Bypassing Elliptic Curve Co-Factor Diffie Hellman security in OpenSSL beta

  • Dmitry Belyavsky (Creator)
  • Billy Brumley (Creator)
  • Jesus Chi Dominguez (Creator)
  • Luis Rivera Zamarripa (Creator)
  • Igor Ustinov (Creator)

Tietoaineisto

Kuvaus

This document is for reproducing one of the research results from the manuscript "Set It and Forget It! Turnkey ECC for Instant Integration", to appear at the 2020 Annual Computer Security Applications Conference (ACSAC). This is one of the vulnerabilities included under ECCKAT, Section 3.4 ("OpenSSL: ECC CDH vulnerability").

It demonstrates bypassing Elliptic Curve Co-factor Diffie Hellman (ECC CDH) security, which should fail to derive a shared key if a peer point is not a multiple of the generator. Here the generator is for the NIST B-233 binary curve.

The vulnerability was in a development version of OpenSSL 1.1.1, fixed before the official release of OpenSSL 1.1.1 (Sep 2018).
Koska saatavilla31 elok. 2020
JulkaisijaZenodo
Tietojen luontipäivämäärä2020

Field of science, Statistics Finland

  • 213 Sähkö-, automaatio- ja tietoliikennetekniikka, elektroniikka
  • Set It and Forget It! Turnkey ECC for Instant Integration

    Belyavsky, D., Brumley, B. B., Chi-Domínguez, J.-J., Rivera-Zamarripa, L. & Ustinov, I., 2020, Annual Computer Security Applications Conference (ACSAC). ACM, s. 760-771 12 Sivumäärä 3427291

    Tutkimustuotos: KonferenssiartikkeliScientificvertaisarvioitu

    Open access
    Tiedosto
    6 Sitaatiot (Scopus)
    20 Lataukset (Pure)

Siteeraa tätä