{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T22:56:04Z","timestamp":1767999364372,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"US National Science Foundation (NSF)","award":["CNS-2007512 and CNS-2006556"],"award-info":[{"award-number":["CNS-2007512 and CNS-2006556"]}]},{"name":"US Department of Defense (DARPA)","award":["D19AP00039"],"award-info":[{"award-number":["D19AP00039"]}]},{"name":"GRF matching fund","award":["GRF\/20\/SYC"],"award-info":[{"award-number":["GRF\/20\/SYC"]}]},{"name":"The Chinese University of Hong Kong (CUHK) Project Impact Enhancement Fund","award":["3133292C"],"award-info":[{"award-number":["3133292C"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485382","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"2474-2496","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Morpheus: Bringing The (PKCS) One To Meet the Oracle"],"prefix":"10.1145","author":[{"given":"Moosa","family":"Yahyazadeh","sequence":"first","affiliation":[{"name":"The University of Iowa, Iowa City, IA, USA"}]},{"given":"Sze Yiu","family":"Chau","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]},{"given":"Li","family":"Li","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Man Hong","family":"Hue","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]},{"given":"Joyanta","family":"Debnath","sequence":"additional","affiliation":[{"name":"The University of Iowa, Iowa City, IA, USA"}]},{"given":"Sheung Chiu","family":"Ip","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]},{"given":"Chun Ngai","family":"Li","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]},{"given":"Endadul","family":"Hoque","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Omar","family":"Chowdhury","sequence":"additional","affiliation":[{"name":"The University of Iowa, Iowa City, IA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Accessed","year":"2021","unstructured":"[n.d.]. BERserk Attack -- Intel Security web Archive. https:\/\/web.archive.org\/web\/20150112153121\/http:\/\/www.intelsecurity.com\/advanced-threat-research\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_2_1","volume-title":"https:\/\/censys.io\/certificates. Accessed","author":"Total Visibility Internet-Wide Attack Surface","year":"2021","unstructured":"[n.d.]. Censys.io - Attack Surface Scan - Total Visibility Internet-Wide. https:\/\/censys.io\/certificates. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_3_1","volume-title":"Accessed","author":"Forge","year":"2021","unstructured":"[n.d.]. Forge -- A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps. https:\/\/github.com\/digitalbazaar\/forge. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_4_1","volume-title":"hostapd -- IEEE 802.11 AP","year":"2021","unstructured":"[n.d.]. hostapd -- IEEE 802.11 AP, IEEE 802.1X\/WPA\/WPA2\/EAP\/RADIUS Authenticator. https:\/\/w1.fi\/hostapd\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_5_1","volume-title":"Accessed","year":"2021","unstructured":"[n.d.]. ipsec_rsasigkey - generate RSA signature key. https:\/\/manpages.debian.org\/testing\/libreswan\/ipsec_rsasigkey.8.en.html. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_6_1","volume-title":"Accessed","year":"2021","unstructured":"[n.d.]. phpseclib -- PHP Secure Communications Library. https:\/\/github.com\/phpseclib\/phpseclib. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_7_1","volume-title":"Accessed","year":"2021","unstructured":"[n.d.]. relic -- Modern cryptographic meta-toolkit with emphasis on efficiency and flexibility. https:\/\/github.com\/relic-toolkit\/relic. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_8_1","volume-title":"wpa_supplicant -- Linux WPA\/WPA2\/IEEE 802.1X Supplicant. https:\/\/w1.fi\/wpa_supplicant\/. Accessed","year":"2021","unstructured":"[n.d.]. wpa_supplicant -- Linux WPA\/WPA2\/IEEE 802.1X Supplicant. https:\/\/w1.fi\/wpa_supplicant\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_9_1","unstructured":"[n.d.]. X.660 : Information technology - Procedures for the operation of object identifier registration authorities: General procedures and top arcs of the international object identifier tree. https:\/\/www.itu.int\/rec\/T-REC-X.660. Accessed: Apr 04 2021."},{"key":"e_1_3_2_1_10_1","volume-title":"Accessed","year":"2021","unstructured":"[n.d.]. X.690 : Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). https:\/\/www.itu.int\/rec\/T-REC-X.690\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_11_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--4340. Accessed","year":"2021","unstructured":"2006. CVE-2006--4340. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--4340. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_12_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--4790. Accessed","year":"2021","unstructured":"2006. CVE-2006--4790. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2006--4790. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_13_1","volume-title":"Accessed","year":"2021","unstructured":"2013. American Fuzzy Lop. https:\/\/lcamtuf.coredump.cx\/afl\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_14_1","volume-title":"https:\/\/aflplus.plus. Accessed","author":"The","year":"2021","unstructured":"2021. AFL++ -- The AFL++ fuzzing framework. https:\/\/aflplus.plus. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_15_1","volume-title":"Accessed","year":"2021","unstructured":"2021. ClusterFuzz -- Scalable Fuzzing Infrastructure. https:\/\/github.com\/google\/clusterfuzz. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_16_1","volume-title":"Accessed","year":"2021","unstructured":"2021. FuzzBench -- Fuzzer benchmarking as a service. https:\/\/github.com\/google\/fuzzbench. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_17_1","volume-title":"Accessed","year":"2021","unstructured":"2021. Grammar Mutator -- AFL++. https:\/\/github.com\/AFLplusplus\/Grammar-Mutator. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_18_1","volume-title":"Accessed","year":"2021","unstructured":"2021. Honggfuzz -- Security oriented software fuzzer. https:\/\/github.com\/google\/honggfuzz. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_19_1","volume-title":"Accessed","year":"2021","unstructured":"2021. LibFuzzer -- a library for coverage-guided fuzz testing. https:\/\/llvm.org\/docs\/LibFuzzer.html. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_20_1","volume-title":"Accessed","author":"Morpheus","year":"2021","unstructured":"2021. Morpheus -- A PKCS1 signature verification non-compliance checker. https:\/\/github.com\/Morpheus-Repo\/Morpheus.git. Accessed: May 04, 2021."},{"key":"e_1_3_2_1_21_1","volume-title":"Accessed","year":"2021","unstructured":"2021. OSS-Fuzz -- Continuous Fuzzing for Open Source Software. https:\/\/github.com\/google\/oss-fuzz. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_22_1","volume-title":"Accessed","year":"2021","unstructured":"2021. Peach -- Peach Fuzzer. http:\/\/www.peachfuzzer.com\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_23_1","volume-title":"Accessed","year":"2021","unstructured":"2021. SPIKE -- Fuzzer Automation with SPIKE. https:\/\/resources.infosecinstitute.com\/topic\/fuzzer-automation-with-spike\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.12.011"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_1_26_1","volume-title":"Advances in Cryptology - CRYPTO '98","author":"Bleichenbacher Daniel","unstructured":"Daniel Bleichenbacher. 1998. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Advances in Cryptology - CRYPTO '98, Hugo Krawczyk (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1--12."},{"key":"e_1_3_2_1_27_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"B\u00f6ck Hanno","year":"2018","unstructured":"Hanno B\u00f6ck, Juraj Somorovsky, and Craig Young. 2018. Return Of Bleichenbacher's Oracle Threat (ROBOT). In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 817--849. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bock"},{"key":"e_1_3_2_1_28_1","volume-title":"Statistics for experimenters : design, innovation and discovery","author":"Box George E. P","unstructured":"George E. P Box. 2005. Statistics for experimenters : design, innovation and discovery (2nd ed. ed.). Wiley-Interscience, Hoboken, N.J.","edition":"2"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_1_30_1","volume-title":"Accessed","year":"2014","unstructured":"Bugzilla. 2014. RSA PKCS#1 signature verification forgery is possible due to too-permissive SignatureAlgorithm parameter parsing. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1064636. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_31_1","unstructured":"Bugzilla. 2014 (accessed Feb 08 2021). RSA PKCS#1 signature verification forgery is possible due to too-permissive SignatureAlgorithm parameter parsing. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1064636."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Sze Yiu Chau Moosa Yahyazadeh Omar Chowdhury Aniket Kate and Ninghui Li. 2019. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS# 1 v1. 5 Signature Verification. In NDSS.","DOI":"10.14722\/ndss.2019.23430"},{"key":"e_1_3_2_1_34_1","unstructured":"The Coq Development Team. 2012. The Coq Reference Manual version 8.12. Available electronically at https:\/\/coq.inria.fr\/distrib\/current\/refman\/."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.2307\/1271179"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Antoine Delignat-Lavaud Mart\u00edn Abadi Andrew Birrell Ilya Mironov Ted Wobber and Yinglian Xie. 2014. Web PKI: Closing the Gap between Guidelines and Practices.. In NDSS. Citeseer.","DOI":"10.14722\/ndss.2014.23305"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"D. Eastlake. 2001. RSA\/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). RFC 3110. https:\/\/www.rfc-editor.org\/rfc\/rfc3110.txt","DOI":"10.17487\/rfc3110"},{"key":"e_1_3_2_1_38_1","volume-title":"Accessed","author":"Finney H.","year":"2006","unstructured":"H. Finney. 2006. Bleichenbacher's RSA signature forgery based on implementation error. https:\/\/mailarchive.ietf.org\/arch\/msg\/openpgp\/5rnE9ZRN1AokBVj3VqblGlP63QE\/. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_39_1","volume-title":"Cryptology and Network Security","author":"Gao Si","unstructured":"Si Gao, Hua Chen, and Limin Fan. 2013. Padding Oracle Attack on PKCS#1 v1.5: Can Non-standard Implementation Act as a Shelter?. In Cryptology and Network Security. Springer International Publishing, Cham, 39--56."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243798"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_43"},{"key":"e_1_3_2_1_42_1","volume-title":"Accessed","author":"Josefsson Simon","year":"2006","unstructured":"Simon Josefsson. 2006. [gnutls-dev] Original analysis of signature forgery problem. https:\/\/lists.gnupg.org\/pipermail\/gnutls-dev\/2006-September\/001240.html. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_43_1","unstructured":"Simon Josefsson. 2006 (accessed Feb 08 2021). [gnutls-dev] Original analysis of signature forgery problem. https:\/\/lists.gnupg.org\/pipermail\/gnutls-dev\/2006-September\/001240.html."},{"key":"e_1_3_2_1_44_1","unstructured":"Jinho Jung Stephen Tong Hong Hu Jungwon Lim Yonghwi Jin and Taesoo Kim. [n.d.]. WINNIE: Fuzzing Windows Applications with Harness Synthesis and Fast Cloning. ([n. d.])."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2313"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2437"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3447"},{"key":"e_1_3_2_1_48_1","volume-title":"Kerry and Charles Romine","author":"Cameron","year":"2013","unstructured":"Cameron F. Kerry and Charles Romine. 2013. FIPS PUB 186--4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45238-6_33"},{"key":"e_1_3_2_1_51_1","volume-title":"Kacker","author":"Richard Kuhn D.","year":"2011","unstructured":"D. Richard Kuhn and Raghu N. Kacker. 2011. Combinatorial Testing. https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=910001. Accessed: Apr 04, 2021."},{"key":"e_1_3_2_1_52_1","volume-title":"Sicherheit 2008: Sicherheit, Schutz und Zuverl\u00e4ssigkeit. Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), 2.-4.","author":"K\u00fchn Ulrich","year":"2008","unstructured":"Ulrich K\u00fchn, Andrei Pyshkin, Erik Tews, and Ralf-Philipp Weinmann. 2008. Variants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures. In Sicherheit 2008: Sicherheit, Schutz und Zuverl\u00e4ssigkeit. Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), 2.-4. April 2008 im Saarbr\u00fccker Schloss."},{"key":"e_1_3_2_1_53_1","volume-title":"SICHERHEIT 2008 -- Sicherheit, Schutz und Zuverl\u00e4ssigkeit. Beitr\u00e4ge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), Ammar Alkassar and J\u00f6rg Siekmann (Eds.)","author":"K\u00fchn Ulrich","unstructured":"Ulrich K\u00fchn, Andrei Pyshkin, Erik Tews, and Ralf-Philipp Weinmann. 2008. Variants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures. In SICHERHEIT 2008 -- Sicherheit, Schutz und Zuverl\u00e4ssigkeit. Beitr\u00e4ge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), Ammar Alkassar and J\u00f6rg Siekmann (Eds.). Gesellschaft f\u00fcr Informatik e. V., Bonn, 97--109."},{"key":"e_1_3_2_1_54_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Li Yuwei","year":"2021","unstructured":"Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, et al. 2021. Unifuzz: A holistic and pragmatic metrics-driven platform for evaluating fuzzers. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association."},{"key":"e_1_3_2_1_55_1","volume-title":"Revisiting SSL\/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In 23rd USENIX Security Symposium (USENIX Security 14)","author":"Meyer Christopher","year":"2014","unstructured":"Christopher Meyer, Juraj Somorovsky, Eugen Weiss, J\u00f6rg Schwenk, Sebastian Schinzel, and Erik Tews. 2014. Revisiting SSL\/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 733-- 748. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/meyer"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8017"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.27"},{"key":"e_1_3_2_1_58_1","unstructured":"Tahina Ramananandro Antoine Delignat-Lavaud C\u00c3?dric Fournet Nikhil Swamy Tej Chajed Nadim Kobeissi and Jonathan Protzenko. 2019. EverParse: Verified Secure Zero-Copy Parsers for Authenticated Message Formats. In USENIX Security. USENIX. https:\/\/www.microsoft.com\/en-us\/research\/publication\/everparse\/"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00062"},{"key":"e_1_3_2_1_60_1","volume-title":"Accessed","author":"Salowey Joseph A.","year":"2020","unstructured":"Joseph A. Salowey, Sean Turner, and Christopher A. Wood. [n.d.]. TLS 1.3: - One Year Later. https:\/\/www.ietf.org\/blog\/tls13-adoption\/. Accessed: Jan 11, 2020."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2015.7107432"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1002\/jcd.3180010106"},{"key":"e_1_3_2_1_63_1","volume-title":"Smart","author":"Nigel","year":"2015","unstructured":"Nigel P. Smart. 2015. Cryptography Made Simple (1st ed.). Springer Publishing Company, Incorporated."},{"key":"e_1_3_2_1_64_1","volume-title":"A Classical Introduction to Cryptography: Applications for Communications Security","author":"Vaudenay Serge","unstructured":"Serge Vaudenay. 2010. A Classical Introduction to Cryptography: Applications for Communications Security (1st ed.). Springer Publishing Company, Incorporated.","edition":"1"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485382","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485382","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:48:00Z","timestamp":1763498880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485382"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":64,"alternative-id":["10.1145\/3460120.3485382","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485382","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}