entropy as a service
play

Entropy as a Service Unlocking the full potential of cryptography - PowerPoint PPT Presentation

May 01, 2023 •29 likes •199 views

Entropy as a Service Unlocking the full potential of cryptography Apostol Vassilev Robert Staples STVM/CSD/NIST A perspective: cryptography evolves very fast to provide security in cyberspace Emerging crypto technologies - lightweight crypto

  1. Entropy as a Service Unlocking the full potential of cryptography Apostol Vassilev Robert Staples STVM/CSD/NIST

  2. A perspective: cryptography evolves very fast to provide security in cyberspace Emerging crypto technologies - lightweight crypto - lighter versions of legacy protocols - tinyDTLS, lightweight DTLS - post-quantum cryptography New crypto is cool but have we solved all known problems with conventional crypto?

  3. • In modern cryptography the algorithms are well-known • Security depends largely on the secrecy of the keys • Cryptographic keys must be (nearly) impossible to guess • Key generation and key management govern the strength and security of keys • Key generation is strongly dependent on entropy Courtesy of XKCD

  4. The big question Where are the keys coming from?

  5. Real World Examples 2013 • Factoring RSA keys from certified smart cards (Coppersmith in the wild) , • Bernstein, Chang, Cheng, Chou, Heninger, Lange, van Someren Problem: Low-quality hardware RNG, stuck in a short cycle: • 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 etc. Likely reasons for using this weak design : cost of high-quality hardware, the cost of licensing patents 5

  6. Real World Examples 2012 • Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices (Heninger, Durumeric, Wustrow, Halderman) Scanned 28 Mil TLS and 23 Mil SSH hosts on the Internet • - 0.75% of TLS certificates share keys - due to insufficient entropy during key generation - another 1.70% come from same faulty implementations • - able to obtain RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts • - public keys shared nontrivial common factors due to entropy problems • - able to obtain DSA private keys for 1.03% of SSH hosts - due to insufficient signature randomness 6

  7. Real World Examples 2016 • The Linux kernel dissected - four sources of kernel entropy: • • Device • • Input • • Interrupt • • Disk Strong demand for entropy through /dev/urandom (non-blocking) • “minimal” (no GUI) • Ubuntu Server • v14.04.3 64-bit w/ • Kernel v4.2.3 7

  8. Testing randomness is hard • Using a finite set of statistical tests on data samples can lead to misleading results – EXAMPLE: expand a well-known irrational number, e.g. π , and test the output bit sequence for randomness. Chances are, it will be reported as random. Using the statistical test approach makes it hard to automate the estimation of entropy – automation is critically important for the new CMVP NIST 8

  9. Our approach High-Quality entropy from a provably good source • How about delivering high-entropy random data from a provably good source to needy clients? • Public service providing high-entropy random data for use in cryptography - Entropy as a Service (EaaS) – - delivers entropy securely (no one can see) upon request from clients – - clients seed DRBG’s after mixing EaaS random data with local random data – - clients use the DRBG output to generate local keys independently from EaaS 9

  10. Our solution is • NOT a key generation service – - cryptographic keys are generated locally on the client using DRBG’s – - clients DRBG’s are seeded with random data resulting from mixing several independent sources, including local random data – - even if an attacker gains full control of one server, he/she will have no possibility of gaining meaningful insights into the clients’ keys • NOT similar to the NIST beacon – - EaaS does NOT record any incoming or outgoing record – - EaaS does NOT record any internally generated random data 10

  11. Our solution is 11

  12. A protocol sketch Client EaaS HTTP GET (w/ own public key and the number of requested random bytes) • • <response> • <entropy> • encrypted base64-encoded random blob • </entropy> • <timestamp></timestamp> • <dsig></dsig> • </response> 12

  13. Potential attacks and defenses • Attacks mitigated by protocol features and provisioning – - Message replay – - Man-In-The-Middle – - DNS poisoning 13

  14. Potential attacks and defenses • Attacks mitigated by mixing data from multiple EaaS instances – - Honest-but-curious EaaS instance – - Dishonest but non-colluding EaaS instances – - Dishonest and colluding EaaS instances 14

  15. Status and next steps Linux Kernel Entropy Revisited: • uses EaaS client to request random bits from EaaS server and seeds the image pool • C program, using the “RNDADDENTROPY” ioctl to add the entropy. 15

  16. Status and next steps • See project page at : http://csrc.nist.gov/projects/eaas/ – Functional prototype implemented • - demonstrated in September at the CIF 2015 in Washington, DC – Planning to stand-up a publicly accessible NIST EaaS in Q2, 2016 • - publish server and client sample code on GitHub – - allow people to look, enhance, adopt as they please – Conceive a public criteria for reputable EaaS hosts 16

  17. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) &gt;= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S) Entropy is o8en related to disorder but not strictly correct Entropy is a measure

351 views • 8 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

81 views • 4 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically - defined thermodynamic quantity that helps to account for the flow of energy through a thermodynamic process. 2 What is

467 views • 13 slides
E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION Entropy measures exponential complexity in a topological dynamical system: topological entropy very crude, entropy function on invariant

556 views • 23 slides
Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute of Communication Engineering National Taipei University Chapter Outline Chap. 2 Entropy, Relative Entropy, and Mutual Information 2.1 Entropy 2.2

752 views • 51 slides
ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF CHEMISTRY AND BIOCHEMISTRY, BYU, PROVO, UT 84602, POPOVIC.PASA@GMAIL.COM Thermodynamic entropy - S (J/K) At T=0K ideal crystal imperfect

