Morpheus: Bringing the (PKCS) One to Meet the Oracle

Moosa Yahyazadeh; Sze Yiu Chau; Li Li; Man Hong Hue; Joyanta Debnath; Sheung Chiu Ip; Chun Ngai Li; Endadul Hoque; Omar Chowdhury

doi:10.1145/3460120.3485382

Morpheus: Bringing the (PKCS) One to Meet the Oracle

Moosa Yahyazadeh, Sze Yiu Chau, Li Li, Man Hong Hue, Joyanta Debnath, Sheung Chiu Ip, Chun Ngai Li, Endadul Hoque, Omar Chowdhury

Department of Electrical Engineering & Computer Science

Research output: Chapter in Book/Entry/Poem › Conference contribution

2 Scopus citations

Abstract

This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.

Original language	English (US)
Title of host publication	CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2474-2496
Number of pages	23
ISBN (Electronic)	9781450384544
DOIs	https://doi.org/10.1145/3460120.3485382
State	Published - Nov 12 2021
Event	27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	11/15/21 → 11/19/21

Keywords

PKCS#1 signature verification
adaptive combinatorial testing
non-compliance checking
reference implementation

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/3460120.3485382

Cite this

Yahyazadeh, M., Chau, S. Y., Li, L., Hue, M. H., Debnath, J., Ip, S. C., Li, C. N., Hoque, E., & Chowdhury, O. (2021). Morpheus: Bringing the (PKCS) One to Meet the Oracle. In CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 2474-2496). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3460120.3485382

Morpheus: Bringing the (PKCS) One to Meet the Oracle. / Yahyazadeh, Moosa; Chau, Sze Yiu; Li, Li et al.
CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2021. p. 2474-2496 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Entry/Poem › Conference contribution

Yahyazadeh, M, Chau, SY, Li, L, Hue, MH, Debnath, J, Ip, SC, Li, CN, Hoque, E & Chowdhury, O 2021, Morpheus: Bringing the (PKCS) One to Meet the Oracle. in CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2474-2496, 27th ACM Annual Conference on Computer and Communication Security, CCS 2021, Virtual, Online, Korea, Republic of, 11/15/21. https://doi.org/10.1145/3460120.3485382

Yahyazadeh M, Chau SY, Li L, Hue MH, Debnath J, Ip SC et al. Morpheus: Bringing the (PKCS) One to Meet the Oracle. In CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2021. p. 2474-2496. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3460120.3485382

@inproceedings{436b5817b768404abab22199f8a8408f,

title = "Morpheus: Bringing the (PKCS) One to Meet the Oracle",

abstract = "This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.",

keywords = "PKCS#1 signature verification, adaptive combinatorial testing, non-compliance checking, reference implementation",

author = "Moosa Yahyazadeh and Chau, {Sze Yiu} and Li Li and Hue, {Man Hong} and Joyanta Debnath and Ip, {Sheung Chiu} and Li, {Chun Ngai} and Endadul Hoque and Omar Chowdhury",

note = "Publisher Copyright: {\textcopyright} 2021 Owner/Author.; 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

month = nov,

day = "12",

doi = "10.1145/3460120.3485382",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2474--2496",

booktitle = "CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",

}

TY - GEN

T1 - Morpheus

T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021

AU - Yahyazadeh, Moosa

AU - Chau, Sze Yiu

AU - Li, Li

AU - Hue, Man Hong

AU - Debnath, Joyanta

AU - Ip, Sheung Chiu

AU - Li, Chun Ngai

AU - Hoque, Endadul

AU - Chowdhury, Omar

PY - 2021/11/12

Y1 - 2021/11/12

N2 - This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.

AB - This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.

KW - PKCS#1 signature verification

KW - adaptive combinatorial testing

KW - non-compliance checking

KW - reference implementation

UR - http://www.scopus.com/inward/record.url?scp=85119323917&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85119323917&partnerID=8YFLogxK

U2 - 10.1145/3460120.3485382

DO - 10.1145/3460120.3485382

M3 - Conference contribution

AN - SCOPUS:85119323917

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2474

EP - 2496

BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 15 November 2021 through 19 November 2021

ER -

Morpheus: Bringing the (PKCS) One to Meet the Oracle

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this