Access

Weak Keys Remain Widespread in Network Devices

Authors:

Marcella Hastings,

Nadia HeningerAuthors Info & Claims

IMC '16: Proceedings of the 2016 Internet Measurement Conference

Pages 49 - 63

https://doi.org/10.1145/2987443.2987486

Published: 14 November 2016 Publication History

Abstract

In 2012, two academic groups reported having computed the RSA private keys for 0.5% of HTTPS hosts on the internet, and traced the underlying issue to widespread random number generation failures on networked devices. The vulnerability was reported to dozens of vendors, several of whom responded with security advisories, and the Linux kernel was patched to fix a boottime entropy hole that contributed to the failures.

In this paper, we measure the actions taken by vendors and end users over time in response to the original disclosure. We analyzed public internet-wide TLS scans performed between July 2010 and May 2016 and extracted 81 million distinct RSA keys. We then computed the pairwise common divisors for the entire set in order to factor over 313,000 keys vulnerable to the aw, and fingerprinted implementations to study patching behavior over time across vendors. We find that many vendors appear to have never produced a patch, and observed little to no patching behavior by end users of affected devices. The number of vulnerable hosts increased in the years after notification and public disclosure, and several newly vulnerable implementations have appeared since 2012. Vendor notification, positive vendor responses, and even vendor-produced public security advisories appear to have little correlation with end-user security.

References

[1]

Junos Pulse/IC (UAC): Details on fixes for OpenSSL "Heartbleed" issue (CVE-2014-0160)/JSA10623. https://kb:juniper:net/InfoCenter/index?page=content&id=KB29007&pmv=print&actp=LIST, April 2014.

[2]

Submitting papers: Human subjects and ethical considerations. https://www:usenix:org/conference/usenixsecurity16/submitting-papers, 2016. Accessed: 2016-09-01.

[3]

Martin R. Albrecht, Davide Papini, Kenneth G. Paterson, and Ricardo Villanueva-Polanco. Factoring 512-bit RSA moduli for fun (and a profit of $9,000). https://martinralbrecht:files:wordpress:com/2015/03/freak-scan1:pdf, 2015.

[4]

Ashish Arora, Ramayya Krishnan, Rahul Telang, and Yubao Yang. An empirical analysis of software vendors' patch release behavior: Impact of vulnerability disclosure. Info. Sys. Research, 21(1):115--132, March 2010.

Digital Library

[5]

D. J. Bernstein. How to find smooth parts of integers. http://cr:yp:to/papers:html#smoothparts.

[6]

Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, and Nicko van Someren. Advances in Cryptology - ASIACRYPT 2013: 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, December 1--5, 2013, Proceedings, Part II, chapter Factoring RSA Keys from Certified Smart Cards: Coppersmith in the Wild, pages 341{360. Springer Berlin Heidelberg, Berlin, Heidelberg, 2013.

[7]

Hanno Bock. About the supposed factoring of a 4096 bit RSA key. https://blog:hboeck:de/archives/872-About-thesupposed-factoring-of-a-4096-bit-RSA-key:html.

[8]

Kevin Butler, Toni R. Farley, Patrick McDaniel, and Jennifer Rexford. A survey of BGP security issues and solutions. In Proceedings of the IEEE, volume 98, October 2013.

[9]

Hong Chan and Sameera Mubarak. Article: Significance of information security awareness in the higher education sector. International Journal of Computer Applications, 60(10):23{31, December 2012.

[10]

Amit Chowdhry. Apple confirms existence of the 'Error 56' iOS 9.3.2 bug. http://www:forbes:com/sites/amitchowdhry/ 2016/05/18/apple-ios-9--3--2-bug, 2016. Accessed: 2016-09-01.

[11]

Edward J. Correia. Review: Dell C3765dnf workgroup color printer. http://www:crn:com/reviews/componentsperipherals/240154599/review-dell-c3765dnfworkgroup-color-printer:htm, 2013.

[12]

D. Dittrich and E. Kenneally. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. Technical report, U.S. Department of Homeland Security, August 2012.

[13]

Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. A search engine backed by Internet-wide scanning. In Proceedings of the 22nd ACM Conference on Computer and Communications Security, October 2015.

Digital Library

[14]

Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J. Alex Halderman. Neither snow nor rain nor MITM...: An empirical analysis of email delivery security. In Proceedings of the 2015 ACM Conference on Internet Measurement Conference, IMC '15, pages 27{39, New York, NY, USA, 2015. ACM.

Digital Library

[15]

Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicolas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. The matter of Heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference, IMC '14, pages 475{488, New York, NY, USA, 2014. ACM.

Digital Library

[16]

Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman. Analysis of the HTTPS certificate ecosystem. In Proceedings of the 13th Internet Measurement Conference, October 2013.

