Measuring and Securing Cryptographic Deployments

Measuring and Securing Cryptographic Deployments

University of Pennsylvania ScholarlyCommons Publicly Accessible Penn Dissertations 2019 Measuring And Securing Cryptographic Deployments Luke Taylor Valenta University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/edissertations Part of the Computer Sciences Commons Recommended Citation Valenta, Luke Taylor, "Measuring And Securing Cryptographic Deployments" (2019). Publicly Accessible Penn Dissertations. 3507. https://repository.upenn.edu/edissertations/3507 This paper is posted at ScholarlyCommons. https://repository.upenn.edu/edissertations/3507 For more information, please contact [email protected]. Measuring And Securing Cryptographic Deployments Abstract This dissertation examines security vulnerabilities that arise due to communication failures and incentive mismatches along the path from cryptographic algorithm design to eventual deployment. I present six case studies demonstrating vulnerabilities in real-world cryptographic deployments. I also provide a framework with which to analyze the root cause of cryptographic vulnerabilities by characterizing them as failures in four key stages of the deployment process: algorithm design and cryptanalysis, standardization, implementation, and endpoint deployment. Each stage of this process is error-prone and influenced by various external factors, the incentives of which are not always aligned with security. I validate the framework by applying it to the six presented case studies, tracing each vulnerability back to communication failures or incentive mismatches in the deployment process. To curate these case studies, I develop novel techniques to measure both existing and new cryptographic attacks, and demonstrate the widespread impact of these attacks on real-world systems through measurement and cryptanalysis. While I do not claim that all cryptographic vulnerabilities can be described with this framework, I present a non-trivial (in fact substantial) number of case studies demonstrating that this framework characterizes the root cause of failures in a diverse set of cryptographic deployments. Degree Type Dissertation Degree Name Doctor of Philosophy (PhD) Graduate Group Computer and Information Science First Advisor Nadia A. Heninger Keywords Cryptography, Diffie-Hellman, Elliptic curves, Internet scanning, TLS Subject Categories Computer Sciences This dissertation is available at ScholarlyCommons: https://repository.upenn.edu/edissertations/3507 MEASURING AND SECURING CRYPTOGRAPHIC DEPLOYMENTS Luke Valenta A DISSERTATION in Computer and Information Science Presented to the Faculties of the University of Pennsylvania in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy 2019 Supervisor of Dissertation Nadia Heninger, Adjunct Associate Professor of Computer and Information Science Graduate Group Chairperson Rajeev Alur, Zisman Family Professor and Computer and Information Science Graduate Group Chair Dissertation Committee Jonathan M. Smith, Professor of Computer and Information Science Matthew A. Blaze, Adjunct Professor of Computer and Information Science Boon Thau Loo, Professor of Computer and Information Science Matthew D. Green, Associate Professor at the Johns Hopkins Information Security Institute ACKNOWLEDGEMENT One page is not enough room to list all of the collaborators, mentors, staff, classmates, and friends to which I am grateful for making the last five years so enjoyable, enlightening, and interesting. I am especially grateful to those below: Nadia Heninger, not only for her valuable guidance and support, but for the adventures| from acro yoga in the park to parties on pirate ships|that made this journey unforgettable. Prof. Smith, for always being there to provide wisdom and advice, and working tirelessly to help others. Prof. Loo, for his encouragement and enthusiastic support throughout my graduate school career. Prof. Blaze, who is always willing to share his vast knowledge and experience. Prof. Green, for his insight, thoughtfulness, willingness to collaborate, and exceptional ability to spark research ideas. Brandi Adams, for convincing me to give research a try, and David Levin for helping me to discover the joys of research. Nick Roessler, for all of the thought-provoking conversations, board game nights, and Philly adventures we've shared over these past five years. I couldn't ask for a better friend, roommate, and juggling partner. Marcella Hastings, for being an amazing labmate, travel companion, and all around one of the most fun and personable people I know. Shaanan Cohney, who is a genuine and truly wonderful friend, always willing to loop me in as a co-conspirator in mischief. Rafi Ruben, for patiently teaching me everything I know about sysadmining, and for always being willing to drop everything