RSA, PKC and Crypto Failures Key Management Flashcards
1
Q
Cryptographic failures + 3 weaknesses
A
- number 2 highest vulnerability
- weaknesses:
1. Hard coded password
2. Broken or risky crypto algo
3. Insufficient entropy => weak random number generation
2
Q
Cryptography desired properties(3)
A
- Strong Crypto Algo to protect data
- Secure Hash Functions: Digital Signatures and ensuring data integrity
- Strong RNG: generate unbiased random keys
3
Q
Crypto Algorithms overview
A
- Strong Crypto Algo(private key cryptosystem) eg. AES
- Strong Crypto Algo(public key cryptosystem) eg. RSA
- Keys used: generated from crypto secure RNG like ISAAC, FORTUNA
- Protocol for message sending robust, no leakage, no weakened entropy
4
Q
Private Symmetric Key crypto + 3-ves + Solution
A
- same key by sender(encrypt) and receiver(decrypt) respectively
-ve:
1. New Key Agreement
2. Key management, storage, life cycle
3. How to send encrypted message to unknown person: basis of ecommerce
Sol: Public key crypto
5
Q
Public Key crypto
A
- different keys for encryption(public key) and decryption(private key)
- from sender to receiver:
a)Encrypting: public key of receiver & private key of sender
b)Decrypting: private key of receiver & public key of sender
-ensures authenticity and confidentiality - public private keys inverse operations of each other
6
Q
Writing to party known to you by name + 2-ve + Solution
A
- set up binding between name and public key, need A to get authentic copy of B public key
- can use same key with all parties you want to receive encrypted messages from
-ve:
1. not always easier than getting shared secret key
2. server may be compromised and data tampered OR insecure channel modified in transit
Sol: Protection through symmetric and asymmetric key cryptography
7
Q
Protection: Symmetric Cryptography(1)
A
Message Authentication Codes(MAC)
8
Q
MAC, Message Authentication Codes
A
- Sender and receiver share secret key k
- Compute MAC h(m,k) from message m, secret key k and hash h
- Receiver needs secret key used by sender to compute MAC
- Compare MAC received and MAC computed to check they match
- third party does not know this key, cannot validate MAC
9
Q
Protection: Asymmetric/ Public key Cryptography
A
Digital Signatures
10
Q
Digital Signature
A
- two keys: Public verification key and Private Signature key
1. Signature on document d computed with private key
2. Public key verifies signature on d, identifying document repo
3. Private key inserts document d into repo - signature: tag on d proving d belongs in repo
- no signer and verifier
- cryptographic mechanism associating documents with public keys
11
Q
MAC VS Digital Signature: 1 Similarity, 1 Difference
A
- Similarity: Both authentication mechanisms
- Difference: MAC verification needs secret to compute MAC, unsuitable as evidence with third party as they need the secret and cannot distinguish parties that know and do not know secret
Digital signature can be used as evidence with third party
12
Q
Crypto advice
A
- DO NOT trust vendors
- Always verify algo used if you purchased their products
- Verify RNG used produces truly/close to random bits, test randomness with NIST suite
-use your own RNG: FORTUNA, ISAAC
13
Q
SSL/TLS Protocol
A
- Client informs Server of algos
- Server chooses strongest algo and hash offered by Client
- Exchange info leading to establishment of common key, enable secure communication
14
Q
2 Types of Crypto Algorithms
A
- Private Key(Symmetric) eg. AES
-index number is key length
- strength depends on:
i) Algo Design
ii) Keys generated, quality of RNG
iii) Key Length
iv) Secure implementation - Public Key(Asymmetric) eg. RSA(1024,2048)
- RSA 829 cracked
-security based on difficulty factoring large numbers
- RSA public parameter N is product of two k bit prime numbers that are independently generated with good RNG
a) Generate Large random odd number and find nearest prime p to it
b) Generate another large random odd number and find nearest prime to it
c) N=p x q
-certain parameters are weak
15
Q
Weak RSA parameters(6)
A
- broken easily without need to factor large number N
1 Size Primes p & q <= 512 bits
2. p & q NOT independently generated
3. p & q NOT randomly generated by crypto secure RNG
4. Decryption key d <= [N^0.25]/3, short d
5. p-1: product of only small prime factors
6. Same N for users in same company