Randomness Some content taken from Silence on the Wire by Michal - - PowerPoint PPT Presentation

Randomness

Some content taken from “Silence on the Wire” by Michal Zalewski

Today’s Agenda

• Randomness in Private Key Generation
• Randomness in Election (fraud)
• Randomness in Coin Flipping

What is random?

• Chosen without method

Random beacons

• Atmospheric noise
• random.org
• Radioactive Decay
• http://www.fourmilab.ch/hotbits/
• Lava lamps
• Cloudflare
• Thunderstorms
• Seismic data in earthquake-prone areas

Pseudorandom vs. random

Characteristics Psuedorandom Random Efficiency Excellent Poor Determinism Deterministic Nondeterministic Periodicity Periodic Aperiodic

https://www.random.org/randomness/

How computers use randomness

• Blinky lights
• Quicksort
• Computer games
• Cryptographic keys

Randomness in Private Key Generation

• Applied cryptography relies on randomness in key

generation.

• Lack of randomness —> somebody else can

guess your private key

Pseudorandom Number Generation

• Pick a (random) seed
• Algorithmically pick the next number.

Netscape PRNG

global variable seed; RNG_CreateContext() (seconds, microseconds) = time of day; /* Time elapsed since 1970 */ pid = process ID; ppid = parent process ID; a = mklcpr(microseconds); b = mklcpr(pid + seconds + (ppid << 12)); seed = MD5(a, b); RNG_GenerateRandomBytes() x = MD5(seed); seed = seed + 1; return x;

Netscape’s Crypto Issues

• 40 bit keys
• seeded PRNG with time
• can get process info with ps

Feeding /dev/urandom

• There can be no general method for determining

an outcome of any computer procedure or algorithm in a finite time.

• paraphrasing of Alan Turing

Feeding /dev/urandom

Feeding /dev/urandom

• Entropy from running a computer enters the

entropy pool

• Process reads from that pool

Using randomness to create keys

• Algorithms for creating prime number candidates

(pseudoprimes)

• Algorithms for detecting if a number could be

prime quickly (verify pseudoprimes)

DJB quoting Mark Twain

• Behold, the fool saith, "Put not all thine eggs in the
• ne basket"—which is but a manner of saying,

"Scatter your money and your attention;" but the wise man saith, "Put all your eggs in the one basket and—WATCH THAT BASKET."

• http://blog.cr.yp.to/20140205-entropy.html

Weak Keys (2008)

• At least 5.23% of TLS hosts use default keys
• 0.75% of TLS certificates share keys (bad entropy in

key gen)

• 1.70% come from the same faulty implementations

(susceptible to compromise)

• Obtained RSA private keys for 0.50% of TLS hosts and

0.03% of SSH hosts (shared p or q)

• Vast majority found in embedded systems

RSA: Recall from last class

• Choose two large, distinct prime numbers p, q.
• Compute the modulus n=pq
• φ(n) = φ(p)×φ(q) = (p−1)×(q−1)
• φ(n): Number of integers less than n that aren’t coprime
• coprime: x,y are coprime if the only common factor they have is 1.
• Pick a number, e, such that e<φ(n) and e,φ(n) are coprime.
• Determine d such that de ≡ 1 (mod φ(n))
• Public key is (n,e). Private key is (n,d).

How did they factor?

• Pairwise GCD of all distinct RSA moduli
• N1=p1*q1, N2=p2*q2
• If no factors are common, than GCD(N1,N2)=1
• Otherwise, if p1=p2, then GCP(N1, N2)=p1
• 5.5 hours for over 11 million RSA keys

Commonly Repeated Keys

Visualizing RSA Common Factors

Generating Keys from Boot

2009 Iranian Election

• Mahmoud Ahmadinejad ran against three others
• 85% turnout
• Mahmoud Ahmadinejad “won” with 64% of the vote
• Caused massive protests “Green Revolution”

Benford's Law

Methodology

• Look at election results
• Ask NYU undergrads to make up numbers
• Compare least significant digits

Runs Test

• A sequence with n heads and m tails
• A run is a sequence of coin flips with the same side
• 11000100010000101110111101001000101110111

Runs Test

• Given a sequence of n heads; m tails; R runs
• E(R) = (2nm / (n+m)) + 1
• V(R) = ( 2nm(2nm – n – m )) / ((n + m)2 (n + m – 1))
• Z score: (x - E(R)) / √(V(R))