breaking cryptosystems joshua langford university of texas at tyler fall 2007 advisor: dr. ramona...

14
Breaking Breaking Cryptosystems Cryptosystems Joshua Langford Joshua Langford University of Texas at Tyler University of Texas at Tyler Fall 2007 Fall 2007 Advisor: Dr. Ramona Ranalli Alger Advisor: Dr. Ramona Ranalli Alger

Upload: peregrine-waters

Post on 20-Jan-2018

212 views

Category:

Documents


0 download

DESCRIPTION

What Malice Can Do Attain any message passing through the network. Attain any message passing through the network. Be a legitimate user of the network. Be a legitimate user of the network. Become a receiver to any user. Become a receiver to any user. Send messages to any user by impersonating any other user. Send messages to any user by impersonating any other user.

TRANSCRIPT

Page 1: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Breaking Breaking CryptosystemsCryptosystems

Joshua LangfordJoshua LangfordUniversity of Texas at TylerUniversity of Texas at Tyler

Fall 2007Fall 2007Advisor: Dr. Ramona Ranalli AlgerAdvisor: Dr. Ramona Ranalli Alger

Page 2: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Users of the SystemUsers of the System

Bob and Bob and AliceAlice

MaliceMalice

Page 3: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

What Malice Can DoWhat Malice Can DoAttain any message passing through Attain any message passing through

the network.the network.Be a legitimate user of the network.Be a legitimate user of the network.Become a receiver to any user.Become a receiver to any user.Send messages to any user by Send messages to any user by

impersonating any other user.impersonating any other user.

Page 4: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

What Malice Cannot DoWhat Malice Cannot DoGuess a random number from lots of Guess a random number from lots of

numbers.numbers.Retrieve plaintext without the correct Retrieve plaintext without the correct

private key.private key.Have control of private computers.Have control of private computers.Find the private key matching a Find the private key matching a

given public key.given public key.

Page 5: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Some Standard AttacksSome Standard AttacksThe Message Replay AttackThe Message Replay Attack.Man-in-the-Middle Attack.There are many, many, many others.

Page 6: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

ProblemProblem It would be really nice if Malice didn’t It would be really nice if Malice didn’t

have to follow the rule that says he have to follow the rule that says he cannot find the private key matching cannot find the private key matching a given public key.a given public key.

Page 7: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

SolutionSolutionFind a way to Find a way to

break that rule. break that rule. So how do you So how do you

find the private find the private key if all you key if all you know is the know is the public key?public key?

Page 8: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

RSARSAPick two random prime numbers p

and q. Compute N = pq and

Φ(N) = (p - 1) (q - 1). Choose a random e є Z such that

0 < e < Φ(N) and gcd(e, Φ(N)) = 1. Compute the integer d such that

ed ≡ 1 mod Φ(N) and 0 < e < Φ(N).

Page 9: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

RSA ContinuedRSA ContinuedAlice gives Bob her public key, (N, e),

and keeps d as her private key. Bob converts his message text into

an integer 0 < m < N and encrypts it by computing c = m^e mod N and sends c to Alice.

Alice decrypts the message by computing m = c^d mod N.

Page 10: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Breaking RSABreaking RSAUse brute force to

find every possible factor of N to get p and q. But N is such But N is such a big number! In a big number! In order to facilitate his order to facilitate his laziness, he comes laziness, he comes up with a better way.up with a better way.

Page 11: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Breaking RSA ContinuedBreaking RSA ContinuedBecause p is multiplied by q, either p

= q and N = p 2 or p > q which means that 0 < p < √(N) rounded up. This means Malice only needs to try √(N) numbers.

Unfortunately, if N is really big, √(N) is also very big!

Page 12: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Breaking RSA ContinuedBreaking RSA ContinuedNotice he only needs to try the odd

numbers.Now Malice only needs to check

√(N) /2 numbers!

Page 13: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Cracking RSACracking RSA

p = 256,203,221 p = 256,203,221 q = 275,604,541q = 275,604,541 pq = pq =

70,610,771,126,426,561

Factor.exe

Page 14: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…

Why Does it Work?Why Does it Work?Today's RSA algorithms use primes that have Today's RSA algorithms use primes that have

upwards of 500 digits. Here is a 300 digit prime:upwards of 500 digits. Here is a 300 digit prime: 2039568783564019774057658669290345772820395687835640197740576586692903457728

0193993314348263094772646453283062722701939933143482630947726464532830627227012776329366160631440881733123728826770127763293661606314408817331237288267712387953870940015830656733832827915449123879538709400158306567338328279154499698366071906766440037074217117805690896983660719067664400370742171178056908727928481491120222863321448761833763267279284814911202228633214487618337632651208357482164793399296124991731983621512083574821647933992961249917319836219304274280243803104015000563790123 9304274280243803104015000563790123