the legacy of export grade cryptography in the 21st
play

The legacy of export-grade cryptography in the 21st century Nadia - PowerPoint PPT Presentation

Jul 25, 2023 •254 likes •1.05k views

The legacy of export-grade cryptography in the 21st century Nadia Heninger University of Pennsylvania October 6, 2016 International Traffic in Arms Regulations April 1, 1992 version Category XIII--Auxiliary Military Equipment ... (b)

  1. The legacy of export-grade cryptography in the 21st century Nadia Heninger University of Pennsylvania October 6, 2016

  2. International Traffic in Arms Regulations April 1, 1992 version Category XIII--Auxiliary Military Equipment ... (b) Information Security Systems and equipment, cryptographic devices, software, and components specifically designed or modified therefore, including: (1) Cryptographic (including key management) systems, equipment, assemblies, modules, integrated circuits, components or software with the capability of maintaining secrecy or confidentiality of information or information systems, except cryptographic equipment and software as follows: (i) Restricted to decryption functions specifically designed to allow the execution of copy protected software, provided the decryption functions are not user-accessible. (ii) Specially designed, developed or modified for use in machines for banking or money transactions, and restricted to use only in such transactions. Machines for banking or money transactions include automatic teller machines, self-service statement printers, point of sale terminals or equipment for the encryption of interbanking transactions. ...

  3. Timeline of US cryptography export control ◮ Pre-1994: Encryption software requires individual export license as a munition. ◮ 1994: US State Department amends ITAR regulations to allow export of approved software to approved countries without individual licenses. 40-bit symmetric cryptography was understood to be approved under this scheme. ◮ 1995: Netscape develops initial SSL protocol. ◮ 1996: Bernstein v. United States; California judge rules ITAR regulations are unconstitutional because “code is speech” ◮ 1996: Cryptography regulation moved to Department of Commerce. ◮ 1999: TLS 1.0 standardized. ◮ 2000: Department of Commerce loosens regulations on mass-market and open source software.

  4. Commerce Control List: Category 5 - Info. Security (May 21, 2015 version) a.1.a. A symmetric algorithm employing a key length in excess of 56-bits; or a.1.b. An asymmetric algorithm where the security of the algorithm is based on any of the following: a.1.b.1. Factorization of integers in excess of 512 bits (e.g., RSA); a.1.b.2. Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie- Hellman over Z/pZ); or a.1.b.3. Discrete logarithms in a group other than mentioned in 5A002.a.1.b.2 in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve); a.2. Designed or modified to perform cryptanalytic functions;

  5. “The government must be wary of suffocating [the encryption software] industry with regulation in the new digital age, but we must be able to strike a balance between the legitimate concerns of the law enforcement community and the needs of the marketplace.” — U.S. Vice President Al Gore, September 1997

  6. “The government must be wary of suffocating [the encryption software] industry with regulation in the new digital age, but we must be able to strike a balance between the legitimate concerns of the law enforcement community and the needs of the marketplace.” — U.S. Vice President Al Gore, September 1997 “Because, if, in fact, you can’t crack that [encryption] at all, government can’t get in, then everybody is walking around with a Swiss bank account in their pocket – right? So there has to be some concession to the need to be able to get into that information somehow.” — President Obama, March 2016 Historical experiment: How did this “compromise” work out for us?

  7. Updated timeline of export control ◮ 1994: ITAR regulatory scheme. ◮ 1995: Netscape develops initial SSL protocol. ◮ 1996: Cryptography regulation moved to Department of Commerce. ◮ 1999: TLS 1.0 standardized. ◮ 2000: Department of Commerce loosens regulations on mass-market and open source software. ◮ . . .

  8. Updated timeline of export control ◮ 1994: ITAR regulatory scheme. ◮ 1995: Netscape develops initial SSL protocol. ◮ 1996: Cryptography regulation moved to Department of Commerce. ◮ 1999: TLS 1.0 standardized. ◮ 2000: Department of Commerce loosens regulations on mass-market and open source software. ◮ . . . ◮ March 2015: FREAK attack; 10% of popular sites vulnerable. ◮ May 2015: Logjam attack; 8% of popular sites vulnerable. ◮ March 2016: DROWN attack; 25% of popular sites vulnerable.

  9. The FREAK attack A Messy State of the Union: Taming the Composite State Machines of TLS Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, C´ edric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue Oakland 2015

  10. Textbook RSA Encryption [Rivest Shamir Adleman 1977] Public Key Private Key N = pq modulus p , q primes e encryption exponent d decryption exponent ( d = e − 1 mod ( p − 1)( q − 1)) public key = ( N , e ) ciphertext = message e mod N message = ciphertext d mod N

  13. TLS RSA Key Exchange client hello: client random [. . . RSA . . . ]

  14. TLS RSA Key Exchange client hello: client random [. . . RSA . . . ] server hello: server random, [RSA] certificate = RSA pubkey k 2048 + CA signatures

  15. TLS RSA Key Exchange client hello: client random [. . . RSA . . . ] server hello: server random, [RSA] certificate = RSA pubkey k 2048 + CA signatures client key exchange: RSAenc k 2048 ( pms ) client finished: Auth k mc (dialog) KDF( pms , KDF( pms , randoms) → randoms) → k m c , k m s , k e k m c , k m s , k e

  16. TLS RSA Key Exchange client hello: client random [. . . RSA . . . ] server hello: server random, [RSA] certificate = RSA pubkey k 2048 + CA signatures client key exchange: RSAenc k 2048 ( pms ) client finished: Auth k mc (dialog) KDF( pms , KDF( pms , server finished: Auth k ms (dialog) randoms) → randoms) → k m c , k m s , k e k m c , k m s , k e

  17. TLS RSA Key Exchange client hello: client random [. . . RSA . . . ] server hello: server random, [RSA] certificate = RSA pubkey k 2048 + CA signatures client key exchange: RSAenc k 2048 ( pms ) client finished: Auth k mc (dialog) KDF( pms , KDF( pms , server finished: Auth k ms (dialog) randoms) → randoms) → k m c , k m s , k e Enc k e (request) k m c , k m s , k e

  18. Question: How do you selectively weaken a protocol based on RSA?

  19. Question: How do you selectively weaken a protocol based on RSA? Export answer: Optionally use a small RSA key.

  20. TLS RSA Export Key Exchange client hello: client random [. . . RSA EXPORT . . . ] server hello: server random, [RSA EXPORT] certificate = RSA pubkey k 2048 + CA signatures server key exchange: RSA pubkey k 512 client key exchange: RSAenc k 512 ( pms ) KDF( pms , KDF( pms , client finished: Auth k mc (dialog) randoms) → randoms) → k m c , k m s , k e server finished: Auth k ms (dialog) k m c , k m s , k e Enc k e (request)

  21. RSA export cipher suites in TLS In March 2015, export cipher suites supported by 36.7% of the 14 million sites serving browser-trusted certificates! TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA Totally insecure, but no modern client would negotiate export ciphers. ... right? Tracking the Freak Attack Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman freakattack.com

  22. FREAK: MITM downgrade attack to export RSA Implementation flaw: Most major browsers accept unexpected server key exchange messages. [BDFKPSZZ 2015] client hello: random [. . . RSA . . . ]

  23. FREAK: MITM downgrade attack to export RSA Implementation flaw: Most major browsers accept unexpected server key exchange messages. [BDFKPSZZ 2015] client hello: random [. . . RSA . . . ] [RSA EXPORT]

  24. FREAK: MITM downgrade attack to export RSA Implementation flaw: Most major browsers accept unexpected server key exchange messages. [BDFKPSZZ 2015] client hello: random [. . . RSA . . . ] [RSA EXPORT] server hello: random, [RSA EXPORT] certificate = RSA pubkey k 2048 + CA signatures server key exchange: RSA pubkey k 512

  25. FREAK: MITM downgrade attack to export RSA Implementation flaw: Most major browsers accept unexpected server key exchange messages. [BDFKPSZZ 2015] client hello: random [. . . RSA . . . ] [RSA EXPORT] server hello: random, [RSA EXPORT] [RSA] certificate = RSA pubkey k 2048 + CA signatures server key exchange: RSA pubkey k 512

  26. FREAK: MITM downgrade attack to export RSA Implementation flaw: Most major browsers accept unexpected server key exchange messages. [BDFKPSZZ 2015] client hello: random [. . . RSA . . . ] [RSA EXPORT] server hello: random, [RSA EXPORT] [RSA] certificate = RSA pubkey k 2048 + CA signatures server key exchange: RSA pubkey k 512 client key exchange: RSAenc k 512 ( pms ) KDF( pms , KDF( pms , randoms) → randoms) → k m c , k m s , k e k m c , k m s , k e

  27. FREAK: MITM downgrade attack to export RSA Implementation flaw: Most major browsers accept unexpected server key exchange messages. [BDFKPSZZ 2015] client hello: random [. . . RSA . . . ] [RSA EXPORT] server hello: random, [RSA EXPORT] [RSA] certificate = RSA pubkey k 2048 + CA signatures server key exchange: RSA pubkey k 512 client key exchange: RSAenc k 512 ( pms ) KDF( pms , KDF( pms , client finished: Auth k mc (dialog) randoms) → randoms) → k m c , k m s , k e k m c , k m s , k e

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The legacy of export-grade cryptography in the 21st century Nadia Heninger and J. Alex Halderman

The legacy of export-grade cryptography in the 21st century Nadia Heninger and J. Alex Halderman

The legacy of export-grade cryptography in the 21st century Nadia Heninger and J. Alex Halderman University of Pennsylvania University of Michigan June 9, 2016 International Traffic in Arms Regulations April 1, 1992 version Category

1.8k views • 148 slides
From Manufacturing Led Export Growth to a 21st Century Inclusive Growth Strategy for Africa

From Manufacturing Led Export Growth to a 21st Century Inclusive Growth Strategy for Africa

From Manufacturing Led Export Growth to a 21st Century Inclusive Growth Strategy for Africa Joseph E. Stiglitz African Export-Import Bank October 15, 2017 Export-led growth model behind 20 th century growth miracles Unprecedented growth in

879 views • 33 slides
From Manufacturing Led Export Growth to a 21st Century Inclusive Growth Strategy: Explaining the

From Manufacturing Led Export Growth to a 21st Century Inclusive Growth Strategy: Explaining the

From Manufacturing Led Export Growth to a 21st Century Inclusive Growth Strategy: Explaining the Demise of a Successful Growth Model and What to Do About It Joseph E. Stiglitz WIDER Conference September 2018 I. Export-led growth model behind

460 views • 42 slides
MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in Children v. 13-16 Legacy in Eternity v. 17-31 LEGACY IN MARRIAGE 2 Schools of thought 1. Rabbi Sammai- Strict interpretation. Divorce only

775 views • 9 slides
2019 COLORADO CJP CONVENTION LEGACY CITATION 500 JT15D / PW500 ENGINES LE-DO VU SENIOR MANAGER

2019 COLORADO CJP CONVENTION LEGACY CITATION 500 JT15D / PW500 ENGINES LE-DO VU SENIOR MANAGER

2019 COLORADO CJP CONVENTION LEGACY CITATION 500 JT15D / PW500 ENGINES LE-DO VU SENIOR MANAGER PW615F/JT15D/PW500 PROGRAM EXPORT CLASSIFICATION Check this box if presentation Summarize the export classifications of all slides OR contains

356 views • 20 slides
Coventry Middle School Spring Band Concert Wednesday, May 21st 2014 6th Grade Band Don't Stop

Coventry Middle School Spring Band Concert Wednesday, May 21st 2014 6th Grade Band Don't Stop

Coventry Middle School Spring Band Concert Wednesday, May 21st 2014 6th Grade Band Don't Stop Believin' Words and Music by Jonathan Cain, Neal Schon, and Steve Perry arr. Michael Story Roller Coaster Ride Dan Adams African Folk Trilogy arr.

381 views • 9 slides
Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy and the spirit of Truc Lam Yen Zen Buddhism, the Legacy Yen Tu is an inspiring journey into the past. It offers travelers a stay filled with storied

688 views • 32 slides
How to export Image and Animation 1. When we finished our design, we need export it. Sometimes we

How to export Image and Animation 1. When we finished our design, we need export it. Sometimes we

How to export Image and Animation 1. When we finished our design, we need export it. Sometimes we need export a picture, sometimes we need export to video, GIF or SWF, sometimes we need the transparent background, sometimes we dont. So, we

207 views • 3 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Kildare Export Success Seminar Kilian Duignan Export Success Seminar Export Success Seminar

Kildare Export Success Seminar Kilian Duignan Export Success Seminar Export Success Seminar

Local Enterprise Office Kildare Export Success Seminar Kilian Duignan Export Success Seminar Export Success Seminar Export Success Seminar Export Success Seminar Jan 13 th 2019 Dyson to move company HQ to Singapore CEO says plan is more

493 views • 20 slides
L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The Legacy Residents Association was created for the homeowners of Legacy, with the intent of augmenting the lifestyle in Legacy. The goal is to create

1.18k views • 56 slides
L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G WELCOME The Legacy Residents Association was created for the homeowners of Legacy, with the intent of augmenting the lifestyle in Legacy. The goal

412 views • 40 slides
LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM

LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM

LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM Qubec , is comprised of 163 charitable organizations that support its mission which is to encourage the population of Quebec to make a planned

312 views • 18 slides
Mrs. Tucker Mrs. Thompson Mrs. Doe Mrs. Gutierrez Mrs. Gutierrez Fun Facts: This is my 21st

Mrs. Tucker Mrs. Thompson Mrs. Doe Mrs. Gutierrez Mrs. Gutierrez Fun Facts: This is my 21st

Mrs. Tucker Mrs. Thompson Mrs. Doe Mrs. Gutierrez Mrs. Gutierrez Fun Facts: This is my 21st year of teaching at Natoma Station. Born and raised in Sacramento, I I have taught 3rd grade, 2nd received my BA in Child Development

422 views • 28 slides
Congratulations October Buc of the Month Recipients! 12 th Grade 9 th Grade 10 th Grade 11 th

Congratulations October Buc of the Month Recipients! 12 th Grade 9 th Grade 10 th Grade 11 th

Congratulations October Buc of the Month Recipients! 12 th Grade 9 th Grade 10 th Grade 11 th Grade 7 th Grade 8 th Grade Alaina Holguin Simaranjeet Kaur Ashley Garcia Jael Jacobo Julina Rodriguez John Kinchen Yitzel Castellanos Sana

304 views • 3 slides
Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com Case Study Migrating Legacy.com Jordan Ryan Product Owner Ankur Gupta Lead Developer Bassam Ismail Front-end Lakshmi Narasimhan RESTful

458 views • 45 slides
Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe.

Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe.

Commitment Schemes Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe. Commitment Schemes Commitment Schemes Digital analogue of a safe. Definition 1 (Commitment scheme) An efficient two-stage

605 views • 23 slides
Mathematical Cryptography Diffie Hellman, Discrete Log Problem, Collision Algorithms Mentor: Tao

Mathematical Cryptography Diffie Hellman, Discrete Log Problem, Collision Algorithms Mentor: Tao

Mathematical Cryptography Diffie Hellman, Discrete Log Problem, Collision Algorithms Mentor: Tao Song , Mentee: Lisette del Pino University of Pennsylvania Directed Reading Program May 16, 2020 Mentor: Tao Song , Mentee: Lisette del Pino

1.35k views • 98 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr.

Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr.

Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr. Principal Software Engineer 2019/02/19 What are cache based attacks ? In cryptography In cryptographic operations, leaking the internal state of a

338 views • 8 slides
NaCls crypto box in hardware Michael Hutter, J urgen Schilling, Peter Schwabe, and Wolfgang

NaCls crypto box in hardware Michael Hutter, J urgen Schilling, Peter Schwabe, and Wolfgang

NaCls crypto box in hardware Michael Hutter, J urgen Schilling, Peter Schwabe, and Wolfgang Wieser Cryptography Research, TU Graz (IAIK), Radboud University Nijmegen September 14, 2015 CHES 2015, Saint-Malo, France NaCl and crypto box

394 views • 36 slides
Automated Game-Based Cryptographic Proofs Santiago Zanella B eguelin IMDEA Software Institute,

Automated Game-Based Cryptographic Proofs Santiago Zanella B eguelin IMDEA Software Institute,

Automated Game-Based Cryptographic Proofs Santiago Zanella B eguelin IMDEA Software Institute, Madrid, Spain 2011.11.14 SEFM 2011 Based on joint work with Gilles Barthe Benjamin Gr egoire Sylvain Heraud Federico Olmedo Yassine

1.32k views • 104 slides
Secure Protocols in a Hostile World for CHES 2015 Matthew Green Johns Hopkins University

Secure Protocols in a Hostile World for CHES 2015 Matthew Green Johns Hopkins University

Secure Protocols in a Hostile World for CHES 2015 Matthew Green Johns Hopkins University Why this talk? Why this presentation? These people are wrong solved problem Algorithms Protocol Design Unsolved Implementation Library

1.11k views • 80 slides
MOL2NET, 2018 , 4, http://sciforum.net/conference/mol2net-04 2 overpopulation exists, it is posed

MOL2NET, 2018 , 4, http://sciforum.net/conference/mol2net-04 2 overpopulation exists, it is posed

MOL2NET, 2018 , 4, http://sciforum.net/conference/mol2net-04 1 MDPI MOL2NET, International Conference Series on Multidisciplinary Sciences Cryptosporidium spp. prevalence in sheep from commercial sites in the State of Mexico, Mexico during Summer

562 views • 5 slides

More recommend