Cryptographic vulnerabilities in real-life web servers

This paper examines the security of real-life Internet servers using the most popular Secure Socket Layer (SSL) protocol to ensure secure connections. We concentrate on Rivest-Shamir-Adleman (RSA) public-key vulnerabilities which result from the initial settings of web servers. We look at the question of breaking individual RSA keys. The possibility of factoring RSA keys used by real web servers on the Internet has been a disturbing discovery which has received a lot of press in the recent months. We have conducted an Internet scan with a particular focus on commercial websites (.com and .co domains). We have created a database containing over 3 million certificate chains together with detailed information about each website, its security settings, geographic location and other relevant data. This allowed us to see how different key sizes are adopted, how many servers are using weak keys and which countries are quicker to adopt secure keys. We attempted to factor all keys we were able to collect from our scan and from another public database. The method to achieve this seemed trivial at first, but it can only be done efficiently by using a special algorithm proposed by Bernstein. We ran the computation based on an open implementation of Bernstein´s algorithm. We have been able to factor few thousands keys. The infected servers we inspected appear as Embedded Web Servers (EWS). Although we have not yet found any immediate threats to e-commerce websites, the risks that such vulnerable servers present should not be underestimated as they can be exploited to perform different types of attacks, including Denial of Service (DoS), corporate espionage and firmware modification.