Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh.

Slides:

Advertisements

Similar presentations

Ensuring High-Quality Randomness in Cryptographic Key Generation Henry Corrigan-Gibbs, Wendy Mu, Dan Boneh - Stanford Bryan Ford - Yale 20 th ACM Conference.

Advertisements

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Design and Security Analysis of Marked Blind Signature

Web security: SSL and TLS

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Digital Signatures and Hash Functions. Digital Signatures.

Lecture 23 Internet Authentication Applications

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

FIT3105 Smart card based authentication and identity management Lecture 4.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.

Computer Science Public Key Management Lecture 5.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

By Jyh-haw Yeh Boise State University ICIKM 2013.

Chapter 31 Network Security

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.

Secure Electronic Transaction (SET)

Secure Socket Layer (SSL)

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.

4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

Digital Signatures and Digital Certificates Monil Adhikari.

Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Installing a SSL Server. Creating a key Before you can create a digital signature/certificate. You need first to create a private key. To do this process.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Suzanne Gysin 1, Andrey D. Petrov 1, Pierre Charrue 2, Wojciech Gajewski 2, Kris Kostro 2, Maciej Peryt 2 1 Fermi National Accelerator Laboratory, 2 European.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Security Outline Encryption Algorithms Authentication Protocols

Information Security message M one-way hash fingerprint f = H(M)

Message Digest Cryptographic checksum One-way function Relevance

Advanced Computer Networks

Presentation transcript:

Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh

Motivation #1

A study by Heninger et al. (2012) found… 5.57% of TLS hosts had same private keys as another host 0.50% of these hosts’ private keys were easily computed through finding all-pairs GCDs

Motivation #1 Reason for these common factors? Weak entropy!

Motivation #2

Goals

Overview Entropy Authority Certificate Authority TLS Host (e.g., web server) Key generation protocol Key verification protocol

Overview Entropy Authority Certificate Authority TLS Host (e.g., web server) 3. EA-signed certificate 2. EA-signed certificate 1. Modulus generation 4. CA-signed certificate

Building blocks

Public-key signature scheme (Goldwasser et al.) Sign and verify functions Existentially unforgeable

Protocol: Modulus Generation HostEntropy Authority

Protocol: Modulus Generation HostEntropy Authority

Protocol: Modulus Verification HostCertificate Authority Verify EA signature

Application: SSH Entropy Authority SSH Client SSH Server 3. EA-signed certificate 2. EA-signed certificate 1. Modulus generation

Security

Performance On a laptop… Traditional RSA: 0.59s Our protocol: 3.18s

Performance On a Linksys router… Traditional RSA: 59.6s Our protocol: 111.7s Includes ~100ms RTT network latency Relatively small overhead: ~2x

Related Work

Future work Integrate protocol into certificate signing request to CA

Conclusion Protocol for generating an RSA modulus with sufficient randomness Feasible to implement on today’s hardware Small overhead to traditional RSA Contact: