Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.

Slides:

Advertisements

Similar presentations

Hash Function Firewalls in Signature Schemes Burt Kaliski, RSA Laboratories IEEE P1363 Working Group Meeting June 2, 2000 (Rev. June 8, 2000)

Advertisements

RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless Sensor Networks Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, Hung-Ming Sun.

Cryptography and Network Security

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

The RSA Cryptosystem Dan Boneh Stanford University.

Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)

A Designer’s Guide to KEMs Alex Dent

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Chapter 3 Encryption Algorithms & Systems (Part C)

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

S/MIME v3.2 draft-ietf-smime-3850bis-00.txt draft-ietf-smime-3851bis-00.txt Sean Turner Blake Ramsdell.

1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

Doc.: IEEE /0946r3 Submission August 2012 A proposal for next generation security in built on changes in ac 23 August 2012 Slide.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Bob can sign a message using a digital signature generation algorithm

DSA (Digital Signature Algorithm) Tahani Aljehani.

Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.

The RSA Algorithm Rocky K. C. Chang, March

Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Status of Draft ANSI X9.44 (& More) Burt Kaliski and Jakob Jonsson RSA Laboratories NIST Key Management Workshop November 1–2, 2001 (Rev. November 6, 2001)

Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

PKCS #1 v2.1: RSA Cryptography Standard

Topic 22: Digital Schemes (2)

1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.

Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.

RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.

Exercises Information Security Course Eric Laermans – Tom Dhaene.

Chapter 21 Public-Key Cryptography and Message Authentication.

On OAEP, PSS, and S/MIME John Linn RSA Laboratories S/MIME WG, San Diego IETF, 13 December 2000.

A Method for Obtaining Digital Signatures and Public-key Cryptosystems

Optimal Asymmetric Encryption based on a paper by Mihir Bellare and Phillip Rogaway Team Members  Chris Kellogg  Doug Wagers  Angela Johnston  Kris.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Dan Boneh Public Key Encryption from trapdoor permutations PKCS 1 Online Cryptography Course Dan Boneh.

Hash and MAC Functions CS427 – Computer Security

Some Perspectives on Smart Card Cryptography

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

PKCS #1 v2.1: RSA Cryptography Standard Burt Kaliski, RSA Laboratories PKCS Workshop, 5 October 2000.

Prepared by Dr. Lamiaa Elshenawy

Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.

Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh.

PKCS #5: Password-Based Cryptography Standard

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002.

Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,

KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov

RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998.

Doc.: IEEE /0946r1 Submission July 2012 A proposal for next generation security in built on changes in ac 16 July 2012 Slide 1 Authors:

PKCS #5 v2.0: Password-Based Cryptography Standard

1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

RSA Data Security, Inc. Emerging Standards for Public-Key Cryptography Burt Kaliski Chief Scientist, RSA Laboratories BRICS Summer School in Cryptology.

RSA Laboratories’ PKCS Series - a Tutorial

Authenticated Identity

RSA Digital Signature Standards

July 2010 doc.: IEEE /0903r0 A proposal for next generation security in built on changes in ac 23 August 2012 Authors: Name Company.

Diffie-Hellman Key Exchange

Presentation transcript:

Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003

Outline New mechanisms: –RSA-PSS –RSA-KEM –RSA-KEGVER Algorithm strategy Next steps

RSA-PSS Probabilistic Signature Scheme by Mihir Bellare, Phillip Rogaway –Adapted for standardization Security related to RSA problem in random oracle model –Higher assurance for the long term Supported in PKCS #1 v2.1, IEEE P1363a Recommended by NESSIE

RSA-PSS & PKCS #11 RSA Laboratories encourages transition to RSA-PSS from PKCS #1 v1.5 –Convenient as SHA-256+ deployed PKCS #11 already supports RSA-PSS, but not yet with SHA-256+ Recommendation: –Add RSA-PSS/SHA-256+ in v2.20 –Discourage PKCS #1 v1.5/SHA-256+

RSA-KEM Key Encapsulation Mechanism from Victor Shoup, et al. Security related to RSA problem in r.o. model Supported in draft ANS X9.44; proposed to TLS, S/MIME working groups Recommended by NESSIE

RSA-KEM Operations Generate key & corresponding ciphertext using public key (n,e) –R = random[0,n-1] –C = R e mod n –K = KDF(R) Regenerate key from ciphertext using private key (n,d) –R = C d mod n –K = KDF(R)

RSA-KEM for Key Wrapping Wrap keying material KM using (n,e): –(C, KEK) = Generate ((n,e)) –C’ = Wrap (KEK, KM) Send (C,C’) Unwrap using (n,d): –KEK = Regenerate ((n,d), C) –KM = Unwrap (KEK, C’)

RSA-KEM & PKCS #11 RSA Laboratories encourages transition to RSA-KEM from PKCS #1 v1.5 –Convenient as AES deployed PKCS #11 doesn’t support RSA-KEM Recommendation: –Add RSA-KEM as PKCS #1 / TLS / S/MIME etc. updated

RSA-KEGVER Key generation with verifiable randomness by Ari Juels, Jorge Guajardo Key pairs generated with evidence of randomness –Publicly verifiable assurance that keys derived using a specified key generator –Prevents “trapdoors” (e.g., Crépeau-Slakmon), “weak” primes Research prototype stage

RSA-KEGVER & PKCS #11 RSA Laboratories encourages consideration for high-assurance tokens PKCS #11 supports RSA key generation, but not “evidence” Recommendation: –Add “evidence” field –Add RSA-KEGVER (or other methods) as research matures into products, standards

Summary of Recommendations RSA-PSS: Add SHA-256+ versions to PKCS #11 v2.20 RSA-KEM: Add as PKCS #1 etc. updated RSA-KEGVER: Add “evidence” field, add methods as research matures

Algorithm Strategy The bigger picture PKCS #11 supports a lot of algorithms already, and there are many more in other standards –IETF, NIST “schemes”, NESSIE, … How to decide which ones to add? ANS X9.44 strategy: Reflect & guide

Reflect & Guide Reflect: Support methods employed in industry, profiled for better security Guide: Add methods with better security, adapted to integrate with industry practice Examples in draft ANS X9.44: –Reflect: Existing TLS handshake –Guide: Revised handshake using RSA-KEM

Next Steps Choose new mechanisms –which ones? Draft text for PKCS #11 Consider the algorithm strategy Add other mechanisms to implement strategy

Contact Information Burt Kaliski RSA Laboratories