RSA Private Keys Research Articles

Energy–Aware security protocol for IoT devices

Internet of Things (IoT) has permeated various aspects of modern life, from smart homes to factories and even gardens. In the coming years, number of IoT devices is expected to surpass that of computers, laptops, mobile phones, and tablets. However, many of these devices are small and operate on batteries, making energy efficiency a significant challenge. This challenge affects all aspects of IoT, including security. To address this issue, we present an adaptive security approach in this paper. Adaptive security involves adjusting the security level based on the level of threats and data context, rather than always assuming the worst-case scenario. This approach reduces energy consumption and is implemented in three parts: 1) Adapting the length of RSA public and private keys, where longer keys provide more security but consume more power. 2) Adapting the trust level between nodes based on the history of the transmitting node, where the receiving node decides whether to verify the correctness of the received messages or not. 3) Utilizing TrustChain, which is transactional verification method inspired by the blockchain concept.We evaluated the performance of our proposed model through exhaustive simulation scenarios and experiments. Our approach outperforms state-of-the-art methods, with the variable key length approach reducing energy consumption by 50%, the trust level approach reducing energy consumption by approximately 50%, and the TrustChain approach reducing energy consumption to 0.771 J, while the blockchain-based method consumed 2.955 J to verify transactions.

A Secure Private Key Recovery Based on DNA Bio-Cryptography for Blockchain

The existence of the Internet, networking, and cloud computing support a wide range of new technologies. Blockchain is one of these technologies; this increases the interest of researchers who are concerned with providing a safe environment for the circulation of important information via the Internet. Maintaining solidity and integrity of a blockchain’s transactions is an important issue, which must always be borne in mind. Transactions in blockchain are based on use of public and private keys asymmetric cryptography. This work proposes usage of users’ DNA as a supporting technology for storing and recovering their keys in case those keys are lost — as an effective bio-cryptographic recovery method. The RSA private key is responsible for maintaining the authenticity of the blocks’ wallets throughout any transaction related to any block of the blockchain. This framework can be used for a wide range of applications such as student registration systems at universities: in order to prevent the forging of student graduation certificates. The experimental results demonstrated robustness of the proposed solution, using a number of key sizes. The effectiveness of our approach is compared to that of elliptic curve cryptography keys. Our approach shows that the security and authentication needed for blockchain technology can be accomplished using DNA combined with an RSA private key. On the other hand, the standard EC cryptography shows poor performance against our suggested method as demonstrated in the discussion section.

An evaluation of the RSA private keys and the presence of weak keys

Numerous applications that rely on asymmetric cryptography use the RSA algorithm. It can be applied to digital signatures and the encryption of sensitive data. The secure storage of the private key is essential for the algorithm’s strength. Finding ways to use factorization or other heuristics to determine the value of the private key, was the goal of several academic efforts. Both the Euler totient and the Carmichael functions are used in this study to analyze the private key properties and demonstrate the existence of many private keys for the same public key. We further demonstrate that a universal private key that complies with the FIPS standard exists. Moreover, by taking advantage of a condition imposed by FIPS recommendations, we present a new method for attacking the RSA modulus (N).

On the Existence of Multiple RSA Private Keys

It is known that, given an RSA modulus, n = p q , the public key e and the corresponding private key d satisfy the modulo congruence e d ≡ 1 mod ϕ n , where ϕ n = p − 1 q − 1 . Usually, the private key d can be computed efficiently using the extended Euclidean algorithm, and it is common knowledge that the private key is unique in the sense of modular ϕ n . This paper shows that there exist multiple private keys d ; they all satisfy that d < ϕ n . This paper also presents the exact relationship between an RSA public key and a corresponding private key.

Increasing security to public key cryptography for point-to-point communication

In the beginning of 2020, the new idea of public key cryptography was proposed. This method is from the combining between RSA and Chebyshev maps. It is very difficult to break this system because it is based on both of Integer Factorization Problem (IFP) and Chaotic maps Discrete Logarithm Problem (CMDL). However, Chebyshev polynomials taking many computation costs (many modular multiplications and modular subtraction operations) are the equation to find the result of Chebyshev maps. In this paper, the new improvement of public-key cryptography is proposed for point-to-point communication. The main key is to reduce time and increase the security level. In fact, time is reduced by replacing some Chebyshev maps with modular exponentiation equations using only modular multiplication processes. In addition, the security level can be increased, because it is based on three problems, IFP, CMDL and Discrete Logarithm Problem (DLP). Although, DLP is included in the proposed method, it does not affect the computation time in both of encryption and decryption sides, because DLP is selected to exchange the RSA's public key. The experimental results show that time can be reduced in both sides especially in decryption side. The reason is that the private key of the compared method must be assigned too large, it is larger than the traditional RSA's private key. On the other hand, the private key for the proposed method is similar to RSA's private key.

