We present a method to create a forged signature which will be verified to a syntactically well-formed ASN.1 datum, when certificate authorities use small RSA public exponents such as 3. Our attack is related to the technique which Daniel Bleichenbacher reported recently, but our forged signature is well-formed ASN. 1 datum, unlike Bleichenbacher's original attack: thus our new attack is still applicable to certain implementations even if these are immune to the Bleichenbacher's attack. We have also analyzed the parameters which enable our attack and Bleichenbacher's, and found that both attacks are possible with the combination of existing public keys of widely-trusted certificate authorities and existing real-world implementations. We have already reported the vulnerability to developers of both GNUTLS and Mozilla NSS to fix their implementations. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Oiwa, Y., Kobara, K., & Watanabe, H. (2007). A new variant for an attack against RSA signature verification using parameter field. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4582 LNCS, pp. 143–153). Springer Verlag. https://doi.org/10.1007/978-3-540-73408-6_10
Mendeley helps you to discover research relevant for your work.