560 views • 21 slides
Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of bits actually required to store data. Entropy is sometimes called a measure of surprise A highly predictable sequence contains little actual

293 views • 16 slides
Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual information f -divergence Mikael Skoglund 1/16 Entropy Over ( R , B ) , consider a discrete RV X with all probability in a countable set X B ,

538 views • 8 slides
Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J. A. Laeven Dept. of Econometrics and OR Tilburg University, CentER and Eurandom based on joint work with Mitja Stadje August 30, 2011 Entropy

442 views • 40 slides
Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy The Maximum Entropy (MaxEnt) method is a methodology to assign or update probability distributions to describe systems which are not completely

202 views • 17 slides
Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for describing low-level computation on modern CPUs (c) 2009 Entropy Wave Inc Motivation (c) 2009 Entropy Wave Inc Motivation Want maintainable assembly

611 views • 28 slides
1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

Introduction to Information Retrieval Entropy: a basic introduction 1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less compressible High entropy = high randomness/low compressibility Low entropy =

236 views • 19 slides
1 Plasma Entropy In ideal MHD, specific entropy is conserved along a flow path: where:

1 Plasma Entropy In ideal MHD, specific entropy is conserved along a flow path: where:

Plasma Entropy in the Magnetosphere Joachim Raeder 1 , Kai Germaschewski 1 , LiWei Lin 1 Space Science Center, University of New Hampshire, Durham, NH 03824, USA Congre ASTRONUM, Biarritz, France, July 2, 2013 Basic Structure of the

499 views • 11 slides
Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic

Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic

1896 1920 1987 2006 Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic Engineering Shanghai Jiao Tong University, China 2017, Autumn 1 Outline Entropy Joint entropy and conditional

778 views • 50 slides
the EMFF programme ENTREFISH Final Workshop 26 th February 2019, Brussels What is EASME?

the EMFF programme ENTREFISH Final Workshop 26 th February 2019, Brussels What is EASME?

Supporting Blue Careers through the EMFF programme ENTREFISH Final Workshop 26 th February 2019, Brussels What is EASME? Evaluation Four areas of action: Grant Agreement Preparation SME support Project Environment follow-up

265 views • 10 slides
Technology Centre Systems e Systems Programme (TCSP) An initiative of Ministry Ministry of MSME

Technology Centre Systems e Systems Programme (TCSP) An initiative of Ministry Ministry of MSME

Technology Centre Systems e Systems Programme (TCSP) An initiative of Ministry Ministry of MSME Government ernment of India Journey so far First Technology Centre at Hyderabad in 1969 1969 18 existing TCs operating in a self

235 views • 9 slides
Entrepreneurial Creativity in the City Darja Reuschke with Donald Houston (University of

Entrepreneurial Creativity in the City Darja Reuschke with Donald Houston (University of

www.workandhome.ac.uk Entrepreneurial Creativity in the City Darja Reuschke with Donald Houston (University of Portsmouth) and Jed Long (UWO) ERC Starting Grant 639403 WORKANDHOME Cities, creativity, innovation Small establishments

195 views • 19 slides
Latinos en Accin Developing an Action Research Network in Rural MN Fernando Burga PhD Masters

Latinos en Accin Developing an Action Research Network in Rural MN Fernando Burga PhD Masters

Latinos en Accin Developing an Action Research Network in Rural MN Fernando Burga PhD Masters of Urban and Regional Planning Program Humphrey School of Public Affairs, University of Minnesota Latino Public Affairs Forum | American University

352 views • 17 slides
Entropy Estimation on the Basis Stochastic Model of a Stochastic Model Werner Schindler Bundesamt

Entropy Estimation on the Basis Stochastic Model of a Stochastic Model Werner Schindler Bundesamt

Entropy Estimation on the Basis of a Entropy Estimation on the Basis Stochastic Model of a Stochastic Model Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler Informations- technik Bundesamt f ur Sicherheit in der

402 views • 21 slides
Thermodynamics Slide 3 / 93 Chemical Thermodynamics The Golden Gate Bridge is painted regularly

Thermodynamics Slide 3 / 93 Chemical Thermodynamics The Golden Gate Bridge is painted regularly

Slide 1 / 93 Slide 2 / 93 Thermodynamics Slide 3 / 93 Chemical Thermodynamics The Golden Gate Bridge is painted regularly to slow down the inevitable rusting of the iron on the bridge. In this unit you will study how heat and temperature

882 views • 31 slides
Stochastic Thermodynamics of Langevin systems under time-delayed feedback control M.L. Rosinberg

Stochastic Thermodynamics of Langevin systems under time-delayed feedback control M.L. Rosinberg

New Frontiers in Non-equilibrium Physics 2015 Stochastic Thermodynamics of Langevin systems under time-delayed feedback control M.L. Rosinberg in coll. with T. Munakata (Kyoto), and G. Tarjus (Paris) LPTMC, CNRS and Universit. P. et M.

326 views • 29 slides
Entropy and sustainable investment beliefs: A simple metric for analysing belief organisation Dane

Entropy and sustainable investment beliefs: A simple metric for analysing belief organisation Dane

Entropy and sustainable investment beliefs: A simple metric for analysing belief organisation Dane Rook University of Oxford D.Phil. Researcher, Geography &amp; the Environment dane.p.rook@ouce.ox.ac.uk [How] can investors make long term

419 views • 16 slides

More recommend