randomness
play

Randomness Some content taken from Silence on the Wire by Michal - PowerPoint PPT Presentation

Randomness Some content taken from Silence on the Wire by Michal Zalewski Todays Agenda Randomness in Private Key Generation Randomness in Election (fraud) Randomness in Coin Flipping What is random? Chosen without method


  1. Randomness Some content taken from “Silence on the Wire” by Michal Zalewski

  2. Today’s Agenda • Randomness in Private Key Generation • Randomness in Election (fraud) • Randomness in Coin Flipping

  3. What is random? • Chosen without method

  4. Random beacons • Atmospheric noise • random.org • Radioactive Decay • http://www.fourmilab.ch/hotbits/ • Lava lamps • Cloudflare • Thunderstorms • Seismic data in earthquake-prone areas

  5. Pseudorandom vs. random Characteristics Psuedorandom Random Efficiency Excellent Poor Determinism Deterministic Nondeterministic Periodicity Periodic Aperiodic https://www.random.org/randomness/

  6. How computers use randomness • Blinky lights • Quicksort • Computer games • Cryptographic keys

  7. Randomness in Private Key Generation • Applied cryptography relies on randomness in key generation. • Lack of randomness —> somebody else can guess your private key

  8. P seudo r andom N umber G eneration • Pick a (random) seed • Algorithmically pick the next number.

  9. Netscape PRNG global variable seed; RNG_CreateContext() (seconds, microseconds) = time of day; /* Time elapsed since 1970 */ pid = process ID; ppid = parent process ID; a = mklcpr(microseconds); b = mklcpr(pid + seconds + (ppid << 12)); seed = MD5(a, b); RNG_GenerateRandomBytes() x = MD5(seed); seed = seed + 1; return x;

  10. Netscape’s Crypto Issues • 40 bit keys • seeded PRNG with time • can get process info with ps

  11. Feeding /dev/urandom • There can be no general method for determining an outcome of any computer procedure or algorithm in a finite time. • paraphrasing of Alan Turing

  12. Feeding /dev/urandom

  13. Feeding /dev/urandom • Entropy from running a computer enters the entropy pool • Process reads from that pool

  14. Using randomness to create keys • Algorithms for creating prime number candidates (pseudoprimes) • Algorithms for detecting if a number could be prime quickly (verify pseudoprimes)

  15. DJB quoting Mark Twain • Behold, the fool saith, "Put not all thine eggs in the one basket"—which is but a manner of saying, "Scatter your money and your attention;" but the wise man saith, "Put all your eggs in the one basket and—WATCH THAT BASKET." • http://blog.cr.yp.to/20140205-entropy.html

  16. Weak Keys (2008) • At least 5.23% of TLS hosts use default keys • 0.75% of TLS certificates share keys (bad entropy in key gen) • 1.70% come from the same faulty implementations (susceptible to compromise) • Obtained RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts (shared p or q) • Vast majority found in embedded systems

  17. RSA: Recall from last class • Choose two large, distinct prime numbers p, q . • Compute the modulus n=pq • φ (n) = φ (p) ×φ (q) = (p − 1) × (q − 1) • φ (n): Number of integers less than n that aren’t coprime • coprime: x,y are coprime if the only common factor they have is 1. • Pick a number, e, such that e< φ (n) and e, φ (n) are coprime. • Determine d such that de ≡ 1 (mod φ (n)) • Public key is (n,e). Private key is (n,d).

  18. How did they factor? • Pairwise GCD of all distinct RSA moduli • N1=p1*q1, N2=p2*q2 • If no factors are common, than GCD(N1,N2)=1 • Otherwise, if p1=p2, then GCP(N1, N2)=p1 • 5.5 hours for over 11 million RSA keys

  19. Commonly Repeated Keys

  20. Visualizing RSA Common Factors

  21. Generating Keys from Boot

  22. 2009 Iranian Election • Mahmoud Ahmadinejad ran against three others • 85% turnout • Mahmoud Ahmadinejad “won” with 64% of the vote • Caused massive protests “Green Revolution”

  23. Benford's Law

  24. Methodology • Look at election results • Ask NYU undergrads to make up numbers • Compare least significant digits

  25. Runs Test • A sequence with n heads and m tails • A run is a sequence of coin flips with the same side • 11000100010000101110111101001000101110111

  26. Runs Test • Given a sequence of n heads; m tails; R runs • E(R) = (2nm / (n+m)) + 1 • V(R) = ( 2nm(2nm – n – m )) / ((n + m) 2 (n + m – 1)) • Z score: (x - E(R)) / √ (V(R))

Recommend


More recommend