Abstract
We present a method to create a forged signature which will be verified to a syntactically well-formed ASN.1 datum, when certificate authorities use small RSA public exponents such as 3. Our attack is related to the technique which Daniel Bleichenbacher reported recently, but our forged signature is well-formed ASN.1 datum, unlike Bleichenbacher’s original attack: thus our new attack is still applicable to certain implementations even if these are immune to the Bleichenbacher’s attack. We have also analyzed the parameters which enable our attack and Bleichenbacher’s, and found that both attacks are possible with the combination of existing public keys of widely-trusted certificate authorities and existing real-world implementations. We have already reported the vulnerability to developers of both GNUTLS and Mozilla NSS to fix their implementations.
List of Keywords
- vulnerability
- attacks
- certificate verification
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bleichenbacher, D.: Forging some RSA signatures with pencil and paper. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)
IETF Internet Engineering Task Force. Requirements for Internet Hosts—Application and Support. RFC 1123 (October 1989), http://www.ietf.org/rfc/rfc1123.txt
Izu, T., Shimoyama, T., Takenaka, M.: Analysis on Bleichenbacher’s Forgery Attack. SCIS 2007 (January 2007)
Josefsson, S.: [gnutls-dev] Variant of Bleichenbacher’s crypto 06 rump session attack. A security advisory posted to gnutls-dev mailing list (September 8, 2006), http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
Mozilla development team. Bugzilla bug #351079
National Institute of Standards and Technology (NIST, USA). An Attack on RSA Digital Signature (October 2006), http://csrc.nist.gov/news-highlights/RSA-statement_10-17-06_.pdf
Oiwa, Y. (reposted by Josefsson, S.): A repost of the original report for the GNUTLS’s bug (September 26, 2006), http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001240.html
The OpenSSL Team. A patch for RSA Signature Forgery bug (September 5, 2006), http://www.openssl.org/news/patch-CVE-2006-4339.txt
The OpenSSL Team. An advisory for RSA Signature Forgery bug (CVE-2006-4339) (September 5, 2006), http://www.openssl.org/news/secadv_20060905.txt
RSA Security Inc.: PKCS #1 v2.1: RSA Cryptography Standard (June 14, 2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oiwa, Y., Kobara, K., Watanabe, H. (2007). A New Variant for an Attack Against RSA Signature Verification Using Parameter Field. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-73408-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73407-9
Online ISBN: 978-3-540-73408-6
eBook Packages: Computer ScienceComputer Science (R0)