DOCSLIB.ORG

ECE590 Computer and Information Security Fall 2018

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
ECE590 Computer and Information Security Fall 2018 ECE590 Computer and Information Security Fall 2018 Cryptography Tyler Bletsch Duke University Some slides adapted from slideware accompanying “Computer Security: Principles and Practice” by William Stallings and Lawrie Brown REAL advice for using cryptography • I’m about to teach cryptography basics, which you should know • However, you should not reach for these functions in most real- world programming scenarios!! • Repeat after me: I’ll provide more detailed advice after we understand the theory... 2 Introducing the “grey slides” • From the textbook publisher • Perfectly fine for the most part, except... A bit out of date (you’ll see me address this with my slides) . Diagrams haven’t been updated since the 90s (lol) . Randomly wraps words in needless colored shapes like a drunk preshooler (why???) 3 Crypto basics summary • Symmetric (secret key) cryptography c = ciphertext p = plaintext . c = Es(p,k) k = secret key Es = Encryption function (symmetric) D = Decryption function (symmetric) . p = Ds(c,k) s • Message Authentication Codes (MAC) . Generate and append: H(p+k), E(H(p),k), or tail of E(p,k) H = Hash function . Check: A match proves recipient knew k • Asymmetric (public key) cryptography Ea = Encryption function (asymmetric) . c = E (p,k ) Da = Decryption function (asymmetric) a pub kpub = public key kpriv = private key . p = Da(c,kpriv) . kpub and kpriv generated together, mathematically related • Digital signatures s = signature . Generate and append: s = Ea(H(p),kpriv) . Check: Da(s,kpub)==H(p) proves sender knew kpriv 4 Symmetric (Secret Key) Encryption 5 Symmetric Encryption • The universal technique for providing confidentiality for transmitted or stored data • Also referred to as conventional encryption or single-key encryption • Two requirements for secure use: • Need a strong encryption algorithm • Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure Secret key shared by Secret key shared by sender and recipient sender and recipient K K Transmitted X ciphertext Y = E[K, X] X = D[K, Y] Plaintext Plaintext Encryption algorithm Decryption algorithm input output (e.g., DES) (reverse of encryption algorithm) Figure 2.1 Simplified Model of Symmetric Encryption Attacking Symmetric Encryption Cryptanalytic Attacks Brute-Force Attacks Rely on: Try all possible keys on some Nature of the algorithm ciphertext until an intelligible Some knowledge of the translation into plaintext is general characteristics of the obtained plaintext On average half of all possible Some sample plaintext- keys must be tried to achieve ciphertext pairs success Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used If successful all future and past messages encrypted with that key are compromised Hypothetical bad symmetric encryption algorithm: XOR • A lot of encryption algorithms rely on properties of XOR A B A^B 0 0 0 . Can think of A^B as “Flip a bit in A if corresponding bit in B is 1” 0 1 1 . If you XOR by same thing twice, you get the data back 1 0 1 . XORing by a random bit string yields NO info about original data 1 1 0 • Each bit has a 50% chance of having been flipped >>> a=501 >>> b=199 >>> a ^= b >>> print a 306 • Could consider XOR itself to be a symmetric encryption >>> a ^= b >>> print a algorithm (but it sucks at it!) – can be illustrative to explore 501 • Simple XOR encryption algorithm: . E(p,k) = p ^ k (keep repeating k as often as needed to cover p) . D(c,k) = c ^ k (same algorithm both ways!) 9 XOR “encryption” demo Plaintext: 'Hello' Key : 'key' H e l l o Plaintext : 01001000 01100101 01101100 01101100 01101111 k e y Key repeats> k e Key : 01101011 01100101 01111001 01101011 01100101 Ciphertext: 00100011 00000000 00010101 00000111 00001010 ^ XOR result Ciphertext: 00100011 00000000 00010101 00000111 00001010 Key : 01101011 01100101 01111001 01101011 01100101 Decrypted : 01001000 01100101 01101100 01101100 01101111 ^ XOR result H e l l o 10 Attacking XOR • Known plaintext attack: . Given plaintext : 01001000 01100101 01101100 01101100 01101111 . Given ciphertext : 00100011 00000000 00010101 00000111 00001010 . XOR result : 01101011 01100101 01111001 01101011 01100101 ^^ it's the key!!! • Chosen plaintext attack: . Chosen plaintext : 00000000 00000000 00000000 00000000 00000000 . Given ciphertext : 01101011 01100101 01111001 01101011 01100101 . XOR result : 01101011 01100101 01111001 01101011 01100101 ^^ it's the key!!! • Ciphertext only attack: . Ciphertext: 00100011 00000000 00010101 00000111 00001010 . "I assume the plaintext had ASCII text with lowercase letters, and in all such letters bit 6 is 1, but none of the ciphertext has bit 6 set, so i bet the key is