1. bookVolume 73 (2022): Edizione 3 (June 2022)
Dettagli della rivista
License
Formato
Rivista
eISSN
1339-309X
Prima pubblicazione
07 Jun 2011
Frequenza di pubblicazione
6 volte all'anno
Lingue
Inglese
access type Accesso libero

Flawed implemented cryptographic algorithm in the Microsoft ecosystem

Pubblicato online: 11 Jul 2022
Volume & Edizione: Volume 73 (2022) - Edizione 3 (June 2022)
Pagine: 190 - 196
Ricevuto: 21 May 2022
Dettagli della rivista
License
Formato
Rivista
eISSN
1339-309X
Prima pubblicazione
07 Jun 2011
Frequenza di pubblicazione
6 volte all'anno
Lingue
Inglese
Abstract

With the continuous development in the electronic chip field, the requirements for the security of IT infrastructures are also increasing. The need for ever-increasing key lengths in cryptography to maintain security cannot grow indefinitely. One of the solutions in the field of cryptography for using shorter keys while maintaining security is cryptography based on the principle of elliptic curves. Asymmetric elliptic curve cryptosystems lies in solving the discrete logarithm problem on an elliptic curve. However, not only secure algorithm but also its correct implementation is important. In this paper, we discuss an incorrect implementation of the ECC algorithm in the crypt32.dll library (Microsoft Windows) and the possibilities of its misuse.

Keywords

[1] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and Public-Key Cryptosystems”, Communication of the ACM, vol. 21, No. 2, 1978.10.1145/359340.359342 Search in Google Scholar

[2] W. Diffie and M. E. Hellman, “New direction in cryptography”, IEEE Trans. Info. Theory, 1976.10.1109/TIT.1976.1055638 Search in Google Scholar

[3] E. Gilbert, F. MacWilliams, and N. Sloane, “Codes, which detect deception”, The Bell System technical Journal, vol. 53, no. 3, pp. 405-424, 1974.10.1002/j.1538-7305.1974.tb02751.x Search in Google Scholar

[4] J. Jonsson and B. Kalisky, “Public-Key Cryptography Standards (PKCS), Fremont”, Internet Engineering Task Force, Internet Engineering Task Force. Search in Google Scholar

[5] Understanding PKI: Concepts, Standards, and Deployment Considerations, Addison-Wesley Professional; 2nd edition (November 6), 2002. Search in Google Scholar

[6] L. C. Washington, Elliptic Curves Number Theory and Cryptography, Boca Raton: CRC Press, 2000. Search in Google Scholar

[7] V. G. Martinez, L. H. Encinas, and C. S. Avila, “A Survey of the Elliptic Curve Integrated Encryption Scheme”, Journal of computer science and engineering, vol 2, ISSUE 2, 2010. Search in Google Scholar

[8] M. Dubyk and R. R. Varuni, Examining CVE-2020-0601 Crypt 32.dll Elliptic Curve Cryptography (ECC) Certificate Validation Vulnerability, The SANS institute, 01.03. 2022. Search in Google Scholar

[9] G. FailOverFlow, “Console Hacking - PS3 Epic fails”, 2010. Search in Google Scholar

[10] K. Burda, Aplikovan kryptografie, Brno, VUTIUM, (in Czech), 2013. Search in Google Scholar

[11] SEC1: Elliptic Curve Cryptography, Mnonoauga: Certicom Research, 2000. Search in Google Scholar

[12] NSA, Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers, 14. January, 2020. Search in Google Scholar

[13] J. Simpson, A technical analysis of CurveBall, (CVE–0601), February, 2020. Search in Google Scholar

[14] O. Lyak, POC for CVE–0601 Windows CryptoAPI, (Crypt32. dll), https://github.com/ly4k/CurveBall, January, 2020. Search in Google Scholar

Articoli consigliati da Trend MD

Pianifica la tua conferenza remota con Sciendo