Post on 16-Mar-2018
transcript
AGENDA
◦ Encryption
◦ Private Key Cryptosystems
◦ Public Key Cryptosystems
◦ Introduction to RSA
◦ Simple RSA Example
◦ Exercise: Key Generation and Message
◦ Attacks against RSA
ENCRYPTION
◦ Definition: “The process of converting
information or data into a code, with the
goal of preventing unauthorized access.”
◦ Important for protecting data you want to
keep private
◦ Credit cards, personal information, etc.
PRIVATE KEY CRYPTOSYSTEMS
◦ Use of a single, shared key that can
encrypt and decrypt information
◦ Messages are encrypted using the shared
key, then the encrypted message is sent to
the other party
◦ Use Case: sustained messages between
two known parties
PUBLIC KEY CRYPTOSYSTEMS
Public Key Cryptography | RSA | Example | Exercise | Attacks
Distinguished from private key:
◦ Private Key: A secret, exclusive key for
encryption and decryption
◦ Public Key: Separate, public key for encryption
and decryption.
◦ Use Case: authentication step and exchange of
shared secret key for further communication
PUBLIC KEY – CONFIDENTIALITY AND
AUTHENTICATION
Public Key Cryptography | RSA | Example | Exercise | Attacks
Bob Private Key -> Alice Public Key -----> Alice Private Key -> Bob Public Key
RIVEST-SHAMIR-ADLEMAN (RSA)
◦ Developed by Ron Rivest, Adi Shamir, and
Leonard Adleman
◦ Based on the difficulty of factoring large
prime numbers
◦ Someone with the product of two primes
can encrypt, but only someone who knows
both primes can decrypt.
Public Key Cryptography | RSA | Example | Exercise | Attacks
TRAPDOOR FUNCTION
◦ Easy to compute in one direction,
hard to compute in the other without
special information (the trapdoor)
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – KEY GENERATION
1. Pick two large primes, p and q
p = 11
q = 3
2. Calculate n = pq
n = 11 * 3
n = 33
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – KEY GENERATION
3. Calculate λ(n) = (p-1)(q-1)
λ(n) = (11-1)(3-1)
λ(n) = 10*2
λ(n) = 20
4. Choose a small number e, coprime to λ(n)
e = 3
Alternate: Fix e first (e=3, e=17, e=65,537)
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – KEY GENERATION
5. Find d, satisfying de mod λ(n) = 1
Isolating d:
d = (1 + x* λ(n)) / e, where x is any integer.
x = 0 => d = (1 + 0) / 3 (no)
x = 1 => d = (1 + 20) / 3 = 7 (yes!)
d = 7
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – KEY GENERATION
p = 11
q = 3
n = 33
λ(n) = 20
e = 3
d = 7
Private Key = (n, d) (33, 7)
Public Key = (n, e) (33, 3)
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – MESSAGES
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
We want to send the integer “m” as a message.
Sending Messages:
Encryption: c = me mod n
Decryption: m = cd mod n
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – ENCRYPTION
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
Encryption: c = me mod n
m = 4
c = 43 mod 33
c = 64 mod 33
c = 31
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA – DECRYPTION
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
Decryption: m = cd mod n
c = 31
m = 317 mod 33
m = 27,512,614,111 mod 33
m = 4
Public Key Cryptography | RSA | Example | Exercise | Attacks
RSA - ALGORITHM
Key Generation
1. Pick two large primes, p and q
2. n = pq
3. λ(n) = (p-1)(q-1)
4. Choose a small number e, coprime to λ(n)
5. Find d, satisfying d*e mod λ(n) = 1
Public Key: <n, e> Encryption: c = me mod n
Secret Key: <n, d> Decryption: m = cd mod n
Public Key Cryptography | RSA | Example | Exercise | Attacks
EXERCISE: RSA KEY SIZE
Links to tools for RSA Demo (work in pairs or more):
theisencr.github.io/whitewater_pkc/
Pink generates a public key – “Packed public key” field
Blue copies public key, unpacks, encodes message
“OpenPGP Multi Precision Integer (MPI) of Public Key
(base64)”
Pink copies encoded message, decrypts.
Spend time checking out performance of each step.
Public Key Cryptography | RSA | Example | Exercise | Attacks
EXERCISE: ATTACKS
Imagine Eve wanted to intercept communications that
Bob (Blue) sends to Alice (Pink).
Open an additional Pink tab.
Experiment with “tricking” Bob (Blue) into
communicating with Eve (new Pink).
What’s the key step?
Public Key Cryptography | RSA | Example | Exercise | Attacks
AUTHENTICATING PUBLIC KEYS
◦ You need to trust that Alice’s public key is *really* her
key!
◦ Three approaches:
▫ Certificate Authorities – central repository of
validated keys
▫ Web of Trust – get people to “vote” that your key
is accurate (Distributed Ledger)
▫ Meet in real life and exchange keys
Public Key Cryptography | RSA | Example | Exercise | Attacks
ATTACKING RSA: FACTORING CHALLENGE
◦ Brute forcing RSA requires prime factorization
◦ Monetary reward for cracking large RSA values
◦ RSA-XXX: XXX = number of bits
◦ RSA-768: Factored in December 2009 – 2 ½ years
◦ “On a single core 2.2 GHz AMD Opteron processor
with 2 GB RAM, sieving would have taken about
fifteen hundred years”
Public Key Cryptography | RSA | Example | Exercise | Attacks
ATTACKING RSA - RANDOMNESS
p = Randomly Chosen
q = Randomly Chosen
n = p and q
λ(n) = p and q
e = chosen from p, q
d = found from e, λ(n)
Public Key Cryptography | RSA | Example | Exercise | Attacks
ATTACKING RSA - RANDOMNESS
◦ “Random numbers” are actually pseudo-random
◦ Ways to generate “random” numbers
▫ Seed by time
▫ Seed by execution history - /dev/random
▫ Seed by atmospheric noise
Public Key Cryptography | RSA | Example | Exercise | Attacks
ATTACKING RSA - RANDOMNESS
◦ 2012 paper by Heninger et al. at USENIX
▫ “Mining your P’s and Q’s: Detection of
Widespread Weak Keys in Network Devices”
◦ Plain terms: if the P/Q of two keys are the same, you
can determine the other factor of both.
◦ How rare is this?
Public Key Cryptography | RSA | Example | Exercise | Attacks
ATTACKING RSA - RANDOMNESS
◦ If you use poor randomness, common factors
(somewhat) common!
◦ Heninger et al. harvested 5 million SSL keys
◦ Found high common factors in 0.5% of the keys
(25,000 keys)
◦ Result: can compute the private keys of those 25,000!
Public Key Cryptography | RSA | Example | Exercise | Attacks
ATTACKING RSA - RANDOMNESS
◦ /dev/urandom: supplies random bytes based on disk
activity, non-blocking
◦ Why would disk activity be not-so-random on devices
like these?
Public Key Cryptography | RSA | Example | Exercise | Attacks
SUMMARY SLIDE
Public Key Cryptography | RSA | Example | Exercise | Attacks
◦ Differences between Private and Public
Key Cryptosystems
◦ Introduction to RSA
◦ Walkthrough of RSA at scale
◦ Attacks against RSA