most/all lower case letters" . "The second byte is all zeroes, which means the second byte of the key and plaintext are equal" . etc.... • Conclusion: XOR is a sucky encryption algorithm 12 Table 2.1 DES Triple DES AES Plaintext block size (bits) 64 64 128 Ciphertext block size (bits) 64 64 128 Key size (bits) 56 112 or 168 128, 192, or 256 DES = Data Encryption Standard AES = Advanced Encryption Standard Comparison of Three Popular Symmetric Encryption Algorithms Data Encryption Standard (DES) 1999 • Until recently was the most widely used encryption scheme • FIPS PUB 46 • Referred to as the Data Encryption Algorithm (DEA) • Uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block Strength concerns: • Concerns about the algorithm itself •DES is the most studied encryption algorithm in existence • Concerns about the use of a 56-bit key •The speed of commercial off-the-shelf processors makes this key length woefully inadequate Table 2.2 Number of Time Required Key size Alternative Time Required at 109 at 1013 (bits) Cipher Keys decryptions/s decryptions/s 56 DES 256 ≈ 7.2 ´ 1016 255 ns = 1.125 years 1 hour AES 2127 ns = 5.3 ´ 1021 128 2128 ≈ 3.4 ´ 1038 5.3 ´ 1017 years years Triple DES 2167 ns = 5.8 ´ 1033 168 2168 ≈ 3.7 ´ 1050 5.8 ´ 1029 years years 192 AES 2192 ≈ 6.3 ´ 1057 2191 ns = 9.8 ´ 1040 9.8 ´ 1036 years years 256 AES 2256 ≈ 1.2 ´ 1077 2255 ns = 1.8 ´ 1060 1.8 ´ 1056 years years Average Time Required for Exhaustive Key Search Triple DES (3DES) Repeats basic DES algorithm three times using either two or three unique keys First standardized for use in financial applications in ANSI standard X9.17 in 1985 Attractions: 168-bit key length overcomes the vulnerability to brute-force attack of DES Underlying encryption algorithm is the same as in DES Drawbacks: Algorithm is sluggish in software Uses a 64-bit block size Advanced Encryption Standard (AES) Needed a NIST called for Selected replacement for proposals for a Rijndael in 3DES new AES in 1997 November 2001 Should have a security strength equal to or better than 3DES Significantly improved efficiency 3DES was not Published as reasonable for long term use FIPS 197 Symmetric block cipher 128 bit data and 128/192/256 bit keys Computationally Secure Encryption Schemes • Encryption is computationally secure if: • Cost of breaking cipher exceeds value of information • Time required to break cipher exceeds the useful lifetime of the information • Usually very difficult to estimate the amount of effort required to break algorithm (cryptanalysis) • Can estimate time/cost of a brute-force attack Typically symmetric encryption is applied to a unit of data larger than a single 64-bit or 128-bit block Electronic codebook (ECB) mode is the simplest approach to multiple-block encryption Each block of plaintext is encrypted using the same key Cryptanalysts may be able to exploit regularities in the plaintext Modes of operation Alternative techniques developed to increase the security of symmetric block encryption for large sequences Overcomes the weaknesses of ECB Block & Stream Ciphers Block Cipher • Processes the input one block of elements at a time • Produces an output block for each input block • Can reuse keys • More common Stream Cipher • Processes the input elements continuously • Produces output one element at a time • Primary advantage is that they are almost always faster and use far less code • Encrypts plaintext one byte at a time • Pseudorandom stream is one that is unpredictable without knowledge of the input key P1 P2 Pn n o b b b i t p y K Encrypt K Encrypt K Encrypt r c n b b b E C1 C2 Cn C1 C2 Cn n o b b b i t p y K Decrypt K Decrypt K Decrypt r c e b b b D P1 P2 Pn (a) Block cipher encryption (electronic codebook mode) Key Key K K Pseudorandom byte Pseudorandom byte generator generator (key stream generator) (key stream generator) k k Plaintext Ciphertext Plaintext byte stream byte stream byte stream M ENCRYPTION C DECRYPTION M (b) Stream encryption Figure 2.2 Types of Symmetric Encryption Table 20.3 Block Cipher Modes of Operation Modes of operation are critical! • Electronic Codebook (ECB) is what you’d come up with naively: “Just apply the key to each block” • But this means that identical blocks give identical ciphertext, which can be informative to an attacker... See PoC||GTFO 4:13 for a poem about this 23 Figures from Wikipedia “Block cipher mode of operation” Time = 1 Time = 2 Time = N IV P1 P2 PN CN–1 K Encrypt K Encrypt K Encrypt C1 C2 CN (a) Encryption C1 C2 CN K Decrypt K Decrypt K Decrypt IV CN–1 P1 P2 PN (b) Decryption Figure 20.7 Cipher Block Chaining (CBC) Mode The Initialization Vector • The previous slide showed an “IV” (Initialization Vector”) used to start the chain (it’s XORed with the first block of plaintext). Something like this is used in many modes.
