Richard Ostertág, Martin Stanek
We propose an anomaly detection technique for X.509 certificates utilizing Isolation Forest. This method can be beneficial when compliance testing with X.509 linters proves unsatisfactory, and we seek to identify anomalies beyond standards compliance. The technique is validated on a sample of certificates from Certificate Transparency logs.
Martin Stanek
We analyze the security of recently proposed image encryption scheme [1]. We show that the scheme is insecure and the methods used to evaluate its security are insufficient. By designing the Deliberately Weak Cipher, a completely vulnerable cipher with good statistical properties, we illustrate our main point -- a solid analysis cannot be replaced by some selected set of statistical properties.
Martin Stanek
Default configuration of various software applications often neglects security objectives. We tested the default configuration of TLS in dozen web and application servers. The results show that "secure by default" principle should be adopted more broadly by developers and package maintainers. In addition, system administrators cannot rely blindly on default security options.
Martin Stanek
We estimate the security of dictionary-based PINs (Personal Identification Numbers) that a user selects from his/her memory without any additional aids. The estimates take into account the distribution of words in source language. We use established security metrics, such as entropy, guesswork, marginal guesswork and marginal success rate. The metrics are evaluated for various scenarios -- aimed at improving the security of the produced PINs. In general, plain and straightforward construction of memory-only dictionary PINs yields unsatisfactory results and more involved methods must be used to produce secure PINs.
Richard Ostertág, Martin Stanek
The security of many cryptographic constructions depends on random number generators for providing unpredictable keys, nonces, initialization vectors and other parameters. Modern operating systems implement cryptographic pseudo-random number generators (PRNGs) to fulfill this need. Performance counters and other system parameters are often used as a low-entropy source to initialize (seed) the generators. We perform an experiment to analyze all performance counters in standard installation of Microsoft Windows 7 operating system, and assess their suitability as entropy sources. Besides selecting top 19 counters, we analyze their mutual information (independence) as well as robustness in the virtual environment. Final selection contains 14 counters with sufficient overall entropy for practical applications.
Lubica Staneková, Martin Stanek
Personal Identification Numbers (PINs) are commonly used as an authentication mechanism. An important security requirement is that PINs should be hard to guess for an attacker. On the other hand, remembering several random PINs can be difficult task for an individual. We evaluate several dictionary-based methods of choosing a PIN. We experimentally show that these methods are far from ideal with respect to expected covering of the PIN space and the entropy of PINs. We also discuss two methods for constructing easy to memorize PIN words for randomly chosen PINs.