Cryptography CS 555 Topic 31 RSA Attacks Fixes
- Slides: 24
Cryptography CS 555 Topic 31: RSA Attacks + Fixes 1
Recap • CPA/CCA Security for Public Key Crypto • Key Encapsulation Mechanism • El-Gamal 2
Recap • 3
Recap RSA-Assumption • 4
(Review) Attacks on Plain RSA • We have not introduced security models like CPA-Security or CCA-security for Public Key Cryptosystems • However, notice that (Plain) RSA Encryption is stateless and deterministic. Plain RSA is not secure against chosen-plaintext attacks • Plain RSA is also highly vulnerable to chosen-ciphertext attacks • • Attacker intercepts ciphertext c of secret message m Attacker generates ciphertext c’ for secret message 2 m Attacker asks for decryption of c’ to obtain 2 m Divide by 2 to recover original message m 5
(Plain) RSA Discussion • However, notice that (Plain) RSA Encryption is stateless and deterministic. Plain RSA is not secure against chosen-plaintext attacks • In a public key setting the attacker does have access to an encryption oracle • Encrypted messages with low entropy are vulnerable to a brute-force attack. • If m < B then attacker can recover m after at most B queries to encryption oracle (using public key) 6
Recovering Encrypted Message faster than Brute-Force • 7
Recovering Encrypted Message faster than Brute-Force • 8
More Weaknesses: Plain RSA with small e • 9
More Attacks: Encrypting Related Messages • 10
More Attacks: Encrypting Related Messages • 11
Sending the Same Message to Multiple Receivers • 12
Sending the Same Message to Multiple Receivers • 13
Apply GCD to Pairs of RSA Moduli? • 14
Dependent Keys Part 1 • 15
Dependent Keys Part 2 • 16
Dependent Keys Part 2 • 17
RSA-OAEP (Optimal Asymmetric Encryption Padding) • 18
RSA-OAEP (Optimal Asymmetric Encryption Padding) Theorem: If we model G and H as Random oracles then RSA-OAEP is a CCA-Secure public key encryption scheme. Bonus: One of the fastest in practice! 19
PKCS #1 v 2. 0 • Implementation of RSA-OAEP • James Manger found a chosen-ciphertext attack. • What gives? 20
PKCS #1 v 2. 0 (Bad Implementation) • 21
PKCS #1 v 2. 0 (Attack) • 22
Another Side Channel Attack on RSA • 23
Next Class: Digital Signatures Part 1 • Read Katz and Lindell: 12. 1 -12. 3 24
- Timing attacks on rsa
- Rsa algorithm in cryptography and network security
- Fixes arzneimittelexanthem
- Ies veles e vents
- Mr spuffington fixes it himself
- Clincher in writing
- What are the steps in narrowing down research topic
- Rendered insecure: gpu side channel attacks are practical
- Cryptographic attacks
- Attacks on tls
- Model stealing attacks
- Types of phishing attacks
- Untargeted cyber attacks
- Attacks on bilingualism represent an ethnocentric
- Zero-day attacks
- Row buffer denial of service
- What is an attacker goal in hijacking attacks
- Attacks by neighboring communities
- Hijacking attacks
- Dns spoofing
- Triple des attack
- Scone: secure linux containers with intel sgx
- Attacks from all sides
- A single countermeasure is sufficient for sqli attacks
- Lest we remember: cold boot attacks on encryption keys