Load more

Recommended publications
  • Public-Key Cryptography
    Public Key Cryptography EJ Jung Basic Public Key Cryptography public key public key ? private key Alice Bob Given: Everybody knows Bob’s public key - How is this achieved in practice? Only Bob knows the corresponding private key Goals: 1. Alice wants to send a secret message to Bob 2. Bob wants to authenticate himself Requirements for Public-Key Crypto ! Key generation: computationally easy to generate a pair (public key PK, private key SK) • Computationally infeasible to determine private key PK given only public key PK ! Encryption: given plaintext M and public key PK, easy to compute ciphertext C=EPK(M) ! Decryption: given ciphertext C=EPK(M) and private key SK, easy to compute plaintext M • Infeasible to compute M from C without SK • Decrypt(SK,Encrypt(PK,M))=M Requirements for Public-Key Cryptography 1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb) 2. Easy for sender to generate ciphertext: C = EKUb (M ) 3. Easy for the receiver to decrypt ciphertect using private key: M = DKRb (C) = DKRb[EKUb (M )] Henric Johnson 4 Requirements for Public-Key Cryptography 4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption: M = DKRb[EKUb (M )] = DKUb[EKRb (M )] Henric Johnson 5 Public-Key Cryptographic Algorithms ! RSA and Diffie-Hellman ! RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA
    [Show full text]
  • A Password-Based Key Derivation Algorithm Using the KBRP Method
    American Journal of Applied Sciences 5 (7): 777-782, 2008 ISSN 1546-9239 © 2008 Science Publications A Password-Based Key Derivation Algorithm Using the KBRP Method 1Shakir M. Hussain and 2Hussein Al-Bahadili 1Faculty of CSIT, Applied Science University, P.O. Box 22, Amman 11931, Jordan 2Faculty of Information Systems and Technology, Arab Academy for Banking and Financial Sciences, P.O. Box 13190, Amman 11942, Jordan Abstract: This study presents a new efficient password-based strong key derivation algorithm using the key based random permutation the KBRP method. The algorithm consists of five steps, the first three steps are similar to those formed the KBRP method. The last two steps are added to derive a key and to ensure that the derived key has all the characteristics of a strong key. In order to demonstrate the efficiency of the algorithm, a number of keys are derived using various passwords of different content and length. The features of the derived keys show a good agreement with all characteristics of strong keys. In addition, they are compared with features of keys generated using the WLAN strong key generator v2.2 by Warewolf Labs. Key words: Key derivation, key generation, strong key, random permutation, Key Based Random Permutation (KBRP), key authentication, password authentication, key exchange INTRODUCTION • The key size must be long enough so that it can not Key derivation is the process of generating one or be easily broken more keys for cryptography and authentication, where a • The key should have the highest possible entropy key is a sequence of characters that controls the process (close to unity) [1,2] of a cryptographic or authentication algorithm .
    [Show full text]
  • Authentication and Key Distribution in Computer Networks and Distributed Systems
    13 Authentication and key distribution in computer networks and distributed systems Rolf Oppliger University of Berne Institute for Computer Science and Applied Mathematics {JAM) Neubruckstrasse 10, CH-3012 Bern Phone +41 31 631 89 51, Fax +41 31 631 39 65, [email protected] Abstract Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. Keywords Authentication, key distribution, Kerberos, NetSP, SPX, TESS, SESAME 1 INTRODUCTION Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. It is assumed that the reader of this paper is familiar with the funda­ mentals of cryptography, and the use of cryptographic techniques in computer networks and distributed systems (Oppliger, 1992 and Schneier, 1994). The following notation is used in this paper: • Capital letters are used to refer to principals (users, clients and servers).
    [Show full text]
  • TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula
    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula October 2015 Abstract 1 Introduction The security of Electronic commerce is completely in the hands of Cryptogra- phy. Most of the transactions through e-commerce sites, auction sites, on-line banking, stock trading and many more are exchanged over the network. SSL or TLS are the additional layers that are required in order to obtain authen- tication, privacy and integrity for all kinds of communication going through network. This paper focuses on the additional layer (TLS) which is responsi- ble for the whole communication. Transport Layer Security is a protocol that is responsible for offering privacy between the communicating applications and their users on Internet. TLS is inserted between the application layer and the network layer-where the session layer is in the OSI model TLS, however, requires a reliable transport channel-typically TCP. 2 History Instead of the end-to-end argument and the S-HTTP proposal the developers at Netscape Communications introduced an interesting secured connection concept of low-layer and high-layer security. For achieving this type of security there em- ployed a new intermediate layer between the transport layer and the application layer which is called as Secure Sockets Layer (SSL). SSL is the starting stage for the evolution of different transport layer security protocols. Technically SSL protocol is assigned to the transport layer because of its functionality is deeply inter-winded with the one of a transport layer protocol like TCP. Coming to history of Transport layer protocols as soon as the National Center for Super- computing Application (NCSA) released the first popular Web browser called Mosaic 1.0 in 1993, Netscape Communications started working on SSL protocol.
    [Show full text]
  • An Efficient Watermarking and Key Generation Technique Using DWT Algorithm in Three- Dimensional Image
    International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-2, July 2019 An Efficient Watermarking and Key Generation Technique Using DWT Algorithm in Three- Dimensional Image R. Saikumar, D. Napoleon Abstract:Discrete Wavelet Transform is the algorithm which obtained by compressive sensing. It is a novel technology can be used to increase the contrast of an image for better visual used to compress the data at a higher rate than the quality of an image. The histogram value for original image with highest bins is taken for embedding the data into an image to conventional method. The compression and encryption are perform the histogram equalization for repeating the process achieved by a single linear measurement step through a simultaneously. Information can be embedded into the source measurement matrix, which can be generated by the secret image with some bit value, for recovering the original image key. This key can be shared only among the sender and the without any loss of the pixels. DWT is the first algorithm which has achieved the image contrast enhancement accurately. This receiver at the time of sending and receiving data as a approach maintained the original visual quality of an image even multimedia file. though themessage bits are embedded into the contrast-enhanced images. The proposed work with an original watermarking II. LITERATURE REVIEW scheme based on the least significant bit technique. As a substitute of embedding the data into a simple image as Y. Sridhar et al: An author says about the unique structure watermarking, least significant bitmethod by utilizing the three about the scalable coding for PRNG images which have wavelets transform is applied in the proposed system in order to been encrypted.
    [Show full text]
  • Data Encryption Standard (DES)
    6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter: + To review a short history of DES + To defi ne the basic structure of DES + To describe the details of building elements of DES + To describe the round keys generation process + To analyze DES he emphasis is on how DES uses a Feistel cipher to achieve confusion and diffusion of bits from the Tplaintext to the ciphertext. 6.1 INTRODUCTION The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). 6.1.1 History In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modifi cation of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). After the publication, the draft was criticized severely for two reasons. First, critics questioned the small key length (only 56 bits), which could make the cipher vulnerable to brute-force attack. Second, critics were concerned about some hidden design behind the internal structure of DES. They were suspicious that some part of the structure (the S-boxes) may have some hidden trapdoor that would allow the National Security Agency (NSA) to decrypt the messages without the need for the key. Later IBM designers mentioned that the internal structure was designed to prevent differential cryptanalysis.
    [Show full text]
  • CCAM an Intelligence Brute Force Attack on RSA Cryptosystem
    Communications in Computational and Applied Mathematics, Vol. 1 No. 1 (2019) p. 1-7 CCAM Communications in Computational and Applied Mathematics Journal homepage : www.fazpublishing.com/ccam e-ISSN : 2682-7468 An Intelligence Brute Force Attack on RSA Cryptosystem Chu Jiann Mok1, Chai Wen Chuah1,* 1Information Security Interest Group (ISIG), Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia 86400 Parit Raja, Batu Pahat, MALAYSIA *Corresponding Author Received 27 November 2018; Abstract: RSA cryptosystem is the one of the public key cryptosystem used for secure data Accepted 01 March 2019; transmission. In this research, an intelligence brute force attack is proposed for attacking RSA Available online 07 March cryptosystem cryptanalysis. In the paper, the effectiveness in cryptanalysis is simulated. An 2019 experimental analysis of the proposed approach is carried out in order to evaluate its effectiveness in terms of time used for recovery RSA key. Performance of proposed algorithm compared with prime factorization and brute force attack on RSA toy box. The results are used to estimate the time required for real-life RSA cryptosystem in ideal conditions. Keywords: RSA cryptosystem, public key cryptosystem, brute force, cryptanalysis 1. Introduction Table 1 - Relationship between number of bits used in RSA was invented by Ron Rivest, Adi Shame and RSA cryptosystem and prime-to-nature numbers ratio Leonard Adleman in 1977. RSA is a public key cryptosystem Maximum nature No. Prime Prime-to- for securing data transmission. RSA encryption is asymmetric number numbers nature cipher, which consists of two keys: public key (,)ne and numbers ratio private key (,,)pqd .
    [Show full text]
  • A Simple Secret Key Generation by Using a Combination of Pre-Processing Method with a Multilevel Quantization
    entropy Article A Simple Secret Key Generation by Using a Combination of Pre-Processing Method with a Multilevel Quantization Mike Yuliana 1,2,* , Wirawan 1 and Suwadi 1 1 Department of Electrical Engineering, Faculty of Electrical Technology, Institut Teknologi Sepuluh Nopember, Jalan Raya ITS, Keputih, Sukolilo, Surabaya 60111, Indonesia; [email protected] (W.); [email protected] (S.) 2 Department of Electrical Engineering, Politeknik Elektronika Negeri Surabaya (PENS), Jalan Raya ITS, Keputih, Sukolilo, Surabaya 60111, Indonesia * Correspondence: [email protected] or [email protected]; Tel.: +62-812-1746-4666 Received: 14 January 2019; Accepted: 15 February 2019; Published: 18 February 2019 Abstract: Limitations of the computational and energy capabilities of IoT devices provide new challenges in securing communication between devices. Physical layer security (PHYSEC) is one of the solutions that can be used to solve the communication security challenges. In this paper, we conducted an investigation on PHYSEC which utilizes channel reciprocity in generating a secret key, commonly known as secret key generation (SKG) schemes. Our research focused on the efforts to get a simple SKG scheme by eliminating the information reconciliation stage so as to reduce the high computational and communication cost. We exploited the pre-processing method by proposing a modified Kalman (MK) and performing a combination of the method with a multilevel quantization, i.e., combined multilevel quantization (CMQ). Our approach produces a simple SKG scheme for its significant increase in reciprocity so that an identical secret key between two legitimate users can be obtained without going through the information reconciliation stage.
    [Show full text]
  • Key Derivation and Randomness Extraction
    Key Derivation and Randomness Extraction Olivier Chevassut1, Pierre-Alain Fouque2, Pierrick Gaudry3, and David Pointcheval2 1 Lawrence Berkeley National Lab. – Berkeley, CA, USA – [email protected] 2 CNRS-Ecole´ normale sup´erieure – Paris, France – {Pierre-Alain.Fouque,David.Pointcheval}@ens.fr 3 CNRS-Ecole´ polytechnique – Palaiseau, France – [email protected] Abstract. Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standard- ization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to derive other keys. This paper first deals with the protocol Σ0, in which the key derivation phase is (deliberately) omitted, and security inaccuracies in the analysis and design of the Internet Key Exchange (IKE version 1) protocol, corrected in IKEv2. They do not endanger the practical use of IKEv1, since the security could be proved, at least, in the random oracle model. However, in the standard model, there is not yet any formal global security proof, but just separated analyses which do not fit together well. The first simplification is common in the theoretical security analysis of several key exchange protocols, whereas the key derivation phase is a crucial step for theoretical reasons, but also practical purpose, and requires careful analysis. The second problem is a gap between the recent theoretical analysis of HMAC as a good randomness extractor (functions keyed with public but random elements) and its practical use in IKEv1 (the key may not be totally random, because of the lack of clear authentication of the nonces).
    [Show full text]
  • <Document Title>
    TLS Specification for Storage Systems Version 2.0 ABSTRACT: This document specifies the requirements and guidance for use of the Transport Layer Security (TLS) protocol in conjunction with data storage technologies. The requirements are intended to facilitate secure interoperability of storage clients and servers as well as non-storage technologies that may have similar interoperability needs. This document was developed with the expectation that future versions of SMI-S and CDMI could leverage these requirements to ensure consistency between these standards as well as to more rapidly adjust the security functionality in these standards. This document has been released and approved by the SNIA. The SNIA believes that the ideas, methodologies and technologies described in this document accurately represent the SNIA goals and are appropriate for widespread distribution. Suggestions for revisions should be directed to https://www.snia.org/feedback/. SNIA Standard February 1, 2021 USAGE The SNIA hereby grants permission for individuals to use this document for personal use only, and for corporations and other business entities to use this document for internal use only (including internal copying, distribution, and display) provided that: 1. Any text, diagram, chart, table or definition reproduced shall be reproduced in its entirety with no alteration, and, 2. Any document, printed or electronic, in which material from this document (or any portion hereof) is reproduced shall acknowledge the SNIA copyright on that material, and shall credit the SNIA for granting permission for its reuse. Other than as explicitly provided above, you may not make any commercial use of this document, sell any or this entire document, or distribute this document to third parties.
    [Show full text]
  • Public-Key Generation with Verifiable Randomness
    Public-Key Generation with Verifiable Randomness Olivier Blazy1, Patrick Towa2;3, Damien Vergnaud4;5 1 Universite de Limoges 2 IBM Research – Zurich 3 DIENS, École Normale Supérieure, CNRS, PSL University, Paris, France 4 Sorbonne Université, CNRS, LIP6, F-75005 Paris, France 5 Institut Universitaire de France Abstract. We revisit the problem of proving that a user algorithm se- lected and correctly used a truly random seed in the generation of her cryptographic key. A first approach was proposed in 2002 by Juels and Guajardo for the validation of RSA secret keys. We present a new secu- rity model and general tools to efficiently prove that a private key was generated at random according to a prescribed process, without revealing any further information about the private key. We give a generic protocol for all key-generation algorithms based on probabilistic circuits and prove its security. We also propose a new pro- tocol for factoring-based cryptography that we prove secure in the afore- mentioned model. This latter relies on a new efficient zero-knowledge argument for the double discrete logarithm problem that achieves an ex- ponential improvement in communication complexity compared to the state of the art, and is of independent interest. 1 Introduction Cryptographic protocols are commonly designed under the assumption that the protocol parties have access to perfect (i.e., uniform) randomness. However, ran- dom sources used in practical implementations rarely meet this assumption and provide only a stream of bits with a certain “level of randomness”. The quality of the random numbers directly determines the security strength of the sys- tems that use them.
    [Show full text]
  • Biometric Based Cryptographic Key Generation from Faces
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Queensland University of Technology ePrints Archive Biometric Based Cryptographic Key Generation from Faces B. Chen and V. Chandran Queensland University of Technology, Brisbane, Qld 4001 AUSTRALIA [email protected], [email protected] Abstract result the compromise of one system leads to the compromise of many others. Existing asymmetric encryption algorithms require In recent years researchers have turned towards the storage of the secret private key. Stored keys are merging biometrics with cryptography as a means to often protected by poorly selected user passwords that improve overall security by eliminating the need for can either be guessed or obtained through brute force key storage using passwords. During the last decade attacks. This is a weak link in the overall encryption biometrics has become commonly used for identifying system and can potentially compromise the integrity of individuals. The success of its application in user sensitive data. Combining biometrics with authentication has indicated that many advantages cryptography is seen as a possible solution but any could be gained by incorporating biometrics with biometric cryptosystem must be able to overcome small cryptography. A biometric is an inherent physical or variations present between different acquisitions of the behavioural characteristic of an individual such as their same biometric in order to produce consistent keys. voice, face, fingerprint or keystroke dynamics. This paper discusses a new method which uses an Biometrics, in contrast to passwords, cannot be entropy based feature extraction process coupled with forgotten, are difficult to copy or forge, impossible to Reed-Solomon error correcting codes that can share and offer more security then a common eight generate deterministic bit-sequences from the output of character password.
    [Show full text]