BibTex RIS Cite

RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi

Year 2017, Volume: 21 Issue: 2, 631 - 643, 08.03.2017
https://doi.org/10.19113/sdufbed.70723

Abstract

``Kriptografik bir sistemden, gizli bilgileri farkedilmeden ve sadece algoritmik değişiklerle çalabilme çalışmaları'' olarak özetleyebileceğimiz Kleptografi alt disiplinini incelediğimiz bu çalışmada, RSA şifreleme sistemine karşı kurgulanmış kleptografik atak senaryolarını, ilgili algoritmaları ve bu algoritmaların, atak barındırmayan standart algoritmaların gerçeklenmesi ile oluşan sonuçların karşılaştırmalı analizleri ele alınacaktır. Özellikle bu çalışmalarda, atakların bazıları implemente edilmiş ancak standart algoritma ile oluşacak davranış farkını gösterebilecek yeterli analizler yapılmamıştır. Bu çalışmada atakların ayırt edilebilmesi için yeterli olacak istatistiksel testler yapılmış ve oluşan sonuçlar analiz edilmiştir.

References

  • [1] A. Young and M. Yung, ``The dark side of “black-box” cryptography or: Should we trust capstone?'' in Advances in Cryptology—CRYPTO’96. Springer, 1996, pp. 89--103.
  • [2] G. J. Simmons, “The subliminal channel and digital signatures,” in Advances in Cryptology. Springer, 1984, pp. 364–378.
  • [3] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
  • [4] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” in Advances in cryptology. Springer, 1984, pp. 10–18.
  • [5] P. FIPS, “186-2. Digital Signature Standard (DSS),” National Institute of Standards and Technology (NIST), 2000.
  • [6] B. C. Neuman and T. Ts’ O, “Kerberos: An authentication service for computer networks,” Communications Magazine, IEEE, vol. 32, no. 9, pp. 33–38, 1994.
  • [7] A. Young and M. Yung, “Kleptography: Using cryptography against cryptography,” in Advances in Cryptology—Eurocrypt’97. Springer, 1997, pp. 62–74.
  • [8] W. Diffie and M. E. Hellman, “New directions in cryptography,” Information Theory, IEEE Transactions on, vol. 22, no. 6, pp. 644–654, 1976.
  • [9] C. Crépeau and A. Slakmon, “Simple backdoors for RSA key generation,” in Topics in Cryptology—CTRSA 2003. Springer, 2003, pp. 403–416.
  • [10] D. Coppersmith, “Finding a small root of a bivariate integer equation; factoring with high bits known,” in Advances in cryptology—EUROCRYPT’96. Springer, 1996, pp. 178–189.
  • [11] A. Young and M. Yung, Malicious cryptography: Exposing cryptovirology. John Wiley & Sons, 2004.
  • [12] A. L. Young and M. Yung, “A space efficient backdoor in RSA and its applications,” in Selected Areas in Cryptography. Springer, 2006, pp. 128–143.
  • [13] A. L. Young and M. Yung, “Space-efficient kleptography without random oracles,” in Information Hiding. Springer, 2007, pp. 112–129.
  • [14] A. Young and M. Yung, “Kleptography from standard assumptions and applications,” in Security and Cryptography for Networks. Springer, 2010, pp. 271–290.
  • [15] Z. Golebiewski, M. Kutyłowski, and F. Zagórski, “Stealing secrets with ssl/tls and ssh–kleptographic attacks,” in Cryptology and Network Security. Springer, 2006, pp. 191–202.
  • [16] E. J. Goh, D. Boneh, B. Pinkas, and P. Golle, “The design and implementation of protocol-based hidden key recovery,” in Information Security. Springer, 2003, pp. 165–179.
  • [17] M. Gogolewski, M. Klonowski, P. Kubiak, M. Kutyłowski, A. Lauks, and F. Zagórski, “Kleptographic attacks on e-voting schemes,” in Emerging Trends in Information and Communication Security. Springer, 2006, pp. 494–508.
  • [18] M. Gogolewski, M. Gomuªkiewicz, J. Kubiak, and M. Lauks, “Kleptographic attaks on e-auction schemes,” Tatra Mt. Math. Publ, vol. 41, no. 47, pp. 47–64, 2008.
  • [19] N. Perlroth, J. Larson, and S. Shane, “NSA able to foil basic safeguards of privacy on web,” The New York Times, vol. 5, 2013.
  • [20] J. Ball, J. Borger, and G. Greenwald, “Revealed: how US and UK spy agencies defeat internet privacy and security,” The Guardian, vol. 6, 2013.
  • [21] E. B. Barker and J. M. Kelsey, Recommendation for random number generation using deterministic random bit generators (revised). US Department of Commerce, Technology Administration, National Institute of Standards and Technology, Computer Security Division, Information Technology Laboratory, 2007.
  • [22] S. Checkoway, R. Niederhagen, A. Everspaugh, M. Green, T. Lange, T. Ristenpart, D. J. Bernstein, J. Maskiewicz, H. Shacham, and M. Fredrikson, “On the practical exploitability of dual ec in tls implementations,” in 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 319–335.
  • [23] K. G., “Dual-EC-PRBG Comments,” http://www.math.ntnu.no/~kristiag/drafts/dual-ec-drbg-comments.pdf, 2006, (Son Erisim: Haziran 2016).
  • [24] D. S. and N. F., “On the possibility of a back door in the nist sp800-90 Dual-EC-PRNG. crypto 2007 rump session„” http://rump2007.cr.yp.to/15-shumow.pdf., 2007., (Son Eri¸sim: Haziran 2016).
  • [25] B. Schoenmakers and A. Sidorenko, “Cryptanalysis of the dual elliptic curve pseudorandom generator.” IACR Cryptology ePrint Archive, vol. 2006, p. 190, 2006.
  • [26] I. Mironov and N. Stephens-Davidowitz, “Cryptographic reverse firewalls,” in Advances in Cryptology- EUROCRYPT 2015. Springer, 2015, pp. 657–686.
  • [27] A. Russell, Q. Tang, M. Yung, and H. S. Zhou, “Cliptography: Clipping the power of kleptographic attacks,” Cryptology ePrint Archive, Report 2015/695, 2015. http://eprint. iacr. org, Tech. Rep., 2015.
  • [28] K. Ruohonen, “Mathematical cryptology,” Lecture Notes, 2010.
  • [29] J. Hoffstein, J. Pipher, J. H. Silverman, and J. H. Silverman, An introduction to mathematical cryptography. Springer, 2008, vol. 1.
  • [30] E. Güzel. Erhan Güzel Cebir Sayfası http://web.iku.edu.tr/~eguzel (Son Eri¸sim: Haziran 2016).
  • [31] Marmara Üniversitesi Fen-Edebiyat Fakültesi Cebir Ders Notları http://mat.fef.marmara.edu.tr/ogrencilere/cebir-ii-ders-notlari/ (Son Eri¸sim: Haziran 2016).
  • [32] D. Boneh et al., “Twenty years of attacks on the RSA cryptosystem,” Notices of the AMS, vol. 46, no. 2, pp. 203–213, 1999.
  • [33] E. Ceran, M.S. Kiraz, O. Uzunkol, 2016. Kleptografi: Kriptografik Sistemlerde Arka Kapılar. ˙Istanbul ¸ Sehir Üniversitesi, Fen Bilimleri Enstitüsü, Yüksek Lisans Tezi, 71s, Istanbul.
Year 2017, Volume: 21 Issue: 2, 631 - 643, 08.03.2017
https://doi.org/10.19113/sdufbed.70723

Abstract

References

  • [1] A. Young and M. Yung, ``The dark side of “black-box” cryptography or: Should we trust capstone?'' in Advances in Cryptology—CRYPTO’96. Springer, 1996, pp. 89--103.
  • [2] G. J. Simmons, “The subliminal channel and digital signatures,” in Advances in Cryptology. Springer, 1984, pp. 364–378.
  • [3] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
  • [4] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” in Advances in cryptology. Springer, 1984, pp. 10–18.
  • [5] P. FIPS, “186-2. Digital Signature Standard (DSS),” National Institute of Standards and Technology (NIST), 2000.
  • [6] B. C. Neuman and T. Ts’ O, “Kerberos: An authentication service for computer networks,” Communications Magazine, IEEE, vol. 32, no. 9, pp. 33–38, 1994.
  • [7] A. Young and M. Yung, “Kleptography: Using cryptography against cryptography,” in Advances in Cryptology—Eurocrypt’97. Springer, 1997, pp. 62–74.
  • [8] W. Diffie and M. E. Hellman, “New directions in cryptography,” Information Theory, IEEE Transactions on, vol. 22, no. 6, pp. 644–654, 1976.
  • [9] C. Crépeau and A. Slakmon, “Simple backdoors for RSA key generation,” in Topics in Cryptology—CTRSA 2003. Springer, 2003, pp. 403–416.
  • [10] D. Coppersmith, “Finding a small root of a bivariate integer equation; factoring with high bits known,” in Advances in cryptology—EUROCRYPT’96. Springer, 1996, pp. 178–189.
  • [11] A. Young and M. Yung, Malicious cryptography: Exposing cryptovirology. John Wiley & Sons, 2004.
  • [12] A. L. Young and M. Yung, “A space efficient backdoor in RSA and its applications,” in Selected Areas in Cryptography. Springer, 2006, pp. 128–143.
  • [13] A. L. Young and M. Yung, “Space-efficient kleptography without random oracles,” in Information Hiding. Springer, 2007, pp. 112–129.
  • [14] A. Young and M. Yung, “Kleptography from standard assumptions and applications,” in Security and Cryptography for Networks. Springer, 2010, pp. 271–290.
  • [15] Z. Golebiewski, M. Kutyłowski, and F. Zagórski, “Stealing secrets with ssl/tls and ssh–kleptographic attacks,” in Cryptology and Network Security. Springer, 2006, pp. 191–202.
  • [16] E. J. Goh, D. Boneh, B. Pinkas, and P. Golle, “The design and implementation of protocol-based hidden key recovery,” in Information Security. Springer, 2003, pp. 165–179.
  • [17] M. Gogolewski, M. Klonowski, P. Kubiak, M. Kutyłowski, A. Lauks, and F. Zagórski, “Kleptographic attacks on e-voting schemes,” in Emerging Trends in Information and Communication Security. Springer, 2006, pp. 494–508.
  • [18] M. Gogolewski, M. Gomuªkiewicz, J. Kubiak, and M. Lauks, “Kleptographic attaks on e-auction schemes,” Tatra Mt. Math. Publ, vol. 41, no. 47, pp. 47–64, 2008.
  • [19] N. Perlroth, J. Larson, and S. Shane, “NSA able to foil basic safeguards of privacy on web,” The New York Times, vol. 5, 2013.
  • [20] J. Ball, J. Borger, and G. Greenwald, “Revealed: how US and UK spy agencies defeat internet privacy and security,” The Guardian, vol. 6, 2013.
  • [21] E. B. Barker and J. M. Kelsey, Recommendation for random number generation using deterministic random bit generators (revised). US Department of Commerce, Technology Administration, National Institute of Standards and Technology, Computer Security Division, Information Technology Laboratory, 2007.
  • [22] S. Checkoway, R. Niederhagen, A. Everspaugh, M. Green, T. Lange, T. Ristenpart, D. J. Bernstein, J. Maskiewicz, H. Shacham, and M. Fredrikson, “On the practical exploitability of dual ec in tls implementations,” in 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 319–335.
  • [23] K. G., “Dual-EC-PRBG Comments,” http://www.math.ntnu.no/~kristiag/drafts/dual-ec-drbg-comments.pdf, 2006, (Son Erisim: Haziran 2016).
  • [24] D. S. and N. F., “On the possibility of a back door in the nist sp800-90 Dual-EC-PRNG. crypto 2007 rump session„” http://rump2007.cr.yp.to/15-shumow.pdf., 2007., (Son Eri¸sim: Haziran 2016).
  • [25] B. Schoenmakers and A. Sidorenko, “Cryptanalysis of the dual elliptic curve pseudorandom generator.” IACR Cryptology ePrint Archive, vol. 2006, p. 190, 2006.
  • [26] I. Mironov and N. Stephens-Davidowitz, “Cryptographic reverse firewalls,” in Advances in Cryptology- EUROCRYPT 2015. Springer, 2015, pp. 657–686.
  • [27] A. Russell, Q. Tang, M. Yung, and H. S. Zhou, “Cliptography: Clipping the power of kleptographic attacks,” Cryptology ePrint Archive, Report 2015/695, 2015. http://eprint. iacr. org, Tech. Rep., 2015.
  • [28] K. Ruohonen, “Mathematical cryptology,” Lecture Notes, 2010.
  • [29] J. Hoffstein, J. Pipher, J. H. Silverman, and J. H. Silverman, An introduction to mathematical cryptography. Springer, 2008, vol. 1.
  • [30] E. Güzel. Erhan Güzel Cebir Sayfası http://web.iku.edu.tr/~eguzel (Son Eri¸sim: Haziran 2016).
  • [31] Marmara Üniversitesi Fen-Edebiyat Fakültesi Cebir Ders Notları http://mat.fef.marmara.edu.tr/ogrencilere/cebir-ii-ders-notlari/ (Son Eri¸sim: Haziran 2016).
  • [32] D. Boneh et al., “Twenty years of attacks on the RSA cryptosystem,” Notices of the AMS, vol. 46, no. 2, pp. 203–213, 1999.
  • [33] E. Ceran, M.S. Kiraz, O. Uzunkol, 2016. Kleptografi: Kriptografik Sistemlerde Arka Kapılar. ˙Istanbul ¸ Sehir Üniversitesi, Fen Bilimleri Enstitüsü, Yüksek Lisans Tezi, 71s, Istanbul.
There are 33 citations in total.

Details

Journal Section Articles
Authors

Emre Ceran

Mehmet Sabır Kiraz

Osmanbey Uzunkol This is me

Publication Date March 8, 2017
Published in Issue Year 2017 Volume: 21 Issue: 2

Cite

APA Ceran, E., Kiraz, M. S., & Uzunkol, O. (2017). RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 21(2), 631-643. https://doi.org/10.19113/sdufbed.70723
AMA Ceran E, Kiraz MS, Uzunkol O. RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi. J. Nat. Appl. Sci. August 2017;21(2):631-643. doi:10.19113/sdufbed.70723
Chicago Ceran, Emre, Mehmet Sabır Kiraz, and Osmanbey Uzunkol. “RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik Ve Karmaşıklık Analizi”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 21, no. 2 (August 2017): 631-43. https://doi.org/10.19113/sdufbed.70723.
EndNote Ceran E, Kiraz MS, Uzunkol O (August 1, 2017) RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 21 2 631–643.
IEEE E. Ceran, M. S. Kiraz, and O. Uzunkol, “RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi”, J. Nat. Appl. Sci., vol. 21, no. 2, pp. 631–643, 2017, doi: 10.19113/sdufbed.70723.
ISNAD Ceran, Emre et al. “RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik Ve Karmaşıklık Analizi”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 21/2 (August 2017), 631-643. https://doi.org/10.19113/sdufbed.70723.
JAMA Ceran E, Kiraz MS, Uzunkol O. RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi. J. Nat. Appl. Sci. 2017;21:631–643.
MLA Ceran, Emre et al. “RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik Ve Karmaşıklık Analizi”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, vol. 21, no. 2, 2017, pp. 631-43, doi:10.19113/sdufbed.70723.
Vancouver Ceran E, Kiraz MS, Uzunkol O. RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi. J. Nat. Appl. Sci. 2017;21(2):631-43.

e-ISSN :1308-6529
Linking ISSN (ISSN-L): 1300-7688

All published articles in the journal can be accessed free of charge and are open access under the Creative Commons CC BY-NC (Attribution-NonCommercial) license. All authors and other journal users are deemed to have accepted this situation. Click here to access detailed information about the CC BY-NC license.