Abstract
Security of many cryptographic protocols is conditioned by quality of the random elements generated in the course of the protocol execution. On the other hand, cryptographic devices implementing these protocols are designed given technical limitations, usability requirements and cost constraints. This frequently results in black box solutions. Unfortunately, the black box random number generators enable creating backdoors. So effectively the signing keys may be stolen, authentication protocol can be broken enabling impersonation, confidentiality of encrypted communication is not guaranteed anymore.
In this paper we deal with this problem. The solution proposed is a generation of random parameters such that: (a) the protocols are backwards compatible (a protocol participant gets additional data that can be ignored), (b) verification of randomness might be executed any time without any notice, so a device is forced to behave honestly, (c) the solution makes almost no change in the existing protocols and therefore is easy to implement, (d) the owner of a cryptographic device becomes secured against its designer and manufacturer that otherwise might be able to predict the output of the generator and break the protocol. We give a few application examples of this technique for standard schemes.
This research has been supported by the Polish National Science Centre, project HARMONIA, DEC-2013/08/M/ST6/00928.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
EAC and PACE are protocols of high importance for the security of biometric passports and electronic identity documents. EAC is a standardized authenticated key exchange protocol, which goal is to authenticate the identity document and the terminal against each other. PACE is a password authenticated key exchange protocol which secures the transmission between an identity document and the reader.
References
Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_28
Bender, J., Fischlin, M., Kügler, D.: The PACE|CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Cham (2013). doi:10.1007/978-3-319-03491-1_2
Bernstein, D.J., Chang, Y.-A., Cheng, C.-M., Chou, L.-P., Heninger, N., Lange, T., Someren, N.: Factoring RSA keys from certified smart cards: coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 341–360. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42045-0_18
Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Two-head dragon protocol: preventing cloning of signature keys. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 173–188. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25283-9_12
Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001)
BSI. Advanced Security Mechanisms for Machine Readable Travel Documents 2.11. Technische Richtlinie TR-03110-3 (2013)
Checkoway, S., Fredrikson, M., Niederhagen, R., Green, M., Lange, T., Ristenpart, T., Bernstein, D.J., Maskiewicz, J., Shacham, H.: On the practical exploitability of Dual EC DRBG in TLS implementations (2014)
Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_36
Gołȩbiewski, Z., Kutyłowski, M., Zagórski, F.: Stealing secrets with SSL/TLS and SSH – kleptographic attacks. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 191–202. Springer, Heidelberg (2006). doi:10.1007/11935070_13
Goyal, V., O’Neill, A., Rao, V.: Correlated-input secure hash functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 182–200. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19571-6_12
ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents. Technical report, 2014. version 1.1, April 2014
Itkis, G., Reyzin, L.: SiBIR: signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_32
Juels, A., Guajardo, J.: RSA key generation with verifiable randomness. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 357–374. Springer, Heidelberg (2002). doi:10.1007/3-540-45664-3_26
King, C.: Dual_EC_DRBG output using untrusted curve constants may be predictable (2013). http://www.kb.cert.org/vuls/id/274923
Kucner, D., Kutyłowski, M.: Stochastic kleptography detection. In: Alster, K., Urbanowicz, J., Williams, H.C. (eds.) Public-Key Cryptography and Computational Number Theory (Warsaw 2000), pp. 137–149. Walter de Gruyter Inc., Birmingham (2001)
Kutyłowski, M., Hanzlik, L., Kluczniak, K., Kubiak, P., Krzywiecki, Ł.: Forbidden city model – towards a practice relevant framework for designing cryptographic protocols. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 42–59. Springer, Cham (2014). doi:10.1007/978-3-319-06320-1_5
Nicolosi, A., Krohn, M.N., Dodis, Y., Mazières, D.: Proactive two-party signatures for user authentication. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2003, San Diego, California, USA. The Internet Society (2003)
NIST. Random Number Generation (2010)
Pfitzmann, B.: Digital Signature Schemes, General Framework and Fail-Stop Signatures, vol. 1100. Springer, Heidelberg (1996)
Shumow, D., Ferguson, N.: On the possibility of a back door in the NIST SP800-90 Dual EC PRNG. In: CRYPTO Rump Session Presentation (2007)
Wang, Y., Nicol, T.: Statistical properties of pseudo random sequences and experiments with PHP and Debian OpenSSL. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 454–471. Springer, Cham (2014). doi:10.1007/978-3-319-11203-9_26
Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 Debian OpenSSL vulnerability. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2009, pp. 15–27. ACM, New York (2009)
Young, A.L., Yung, M.: Malicious Cryptography - Exposing Cryptovirology. Wiley, Hoboken (2004)
Young, A.L., Yung, M.: A timing-resistant elliptic curve backdoor in RSA. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 427–441. Springer, Heidelberg (2008). doi:10.1007/978-3-540-79499-8_33
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hanzlik, L., Kluczniak, K., Kutyłowski, M. (2017). Controlled Randomness – A Defense Against Backdoors in Cryptographic Devices. In: Phan, RW., Yung, M. (eds) Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology. Mycrypt 2016. Lecture Notes in Computer Science(), vol 10311. Springer, Cham. https://doi.org/10.1007/978-3-319-61273-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-61273-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61272-0
Online ISBN: 978-3-319-61273-7
eBook Packages: Computer ScienceComputer Science (R0)