Attacking OpenSSL Implementation of ECDSA with a Few Signatures

Fan, Shuqin; Wang, Wenbo; Cheng, Qingfeng

doi:10.1145/2976749.2978400

Cited by 25 publications

(34 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The HNP introduced in 1996 by Boneh and Venkatesan [9] is applied to recover the secret key of a DSA-like signature [7,8,11] and their certain implementations such like OpenSSL [19], given some leaked bits of nonces. For any real z and prime n, define the symbol | · | n as |z| n = min b∈Z |z − bn|.…”

Section: Lemma 1 ([8]mentioning

confidence: 99%

See 1 more Smart Citation

Partially known information attack on SM2 key exchange protocol

Wei

Chen

et al. 2019

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Section: Lemma 1 ([8]mentioning

confidence: 99%

“…EHNP significantly relaxes the strict limitations on the position of information leakage in HNP and this is very important to current side channel attacks. The technique was then improved and applied to attack OpenSSL implementions with windowed non-adjacent form (wNAF) on ECDSA [19].…”

Section: Introductionmentioning

confidence: 99%

Partially known information attack on SM2 key exchange protocol

Wei

Chen

et al. 2019

Sci. China Inf. Sci.

View full text Add to dashboard Cite

“…The new device calculates a private key from a random number by using an algorithm such as the SHA256 algorithm [28], and then generates a public key by using another algorithm, such as the Secp256K1 algorithm [29]. In this way, a key pair is formed.…”

Section: Design Of Machine-equipment Blockchain In the Public Networkmentioning

confidence: 99%

M2M Security Technology of CPS Based on Blockchains

et al. 2017

View full text Add to dashboard Cite

Abstract:As the core of intelligent manufacturing, cyber-physical systems (CPS) have serious security issues, especially for the communication security of their terminal machine-to-machine (M2M) communications. In this paper, blockchain technology is introduced to address such a security problem of communications between different types of machines in the CPS. According to the principles of blockchain technology, we designed a blockchain for secure M2M communications. As a communication system, M2M consists of public network areas, device areas, and private areas, and we designed a sophisticated blockchain structure between the public area and private area. For validating our design, we took cotton spinning production as a case study to demonstrate our solution to M2M communication problems under the CPS framework. We have demonstrated that the blockchain technology can effectively solve the safety of expansion of machines in the production process and the communication data between the machines cannot be tampered with.

show abstract

“…There exists several recent works [7][8][9][10][11][12][13] on threats and security analysis of mobile applications and SSL/TLS deployment in mobile applications. Other HTTPS and TLS/SSLbased attack techniques are discussed in several works [14][15][16][17][18][19][20][21] There have been several existing solutions proposed specifically for SSL stripping attack, for example, ARP-related solutions [22,23], web script based solutions [24][25][26][27], MITM based solutions [28] and others [29][30][31][32][33]. However, there has been no survey that compiles all the solutions against SSL stripping-based session hijacking attacks which are crucial security threats for web users.…”

Section: Introductionmentioning

confidence: 99%

Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks

Hossain

Paul

Islam

et al. 2018

NPA

View full text Add to dashboard Cite

Web communications between the server and the client are being used extensively. However, session hijacking has become a critical problem for most of the client-server communications. Among different session hijacking attacks, SSL stripping is the most dangerous attack. There are a number of measures proposed to prevent SSL tripping-based session hijacking attacks. However, existing surveys did not summarize all the preventive measures in a comprehensive manner (without much illustration and categorization). The objective of this paper is to provide a comprehensive survey of existing measures against SSL stripping-based session hijacking attacks and compare those measures. In this paper, we have classified all the existing preventive measures for SSL stripping-based session hijacking attacks into two main categories: client-side measures and server-side measures. We have illustrated the proposed solutions comprehensively with useful diagrams for clarification. We have also compared them based on different performance criteria. This paper will help web security researchers to have a comparative analysis of all solutions for the SSL stripping based attacks, thereby improving existing solutions to better protect the users from session hijacking attacks.

show abstract

Attacking OpenSSL Implementation of ECDSA with a Few Signatures

Cited by 25 publications

References 25 publications

Partially known information attack on SM2 key exchange protocol

Partially known information attack on SM2 key exchange protocol

M2M Security Technology of CPS Based on Blockchains

Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks

Contact Info

Product

Resources

About