509 research outputs found
Simple backdoors to RSA key generation
We present extremely simple ways of embedding a backdoor in the key
generation scheme of RSA. Three of our schemes generate two
genuinely random primes and of a given size, to obtain their
public product . However they generate private/public
exponents pairs in such a way that appears very random while
allowing the author of the scheme to easily factor given only
the public information . Our last scheme, similar to the PAP
method of Young and Yung, but more secure, works for any public
exponent such as by revealing the factorization of
in its own representation. This suggests that nobody should
rely on RSA key generation schemes provided by a third party
Encryption Backdoors: A Discussion of Feasibility, Ethics, and the Future of Cryptography
In the age of technological advancement and the digitization of information, privacy seems to be all but an illusion. Encryption is supposed to be the white knight that keeps our information and communications safe from unwanted eyes, but how secure are the encryption algorithms that we use? Do we put too much trust in those that are charged with implementing our everyday encryption systems? This paper addresses the concept of backdoors in encryption: ways that encryption systems can be implemented so that the security can be bypassed by those that know about its existence. Many governments around the world are pushing for these kinds of bypassing mechanisms to exist so that they may utilize them. The paper discusses the ethical implications of these policies as well as how our current encryption algorithms will hold up to future technology such as quantum computers
An Internet-Wide Analysis of Diffie-Hellman Key Exchange and X.509 Certificates in TLS
Transport Layer Security (TLS) is a mature cryptographic protocol, but has flexibility during implementation which can introduce exploitable flaws. New vulnerabilities are routinely discovered that affect the security of TLS implementations.
We discovered that discrete logarithm implementations have poor parameter validation, and we mathematically constructed a deniable backdoor to exploit this flaw in the finite field Diffie-Hellman key exchange. We described attack vectors an attacker could use to position this backdoor, and outlined a man-in-the-middle attack that exploits the backdoor to force Diffie-Hellman use during the TLS connection.
We conducted an Internet-wide survey of ephemeral finite field Diffie-Hellman (DHE) across TLS and STARTTLS, finding hundreds of potentially backdoored DHE parameters and partially recovering the private DHE key in some cases. Disclosures were made to companies using these parameters, resulting in a public security advisory and discussions with the CTO of a billion-dollar company.
We conducted a second Internet-wide survey investigating X.509 certificate name mismatch errors, finding approximately 70 million websites invalidated by these errors and additionally discovering over 1000 websites made inaccessible due to a combination of forced HTTPS and mismatch errors. We determined that name mismatch errors occur largely due to certificate mismanagement by web hosting and content delivery network companies. Further research into TLS implementations is necessary to encourage the use of more secure parameters
Understanding the Use of Malware and Encryption
The main objective of this research project is understanding malware and encryption
Stealthy Opaque Predicates in Hardware -- Obfuscating Constant Expressions at Negligible Overhead
Opaque predicates are a well-established fundamental building block for
software obfuscation. Simplified, an opaque predicate implements an expression
that provides constant Boolean output, but appears to have dynamic behavior for
static analysis. Even though there has been extensive research regarding opaque
predicates in software, techniques for opaque predicates in hardware are barely
explored. In this work, we propose a novel technique to instantiate opaque
predicates in hardware, such that they (1) are resource-efficient, and (2) are
challenging to reverse engineer even with dynamic analysis capabilities. We
demonstrate the applicability of opaque predicates in hardware for both,
protection of intellectual property and obfuscation of cryptographic hardware
Trojans. Our results show that we are able to implement stealthy opaque
predicates in hardware with minimal overhead in area and no impact on latency
Silencing hardware backdoors.
Abstract-Hardware components can contain hidden backdoors, which can be enabled with catastrophic effects or for ill-gotten profit. These backdoors can be inserted by a malicious insider on the design team or a third-party IP provider. In this paper, we propose techniques that allow us to build trustworthy hardware systems from components designed by untrusted designers or procured from untrusted third-party IP providers. We present the first solution for disabling digital, designlevel hardware backdoors. The principle is that rather than try to discover the malicious logic in the design -an extremely hard problem -we make the backdoor design problem itself intractable to the attacker. The key idea is to scramble inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions. We show that the proposed techniques cover the attack space of deterministic, digital HDL backdoors, provide probabilistic security guarantees, and can be applied to a wide variety of hardware components. Our evaluation with the SPEC 2006 benchmarks shows negligible performance loss (less than 1% on average) and that our techniques can be integrated into contemporary microprocessor designs
How to Backdoor (Classic) McEliece and How to Guard Against Backdoors
We show how to backdoor the McEliece cryptosystem such that a backdoored public key is indistinguishable from a usual public key, but allows to efficiently retrieve the underlying secret key.
For good cryptographic reasons, McEliece uses a small random seed that generates via some pseudo random generator (PRG) the randomness that determines the secret key. Our backdoor mechanism works by encoding an encryption of into the public key. Retrieving then allows to efficiently recover the (backdoored) secret key. Interestingly, McEliece can be used itself to encrypt , thereby protecting our backdoor mechanism with strong post-quantum security guarantees.
Our construction also works for the current Classic McEliece NIST standard proposal for non-compressed secret keys, and therefore opens the door for widespread maliciously backdoored implementations.
Fortunately, our backdoor mechanism can be detected by the owner of the (backdoored) secret key if is stored after key generation as specified by the Classic McEliece proposal. Thus, our results provide strong advice for implementers to store inside the secret key and use to guard against backdoor mechanisms
Kleptographic (algorithmic) backdoors in the RSA key generator
Π Π°ΡΡΠΌΠΎΡΡΠ΅Π½Ρ ΠΎΡΠ½ΠΎΠ²Π½ΡΠ΅ Π²ΠΈΠ΄Ρ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΈΡΠ΅ΡΠΊΠΈΡ
Π·Π°ΠΊΠ»Π°Π΄ΠΎΠΊ. ΠΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½ ΡΠΏΠΎΡΠΎΠ± ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ Π°ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΡΡ
ΠΊΠ»Π΅ΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
Π·Π°ΠΊΠ»Π°Π΄ΠΎΠΊ Π² Π³Π΅Π½Π΅ΡΠ°ΡΠΎΡΠ΅ ΠΊΠ»ΡΡΠ΅ΠΉ RSA, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠΈΠΉ Π²Π»Π°Π΄Π΅Π»ΡΡΡ ΠΊΠ»ΡΡΠ° Π·Π°ΠΊΠ»Π°Π΄ΠΊΠΈ (ΡΠ°Π·ΡΠ°Π±ΠΎΡΡΠΈΠΊΡ ΠΈΠ»ΠΈ Π°Π²ΡΠΎΡΠΈΠ·ΠΎΠ²Π°Π½Π½ΠΎΠΉ ΡΠΏΠ΅ΡΡΠ»ΡΠΆΠ±Π΅) ΠΏΠΎΠ»ΡΡΠ°ΡΡ Π΄ΠΎΡΡΡΠΏ ΠΊ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΡΠΊΠΎΠΌΡ ΠΊΠ»ΡΡΡ, ΡΠ³Π΅Π½Π΅ΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΌΡ ΠΈΠ½ΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΡΠΌ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠΌ. Π‘ΡΠΎΡΠΌΡΠ»ΠΈΡΠΎΠ²Π°Π½Ρ ΡΠ΅ΠΎΡΠ΅ΠΌΡ, ΠΈΠ»Π»ΡΡΡΡΠΈΡΡΡΡΠΈΠ΅ ΡΠ°Π±ΠΎΡΠΎΡΠΏΠΎΡΠΎΠ±Π½ΠΎΡΡΡ ΠΎΠΏΠΈΡΠ°Π½Π½ΡΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ², ΠΎΡΠ΅Π½Π΅Π½Π° Π²ΡΡΠΈΡΠ»ΠΈΡΠ΅Π»ΡΠ½Π°Ρ ΡΠ»ΠΎΠΆΠ½ΠΎΡΡΡ ΡΡΠΈΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ². ΠΡΠΎΠ΄Π΅ΠΌΠΎΠ½ΡΡΡΠΈΡΠΎΠ²Π°Π½Π° ΡΡΠΎΠΉΠΊΠΎΡΡΡ ΠΏΠΎΡΡΡΠΎΠ΅Π½Π½ΡΡ
Π·Π°ΠΊΠ»Π°Π΄ΠΎΠΊ ΠΊ Π½Π΅ΠΊΠΎΡΠΎΡΡΠΌ ΠΊΠ»Π°ΡΡΠ°ΠΌ Π°ΡΠ°ΠΊ Π΄Π°ΠΆΠ΅ ΠΏΡΠΈ ΡΡΠ»ΠΎΠ²ΠΈΠΈ, ΡΡΠΎ ΠΏΡΠΎΡΠΈΠ²Π½ΠΈΠΊ Π·Π½Π°Π΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΡΠ΅ ΠΌΠ΅ΡΠΎΠ΄Ρ ΠΈ ΠΈΠΌΠ΅Π΅Ρ Π΄ΠΎΡΡΡΠΏ ΠΊ ΠΈΡΡ
ΠΎΠ΄Π½ΠΎΠΌΡ ΠΊΠΎΠ΄Ρ ΠΊΠ»ΡΡΠ΅Π²ΠΎΠ³ΠΎ Π³Π΅Π½Π΅ΡΠ°ΡΠΎΡΠ°
- β¦