Digital Library

[17]

Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. ZMap: Fast Internet-wide scanning and its security applications. In Proceedings of the 22nd USENIX Security Symposium, August 2013.

Digital Library

[18]

Peter Eckersley and Jesse Burns. An observatory for the SSLiverse. https://www:eff:org/files/DefconSSLiverse:pdf, 2010.

[19]

Chris Evans, Eric Grosse, Neel Mehta, Matt Moore, Tavis Ormandy, Julien Tinnes, Michal Zalewski, and Google Security Team. Rebooting responsible disclosure: a focus on protecting end users. https://security:googleblog:com/2010/07/ rebooting-responsible-disclosure-focus:html, July 2010. Accessed: 2016-09-01.

[20]

Torbjörn Granlund and the GMP development team. GNU MP: The GNU Multiple Precision Arithmetic Library, 5.0.5 edition, 2012.

[21]

Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In Proceedings of the 21st USENIX Security Symposium, August 2012.

Digital Library

[22]

Ralph Holz, Johanna Amann, Olivier Mehani, Matthias Wachs, and Mohamed Ali Kaafar. TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication. Proceedings of NDSS 2016, February 2016.

[23]

Cynthia B. Johnston and Darlene Caldarelli. Xerox Corp.: Xerox International Partners and Fuji Xerox align with Dell to expand imaging and printing marketplace. http://www:businesswire:com/news/home/20040108005690/en/Xerox-Corp:-Xerox-International-Partners-Fuji-Xerox, 2004.

[24]

Thorsten Kleinjung, Kazumaro Aoki, Jens Franke, Arjen K Lenstra, Emmanuel Thomffe, Joppe W Bos, Pierrick Gaudry, Alexander Kruppa, Peter L Montgomery, Dag Arne Osvik, et al. Factorization of a 768-bit RSA modulus. In Advances in Cryptology, CRYPTO '10, pages 333--350. Springer, 2010.

Digital Library

[25]

A. K. Lenstra and H. W. Lenstra, Jr., editors. The Development of the Number Field Sieve. Springer, 1993.

[26]

Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, Thorsten Kleinjung, and Christophe Wachter. Ron was wrong, Whit is right. In 32nd International Cryptology Conference, CRYPTO '12, August 2012. http://eprint:iacr:org/2012/064.

[27]

Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson. You've got vulnerability: Exploring effective vulnerability notifications. In 25th USENIX Security Symposium (USENIX Security 16), pages 1033--1050, Austin, TX, August 2016. USENIX Association.

[28]

Gordon Fyodor Lyon. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, 2009.

Digital Library

[29]

Ilya Mironov. Factoring RSA moduli. part ii. https://windowsontheory:org/2012/05/17/ factoring-rsa-moduli-part-ii/, May 2012.

[30]

Rapid7. Project Sonar SSL Certificates. https://scans:io/study/sonar:ssl, April 2016.

[31]

Ronald L Rivest, Adi Shamir, and Len Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120{126, 1978.

Digital Library

[32]

Hanna Smigala and Amanda Naiman. Siemens and IBM team on next generation of cloud-based building energy management solutions. http://www-03:ibm:com/press/us/en/ pressrelease/49159:wss, February 2016.

[33]

Jeffrey M. Stanton, Kathryn R. Stam, Paul Mastrangelo, and Jeffrey Jolton. Analysis of end user security behaviors. Comput. Secur., 24(2):124--133, March 2005.

Digital Library

[34]

Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, and Michael Backes. Hey, you have a problem: On the feasibility of large-scale web vulnerability notification. In 25th USENIX Security Symposium (USENIX Security 16), pages 1015--1032, Austin, TX, August 2016. USENIX Association.

[35]

Daniel R. Thomas, Alastair R. Beresford, and Andrew Rice. Security metrics for the Android ecosystem. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '15, pages 87--98, New York, NY, USA, 2015. ACM.

Digital Library

[36]

Theodore Ts'o. /dev/random fixups. https://lkml:org/lkml/2012/7/5/414.

[37]

Theodore Ts'o. random: introduce getrandom(2) system call. https://lwn:net/Articles/605828/, 2014.

[38]

Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri, and Nadia Heninger. Factoring as a service. In Financial Cryptography. Springer, 2016.

[39]

Rob VandenBrink. Be careful what you scan for! https://isc:sans:edu/forums/diary/Be+Careful+what+you+Scan+for/18017/.

[40]

Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, and Stefan Savage. When private keys are public: Results from the 2008 Debian OpenSSL vulnerability. In Anja Feldmann and Laurent Mathy, editors, Proceedings of IMC 2009, pages 15{27. ACM Press, November 2009.

Digital Library

[41]

Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV, pages 5:1--5:7, New York, NY, USA, 2015. ACM.

