Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh.

Published byJuniper Carr Modified over 9 years ago

Similar presentations

Presentation on theme: "Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh."— Presentation transcript:

1 Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh

2 Motivation #1

3 A study by Heninger et al. (2012) found… 5.57% of TLS hosts had same private keys as another host 0.50% of these hosts’ private keys were easily computed through finding all-pairs GCDs

4 Motivation #1 Reason for these common factors? Weak entropy!

5 Motivation #2

6 Goals

7 Overview Entropy Authority Certificate Authority TLS Host (e.g., web server) Key generation protocol Key verification protocol

8 Overview Entropy Authority Certificate Authority TLS Host (e.g., web server) 3. EA-signed certificate 2. EA-signed certificate 1. Modulus generation 4. CA-signed certificate

9 Building blocks

10

11 Public-key signature scheme (Goldwasser et al.) Sign and verify functions Existentially unforgeable

12 Protocol: Modulus Generation HostEntropy Authority

13 Protocol: Modulus Generation HostEntropy Authority

14 Protocol: Modulus Verification HostCertificate Authority Verify EA signature

15 Application: SSH Entropy Authority SSH Client SSH Server 3. EA-signed certificate 2. EA-signed certificate 1. Modulus generation

16 Security

17

18

19

20

21

22 Performance On a laptop… Traditional RSA: 0.59s Our protocol: 3.18s

23 Performance On a Linksys router… Traditional RSA: 59.6s Our protocol: 111.7s Includes ~100ms RTT network latency Relatively small overhead: ~2x

24 Related Work

25 Future work Integrate protocol into certificate signing request to CA

26 Conclusion Protocol for generating an RSA modulus with sufficient randomness Feasible to implement on today’s hardware Small overhead to traditional RSA Contact: wmu@cs.stanford.edu

Download ppt "Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh."

Similar presentations

Ensuring High-Quality Randomness in Cryptographic Key Generation Henry Corrigan-Gibbs, Wendy Mu, Dan Boneh - Stanford Bryan Ford - Yale 20 th ACM Conference.

Ensuring High-Quality Randomness in Cryptographic Key Generation Henry Corrigan-Gibbs, Wendy Mu, Dan Boneh - Stanford Bryan Ford - Yale 20 th ACM Conference.
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Design and Security Analysis of Marked Blind Signature

Design and Security Analysis of Marked Blind Signature
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.

CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Similar presentations

Ads by Google