to help a friend. My parents, Van and Claudia, for reading my papers despite claiming they \didn't under- stand a word," and for never failing to provide me with advice and love when I need it. My siblings, Sarah, Stephen, David, Lydia, Peter, and Abigail, who have inspired me with their own accomplishments and continue to be some of my best friends in the world. Finally, I am grateful to Nicole for her continuous love and support, and for giving me so many reasons to be excited about my next chapter in life. ii ABSTRACT MEASURING AND SECURING CRYPTOGRAPHIC DEPLOYMENTS Luke Valenta Nadia Heninger This dissertation examines security vulnerabilities that arise due to communication failures and incentive mismatches along the path from cryptographic algorithm design to eventual deployment. I present six case studies demonstrating vulnerabilities in real-world crypto- graphic deployments. I also provide a framework with which to analyze the root cause of cryptographic vulnerabilities by characterizing them as failures in four key stages of the deployment process: algorithm design and cryptanalysis, standardization, implementation, and endpoint deployment. Each stage of this process is error-prone and influenced by vari- ous external factors, the incentives of which are not always aligned with security. I validate the framework by applying it to the six presented case studies, tracing each vulnerability back to communication failures or incentive mismatches in the deployment process. To curate these case studies, I develop novel techniques to measure both existing and new cryptographic attacks, and demonstrate the widespread impact of these attacks on real- world systems through measurement and cryptanalysis. While I do not claim that all cryptographic vulnerabilities can be described with this framework, I present a non-trivial (in fact substantial) number of case studies demonstrating that this framework characterizes the root cause of failures in a diverse set of cryptographic deployments. iii TABLE OF CONTENTS ACKNOWLEDGEMENT . ii ABSTRACT . iii LIST OF TABLES . vii LIST OF ILLUSTRATIONS . xv CHAPTER 1 : Introduction . 1 1.1 A framework for analyzing failures in cryptographic deployments . 1 1.2 Case studies . 6 CHAPTER 2 : Measuring finite field Diffie-Hellman . 18 2.1 Introduction . 18 2.2 Background . 21 2.3 TLS . 28 2.4 IPsec . 38 2.5 SSH . 45 2.6 Factoring Group Orders of Non-Safe Primes . 48 2.7 Discussion . 49 CHAPTER 3 : Measuring elliptic curve Diffie-Hellman . 55 3.1 Introduction . 55 3.2 Preliminaries . 58 3.3 Related Work . 67 3.4 Elliptic Curve Measurements . 68 3.5 CurveSwap Attack . 74 3.6 Vulnerability Measurements . 77 iv 3.7 Source Code Analysis . 82 3.8 Discussion . 84 3.A Invalid Curve and Twist Points . 85 3.B Extended Scans on Multiple Ports . 86 CHAPTER 4 : Side-channel attack against Curve25519 . 88 4.1 Introduction . 88 4.2 Preliminaries . 97 4.3 Cryptanalysis . 105 4.4 Experimental Results . 110 4.5 Software Countermeasures . 117 4.6 Conclusion . 120 CHAPTER 5 : 512-bit RSA in the wild . 121 5.1 Introduction . 121 5.2 Background . 123 5.3 Implementation . 127 5.4 Experiments . 129 5.5 512-bit keys still in use . 134 5.6 Conclusions . 142 CHAPTER 6 : Logjam attack and measurements . 143 6.1 Introduction . 143 6.2 Diffie-Hellman Cryptanalysis . 145 6.3 Attacking TLS . 149 6.4 State-Level Threats to DH . 160 6.5 Recommendations . 173 6.6 Disclosure and Response . 174 6.7 Conclusion . 175 v CHAPTER 7 : DROWN attack and measurements . 176 7.1 Introduction . 176 7.2 Background . 179 7.3 Breaking TLS with SSLv2 . 185 7.4 General DROWN . 191 7.5 Special DROWN . 197 7.6 Measurements . 201 7.7 Signature forgery attacks and QUIC . 204 7.8 Related work . 206 7.9 Discussion . 208 7.A Public key reuse . 212 7.B Adaptations to Bleichenbacher's attack . 212 7.C Highly optimized GPU implementation . 220 7.D Amazon EC2 evaluation . 223 7.E A brief history of obsolete cryptography . 224 CHAPTER 8 : Conclusion . 226 8.1 Takeaways . 226 8.2 Summary of Impact . 228 BIBLIOGRAPHY . 230 vi LIST OF TABLES TABLE 1 : Characterizing cryptographic attacks|Attacks against cryp- tographic deployments can be traced back to a mistake, misunder- standing, or incentive mismatch in the deployment process. 7 TABLE 2 : Common application behavior|Applications make a diverse set of decisions on how to handle Diffie-Hellman exponents, likely due to the plethora of conflicting, confusing, and incorrect recommenda- tions available. 28 TABLE 3 : TLS library behavior|We examined popular TLS libraries to determine which weaknesses from Section 2.2.6 were present. Reuse of exponents often depends on the use of the library; the burden is on the application developer to appropriately regenerate

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    273 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us