Bruseghini et al., 2022 - Google Patents

Victory by KO: Attacking OpenPGP using key overwriting

Bruseghini et al., 2022

Document ID: 17412810065875244128
Author: Bruseghini L; Huigens D; Paterson K
Publication year: 2022
Publication venue: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

External Links

Cited by

Snippet

We present a set of attacks on the OpenPGP specification and implementations of it which result in full recovery of users' private keys. The attacks exploit the lack of cryptographic binding between the different fields inside an encrypted private key packet, which include …

Continue reading at www.research-collection.ethz.ch (PDF) (other versions)

238000010200 validation analysis 0 abstract description 122

Classifications

- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00

Similar Documents

Publication	Publication Date	Title
US12355864B1 (en)	2025-07-08	Trust framework against systematic cryptographic breach
EP3721603B1 (en)	2021-12-08	System and method for creating decentralized identifiers
US10652015B2 (en)	2020-05-12	Confidential communication management
Barker et al.	2016	Nist special publication 800-57 part 1, revision 4
Barker et al.	2007	NIST special publication 800-57
JP4501349B2 (en)	2010-07-14	System module execution device
US7568114B1 (en)	2009-07-28	Secure transaction processor
CN109361668A (en)	2019-02-19	A method of reliable data transmission
US6986041B2 (en)	2006-01-10	System and method for remote code integrity in distributed systems
Bruseghini et al.	2022	Victory by KO: Attacking OpenPGP using key overwriting
US9160538B2 (en)	2015-10-13	Detection method for fraudulent mail, detection program therefor, and detection device therefor
Dauterman et al.	2020	{SafetyPin}: Encrypted backups with {Human-Memorable} secrets
KR20210036700A (en)	2021-04-05	Blockchain system for supporting change of plain text data included in transaction
Chase et al.	2022	Acsesor: A new framework for auditable custodial secret storage and recovery
Feng et al.	2011	A fair multi-party non-repudiation scheme for storage clouds
US8090954B2 (en)	2012-01-03	Prevention of unauthorized forwarding and authentication of signatures
Levillain	2020	Implementation flaws in TLS stacks: lessons learned and study of TLS 1.3 benefits
Albrecht et al.	2024	Share with care: Breaking E2EE in Nextcloud
Fischlin et al.	2023	Verifiable verification in cryptographic protocols
Dauterman et al.	2023	Accountable authentication with privacy protection: The Larch system for universal login
GB2395304A (en)	2004-05-19	A digital locking system for physical and digital items using a location based indication for unlocking
Li et al.	2025	End-to-End Encrypted Git Services
Ganesan et al.	2024	Quantum-Resilient Security Controls
Abbdal et al.	2014	Secure third party auditor for ensuring data integrity in cloud storage
WO2025163752A1 (en)	2025-08-07	Information processing device, terminal, communication system, communication method, and program