RSA, PKC and Crypto Failures Key Management

Question 1

Cryptographic failures + 3 weaknesses

Answer 1

• number 2 highest vulnerability
• weaknesses:
  1. Hard coded password
  2. Broken or risky crypto algo
  3. Insufficient entropy => weak random number generation

Question 2

Cryptography desired properties(3)

Answer 2

1. Strong Crypto Algo to protect data
2. Secure Hash Functions: Digital Signatures and ensuring data integrity
3. Strong RNG: generate unbiased random keys

Question 3

Crypto Algorithms overview

Answer 3

• Strong Crypto Algo(private key cryptosystem) eg. AES
• Strong Crypto Algo(public key cryptosystem) eg. RSA
• Keys used: generated from crypto secure RNG like ISAAC, FORTUNA
• Protocol for message sending robust, no leakage, no weakened entropy

Question 4

Private Symmetric Key crypto + 3-ves + Solution

Answer 4

• same key by sender(encrypt) and receiver(decrypt) respectively
  -ve:
  1. New Key Agreement
  2. Key management, storage, life cycle
  3. How to send encrypted message to unknown person: basis of ecommerce
  Sol: Public key crypto

Question 5

Public Key crypto

Answer 5

• different keys for encryption(public key) and decryption(private key)
• from sender to receiver:
  a)Encrypting: public key of receiver & private key of sender
  b)Decrypting: private key of receiver & public key of sender
  -ensures authenticity and confidentiality
• public private keys inverse operations of each other

Question 6

Writing to party known to you by name + 2-ve + Solution

Answer 6

• set up binding between name and public key, need A to get authentic copy of B public key
• can use same key with all parties you want to receive encrypted messages from
  -ve:
  1. not always easier than getting shared secret key
  2. server may be compromised and data tampered OR insecure channel modified in transit
  Sol: Protection through symmetric and asymmetric key cryptography

Question 7

Protection: Symmetric Cryptography(1)

Answer 7

Message Authentication Codes(MAC)

Question 8

MAC, Message Authentication Codes

Answer 8

1. Sender and receiver share secret key k
2. Compute MAC h(m,k) from message m, secret key k and hash h
3. Receiver needs secret key used by sender to compute MAC
4. Compare MAC received and MAC computed to check they match
   - third party does not know this key, cannot validate MAC

Question 9

Protection: Asymmetric/ Public key Cryptography

Answer 9

Digital Signatures

Question 10

Digital Signature

Answer 10

• two keys: Public verification key and Private Signature key
  1. Signature on document d computed with private key
  2. Public key verifies signature on d, identifying document repo
  3. Private key inserts document d into repo
• signature: tag on d proving d belongs in repo
• no signer and verifier
• cryptographic mechanism associating documents with public keys

Question 11

MAC VS Digital Signature: 1 Similarity, 1 Difference

Answer 11

• Similarity: Both authentication mechanisms
• Difference: MAC verification needs secret to compute MAC, unsuitable as evidence with third party as they need the secret and cannot distinguish parties that know and do not know secret
  Digital signature can be used as evidence with third party

Question 12

Crypto advice

Answer 12

• DO NOT trust vendors
• Always verify algo used if you purchased their products
• Verify RNG used produces truly/close to random bits, test randomness with NIST suite
  -use your own RNG: FORTUNA, ISAAC

Question 13

SSL/TLS Protocol

Answer 13

1. Client informs Server of algos
2. Server chooses strongest algo and hash offered by Client
3. Exchange info leading to establishment of common key, enable secure communication

Question 14

2 Types of Crypto Algorithms

Answer 14

1. Private Key(Symmetric) eg. AES
   -index number is key length
   - strength depends on:
   i) Algo Design
   ii) Keys generated, quality of RNG
   iii) Key Length
   iv) Secure implementation
2. Public Key(Asymmetric) eg. RSA(1024,2048)
   - RSA 829 cracked
   -security based on difficulty factoring large numbers
   - RSA public parameter N is product of two k bit prime numbers that are independently generated with good RNG
   a) Generate Large random odd number and find nearest prime p to it
   b) Generate another large random odd number and find nearest prime to it
   c) N=p x q
   -certain parameters are weak

Question 15

Weak RSA parameters(6)

Answer 15

• broken easily without need to factor large number N
  1 Size Primes p & q <= 512 bits
  2. p & q NOT independently generated
  3. p & q NOT randomly generated by crypto secure RNG
  4. Decryption key d <= [N^0.25]/3, short d
  5. p-1: product of only small prime factors
  6. Same N for users in same company