Digital Library

Cited By

Sun QMa KZhou YWang ZYou CLiu M(2025)An Online Evaluation Method for Random Number Entropy Sources Based on Time-Frequency Feature FusionEntropy10.3390/e2702013627:2(136)Online publication date: 27-Jan-2025
https://doi.org/10.3390/e27020136
Kulandaivel SJain SGuajardo JSekar V(2024)CANdid: A Stealthy Stepping-stone Attack to Bypass Authentication on ECUsACM Journal on Autonomous Transportation Systems10.1145/36576451:4(1-17)Online publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1145/3657645
Durumeric ZAdrian DStephens PWustrow EHalderman JVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Ten Years of ZMapProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689012(139-148)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689012
Show More Cited By

Index Terms

Weak Keys Remain Widespread in Network Devices

Recommendations

Networked cryptographic devices resilient to capture

We present a simple technique by which a device that performs private key operations (signatures or decryptions) in networked applications and whose local private key is activated with a password or PIN can be immunized to offline dictionary attacks in ...
When SDN Meets Low-rate Threats: A Survey of Attacks and Countermeasures in Programmable Networks
Low-rate threats are a class of attack vectors that are disruptive and stealthy, typically crafted for security vulnerabilities. They have been the significant concern for cyber security, impacting both conventional IP-based networks and emerging Software-...
Security challenges in cognitive radio network and defending against Byzantine attack: a survey

Wireless applications have been growing rapidly in the past years, leading to the problem of spectrum scarcity. Cognitive radio network CRN is an emerging technology which can provide a promising solution to resolve this spectrum scarcity problem in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '16: Proceedings of the 2016 Internet Measurement Conference

November 2016

570 pages

ISBN:9781450345262

DOI:10.1145/2987443

General Chairs:
Phillipa Gill
University of Massachusetts--Amherst
,
John Heidemann
USC/ISI
,
Program Chairs:
John W. Byers
Boston University
,
Ramesh Govindan
USC

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMETRICS: ACM Special Interest Group on Measurement and Evaluation
SIGCOMM: ACM Special Interest Group on Data Communication
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

IMC 2016

Sponsor:

SIGMETRICS
SIGCOMM
USENIX Assoc

IMC 2016: Internet Measurement Conference

November 14 - 16, 2016

California, Santa Monica, USA

Acceptance Rates

IMC '16 Paper Acceptance Rate 48 of 184 submissions, 26%;

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
1,597
Total Downloads

Downloads (Last 12 months)248
Downloads (Last 6 weeks)46

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sun QMa KZhou YWang ZYou CLiu M(2025)An Online Evaluation Method for Random Number Entropy Sources Based on Time-Frequency Feature FusionEntropy10.3390/e2702013627:2(136)Online publication date: 27-Jan-2025
https://doi.org/10.3390/e27020136
Kulandaivel SJain SGuajardo JSekar V(2024)CANdid: A Stealthy Stepping-stone Attack to Bypass Authentication on ECUsACM Journal on Autonomous Transportation Systems10.1145/36576451:4(1-17)Online publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1145/3657645
Durumeric ZAdrian DStephens PWustrow EHalderman JVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Ten Years of ZMapProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689012(139-148)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689012
Qu JMa XLiu WSang HLi JXue LLuo XLi ZFeng LGuan X(2024)On Smartly Scanning of the Internet of ThingsIEEE/ACM Transactions on Networking10.1109/TNET.2023.331216232:2(1019-1034)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3312162
Ferreira MSilva NPinto AMuga N(2023)Statistical Validation of a Physical Prime Random Number Generator Based on Quantum NoiseApplied Sciences10.3390/app13231261913:23(12619)Online publication date: 23-Nov-2023
https://doi.org/10.3390/app132312619
Ryan KHe KSullivan GHeninger NMeng WJensen CCremers CKirda E(2023)Passive SSH Key Compromise via LatticesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616629(2886-2900)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616629
Ma SSun MMa X(2023)Modeling Adaptive Expression of Robot Learning Engagement and Exploring Its Effects on Human TeachersACM Transactions on Computer-Human Interaction10.1145/357181330:5(1-48)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1145/3571813
Liu JXia FRen JXu BPang GChi L(2023)MIRROR: Mining Implicit Relationships via Structure-Enhanced Graph Convolutional NetworksACM Transactions on Knowledge Discovery from Data10.1145/356453117:4(1-24)Online publication date: 24-Feb-2023
https://dl.acm.org/doi/10.1145/3564531
Bhattacharjee SDas S(2023)Building a Unified Data Falsification Threat Landscape for Internet of Things/Cyberphysical Systems ApplicationsComputer10.1109/MC.2022.319859956:3(20-31)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1109/MC.2022.3198599
Mondal SGharote MLodha S(2022)Privacy of Personal InformationQueue10.1145/354693420:3(41-87)Online publication date: 26-Jul-2022
https://dl.acm.org/doi/10.1145/3546934
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten