Asymmetric Cryptography
2,676 views
31 slides
Jan 29, 2018
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
An introduction to asymmetric cryptography with an in-depth look at RSA, Diffie-Hellman, the FREAK and LOGJAM attacks on TLS/SSL, and the "Mining your P's and Q's attack".
Slide Content
Asymmetric Cryptography
February 8, 2017
February 8, 2017
Why Cryptography?
●Confidentiality - only intended parties can read contents
●Integrity - message tampering can be detected
●Authentication - the author is verified
●Nonrepudiation - the author cannot deny being the author
●Confidentiality - only intended parties can read contents
●Integrity - message tampering can be detected
●Authentication - the author is verified
●Nonrepudiation - the author cannot deny being the author
Why asymmetric cryptography?
●No need to secretly distribute key
●Difficult to brute-force
●Reuse of key does not significantly weaken security
●No need to secretly distribute key
●Difficult to brute-force
●Reuse of key does not significantly weaken security
Why not asymmetric cryptography?
●More computationally-intensive than symmetric
cryptography
●More computationally-intensive than symmetric
cryptography
RSA
●Developed by Rivest, Shamir, and Adleman in 1977
●Based on the difficulty of factoring product of 2 large
primes, being able to compute private key from public key
●Built-in confidentiality, authentication, integrity, and
nonrepudiation from owner
●Computationally expensive
●Developed by Rivest, Shamir, and Adleman in 1977
●Based on the difficulty of factoring product of 2 large
primes, being able to compute private key from public key
●Built-in confidentiality, authentication, integrity, and
nonrepudiation from owner
●Computationally expensive
RSA Keys
●Public and private key should be prime numbers ≥ 2048
bits
●Public key should be available to everyone
○Ex) Distribute using keyserver
●Private key should be known only to the owner of key pair
●Public and private key should be prime numbers ≥ 2048
bits
●Public key should be available to everyone
○Ex) Distribute using keyserver
●Private key should be known only to the owner of key pair
Key Generation and
Encryption/Decryption
Encryption/Decryption
RSA Key Generation
1.Pick primes of similar length (p = 61, q = 53)
2.Compute N as p x q (61 x 53 = 3233)
3.Compute the totient of N (60 x 52 = 3120)
4.Chose public exponent e that is coprime to N (17)
5.Compute the modular multiplicative inverse of e mod totient(N) (2753)
1.Pick primes of similar length (p = 61, q = 53)
2.Compute N as p x q (61 x 53 = 3233)
3.Compute the totient of N (60 x 52 = 3120)
4.Chose public exponent e that is coprime to N (17)
5.Compute the modular multiplicative inverse of e mod totient(N) (2753)
RSA Encryption
●e(m) = m
e
mod N = c
●d(c) = c
d
mod N = m
Because:
●d(m
e
) = m
ed
mod N = m -- ed = 1 + hφ(n) (Definition of multiplicative inverse)
●m
1 + hφ(n)
mod N = m
●m(m
φ(n)
)
h
mod N = m -- a
φ(n)
= 1 mod N (Euler’s Theorem)
●m(1)
h
mod N = m
●e(m) = m
e
mod N = c
●d(c) = c
d
mod N = m
Because:
●d(m
e
) = m
ed
mod N = m -- ed = 1 + hφ(n) (Definition of multiplicative inverse)
●m
1 + hφ(n)
mod N = m
●m(m
φ(n)
)
h
mod N = m -- a
φ(n)
= 1 mod N (Euler’s Theorem)
●m(1)
h
mod N = m
Uses for RSA
●First connection in SSL/TLS
●Signing communication
○More efficient to encrypt hash of message rather than
whole message
●Subscription-based services like commercial TV, radio,
etc.
●First connection in SSL/TLS
●Signing communication
○More efficient to encrypt hash of message rather than
whole message
●Subscription-based services like commercial TV, radio,
etc.
Diffie-Hellman Key Exchange
●Developed and published by Whitfield Diffie and Martin
Hellman in 1976
●Relies on difficulty of discrete logarithm problem
●Forward secrecy
●Can be performed with more than two parties
●More efficient than RSA
●Developed and published by Whitfield Diffie and Martin
Hellman in 1976
●Relies on difficulty of discrete logarithm problem
●Forward secrecy
●Can be performed with more than two parties
●More efficient than RSA
Diffie-Hellman Keys
●Communicating parties agree on a exponential base (g)
and prime modulus (p)
●Each communicating party generates a secret value to
use for exponentiation
●Shared symmetric key can be generated securely over
public network
○Negotiation steps, if captured, should not give away
key
●Communicating parties agree on a exponential base (g)
and prime modulus (p)
●Each communicating party generates a secret value to
use for exponentiation
●Shared symmetric key can be generated securely over
public network
○Negotiation steps, if captured, should not give away
key
Key Generation and
Encryption/Decryption
Encryption/Decryption
Diffie Hellman Key Exchange
1.Alice and Bob agree on p = 23 and g = 5 (which is primitive root mod 23)
2.Alice chooses a = 6, and sends Bob A = 5
6
mod 23 = 8
3.Bob chooses b = 15, and sends Alice B = 5
15
mod 23 = 19
4.S = A
b
mod p = 8
15
mod 23 = 2
5.S = B
a
mod p = 19
6
mod 23 = 2
1.Alice and Bob agree on p = 23 and g = 5 (which is primitive root mod 23)
2.Alice chooses a = 6, and sends Bob A = 5
6
mod 23 = 8
3.Bob chooses b = 15, and sends Alice B = 5
15
mod 23 = 19
4.S = A
b
mod p = 8
15
mod 23 = 2
5.S = B
a
mod p = 19
6
mod 23 = 2
Uses for Diffie-Hellman
●Key negotiation over public or unsecured channels
(especially Ephemeral Diffie-Hellman)
○Part of SSL/TLS
○IPSec/VPN
○SSH
●Key negotiation over public or unsecured channels
(especially Ephemeral Diffie-Hellman)
○Part of SSL/TLS
○IPSec/VPN
○SSH
Attacks on Public Key Cryptography
Timeline of “Modern” Cryptography
Post World War II - Cryptography is regulated as munitions (can’t be exported)
1975 - DES Published
1976 - Diffie-Hellman Key Exchange published
1977 - RSA published
1977 - DES Standardized (FIPS)
1985 - Amiga 1000 released
1989 - Public commercial use of the internet
1991 - PGP Released (First major instance of personal cryptography)
1993 - PGP finds it way out of the United States
1996 - Bernstein v. United States (Cryptography Export laws)
1996 - SSLv3 released (containing export grade cryptography)
Post World War II - Cryptography is regulated as munitions (can’t be exported)
1975 - DES Published
1976 - Diffie-Hellman Key Exchange published
1977 - RSA published
1977 - DES Standardized (FIPS)
1985 - Amiga 1000 released
1989 - Public commercial use of the internet
1991 - PGP Released (First major instance of personal cryptography)
1993 - PGP finds it way out of the United States
1996 - Bernstein v. United States (Cryptography Export laws)
1996 - SSLv3 released (containing export grade cryptography)
Factoring RSA Export Keys
●FREAK
●March 3, 2015
●CVE-2015-0204
●Capitalizes on forcing the server to use RSA_EXPORT keys
●RSA_EXPORT Keys are 512 bits or less
●RSA_EXPORT keys were designed to be a backdoor, good enough for public
use, bad enough for the NSA to be able to break if needed
●9.6% of top million domains vulnerable
●FREAK
●March 3, 2015
●CVE-2015-0204
●Capitalizes on forcing the server to use RSA_EXPORT keys
●RSA_EXPORT Keys are 512 bits or less
●RSA_EXPORT keys were designed to be a backdoor, good enough for public
use, bad enough for the NSA to be able to break if needed
●9.6% of top million domains vulnerable
Factoring RSA Export Keys
●Man in the Middle attack that requests RSA_EXPORT keys
●Most servers just go with it
●Most clients just go with it
●Generally one RSA_EXPORT key per server
●As seen in the diagram, knowing the premaster secret breaks the session
●Man in the Middle attack that requests RSA_EXPORT keys
●Most servers just go with it
●Most clients just go with it
●Generally one RSA_EXPORT key per server
●As seen in the diagram, knowing the premaster secret breaks the session
CADO-NFS
●Implementation of Number Field Sieve
●Current fastest way to factor large numbers
●Current fastest way to compute discrete logarithm
●Can break 512 bit RSA keys in 7 hours for ~$100 on EC2
●Implementation of Number Field Sieve
●Current fastest way to factor large numbers
●Current fastest way to compute discrete logarithm
●Can break 512 bit RSA keys in 7 hours for ~$100 on EC2
Logjam
●October 2015
●CVE-2015-4000
●Capitalizes on forcing the server to use DHE_EXPORT parameters
●Tricks the client into thinking they are standard DHE
●8.4% of the top million domains vulnerable
●October 2015
●CVE-2015-4000
●Capitalizes on forcing the server to use DHE_EXPORT parameters
●Tricks the client into thinking they are standard DHE
●8.4% of the top million domains vulnerable
Number Field Sieve for Discrete Log
“Mining your P’s and Q’s”
●Low entropy RSA keys may share a common prime
●This prime can be found trivially with Euclid’s GCD Algorithm
●Finding one prime makes the other trivial to find, making generating a private
key trivial to find
●Low entropy RSA keys may share a common prime
●This prime can be found trivially with Euclid’s GCD Algorithm
●Finding one prime makes the other trivial to find, making generating a private
key trivial to find
Euclidean Algorithm for GCD
function gcd(a, b)
while b ≠ 0
t := b;
b := a mod b;
a := t;
return a;
function gcd(a, b)
while b ≠ 0
t := b;
b := a mod b;
a := t;
return a;
More Resources:
●https://www.id0-rsa.pub/ - Cryptography Challenges
●https://www.youtube.com/watch?v=2aHkqB2-46k - Cryptography Lectures
●https://weakdh.org - Logjam Website
●https://mitls.org/pages/attacks/SMACK#freak - Freak Website
●https://factorable.net/ - Mining your P’s and Q’s
●https://github.com/kulinacs/smashcipher - Factor RSA library
●https://www.id0-rsa.pub/ - Cryptography Challenges
●https://www.youtube.com/watch?v=2aHkqB2-46k - Cryptography Lectures
●https://weakdh.org - Logjam Website
●https://mitls.org/pages/attacks/SMACK#freak - Freak Website
●https://factorable.net/ - Mining your P’s and Q’s
●https://github.com/kulinacs/smashcipher - Factor RSA library
Questions?
Future Events
●Introduction to Pentesting - Saturday, February 11th, 12 PM - 3 PM
●Coming up in March: Binary Exploitation
●CTFs for the semester (subject to change):
○Boston Key Party (February 25th & 26th)
○VolgaCTF (March 24th - 26th)
○ASIS CTF (April 7th - 9th)
●Introduction to Pentesting - Saturday, February 11th, 12 PM - 3 PM
●Coming up in March: Binary Exploitation
●CTFs for the semester (subject to change):
○Boston Key Party (February 25th & 26th)
○VolgaCTF (March 24th - 26th)
○ASIS CTF (April 7th - 9th)
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2,676
- Slides 31
- Favorites 1
- Age 2863 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views