Mimosa: Protecting Private Keys Against Memory Disclosure Attacks Using Hardware Transactional Memory

Cryptography is essential for computer and network security. When cryptosystems are deployed in computing or communication systems, it is extremely critical to protect the cryptographic keys. In practice, keys are loaded into the memory as plaintext during cryptographic computations. Therefore, the keys are subject to memory disclosure attacks that read unauthorized data from RAM. Such attacks could be performed through software exploitations, such as OpenSSL Heartbleed, even when the integrity of the victim system's binaries is maintained. They could also be done through physical methods, such as cold-boot attacks, even if the system is free of software vulnerabilities. This paper presents Mimosa, to protect RSA private keys against both software-based and physical memory disclosure attacks. Mimosa uses hardware transactional memory (HTM) to ensure that (a) whenever a malicious thread other than Mimosa attempts to read the plaintext private key, the transaction aborts and all sensitive data are automatically cleared with hardware, due to the strong atomicity guarantee of HTM; and (b) all sensitive data, including private keys and intermediate states, appear as plaintext only within CPU-bound caches, and are never loaded to RAM chips. To the best of our knowledge, Mimosa is the first solution to use transactional memory to protect sensitive data against memory attacks. However, the fragility of TSX transactions introduces extra cache-clogging denial-of-service (DoS) threats, and attackers could sharply degrade the performance by concurrent memory-intensive tasks. To mitigate the DoS threats, we further partition an RSA private-key computation into multiple transactional parts by analyzing the distribution of aborts, while (sensitive) intermediate results are still protected across transactional parts. Through extensive experiments, we show that Mimosa effectively protects cryptographic keys against attacks that attempt to read sensitive data in memory, and introduces only a small performance overhead, even with concurrent cache-clogging workloads.

Partial Key Attack Given MSBs of CRT-RSA Private Keys

The CRT-RSA cryptosystem is the most widely adopted RSA variant in digital applications. It exploits the properties of the Chinese remainder theorem (CRT) to elegantly reduce the size of the private keys. This significantly increases the efficiency of the RSA decryption algorithm. Nevertheless, an attack on RSA may also be applied to this RSA variant. One of the attacks is called partially known private key attack, that relies on the assumption that the adversary has knowledge of partial bits regarding RSA private keys. In this paper, we mount this type of attack on CRT-RSA. By using partial most significant bits (MSBs) of one of the RSA primes, p or q and its corresponding private exponent, d, we obtain an RSA intermediate. The intermediate is derived from p−1 and RSA public key, e. The analytical and novel reason on the success of our attack is that once the adversary has obtained the parameters: approximation of private exponent d˜p, approximation of p, p˜ and the public exponent e where d˜p,p˜,e=Nα/2 where 0<α≤1/4 such that |dp−d˜p|,|p−p˜|<N1−α2 and has determined the largest prime of p−1e, it will enable the adversary to factor the RSA modulus N=pq. Although the parameter space to find the prime factor is large, we show that one can adjust its “success appetite” by applying prime-counting function properties. By comparing our method with contemporary partial key attacks on CRT-RSA, upon determining a suitable predetermined “success appetite” value, we found out that our method required fewer bits of the private keys in order to factor N.

Exhaustive single bit fault analysis. A use case against Mbedtls and OpenSSL’s protection on ARM and Intel CPU

Faults in software implementations target both data and instructions at different locations. Bellcore attack is a well-known fault attack that is able to break CRT-RSA. In response, cryptographic libraries such as OpenSSL are designed with protection. In this paper, new faults locations are shown on OpenSSL implementation of the CRT-RSA signature running on Intel and ARM processors. Among those faults, one restores the Bellcore attack on the OpenSSL library despite a protection and another is a complete new fault that exploits the OpenSSL protection to get RSA private key. Quite surprisingly, one of the exhibited faults is, ironically enough, made possible because of the existence of such protection. Mbedtls library is also analyzed in this paper. A way to find all exploitable faults on monobit flip fault model is also detailed.

Side‐channel analysis of the modular inversion step in the RSA key generation algorithm

SummaryThis paper studies the security of the RSA key generation algorithm with regard to side‐channel analysis and presents a novel approach that targets the simple power analysis (SPA) vulnerabilities that may exist in an implementation of the binary extended Euclidean algorithm (BEEA). The SPA vulnerabilities described, together with the properties of the values processed by the BEEA in the context of RSA key generation, represent a serious threat for an implementation of this algorithm. It is shown that an adversary can disclose the private key employing only one power trace with a success rate of 100 % – an improvement on the 25% success rate achieved by the best side‐channel analysis carried out on this algorithm. Two very different BEEA implementations are analyzed, showing how the algorithm's SPA leakages could be exploited. Also, two countermeasures are discussed that could be used to reduce those SPA leakages and prevent the recovery of the RSA private key. Copyright © 2016 John Wiley & Sons, Ltd.

A Cloud-aided Group RSA Scheme in Java 8 Environment and OpenStack Software

In this paper a RSA based security system enabling the group of users to upload the single masked message to the cloud environment is proposed. Data stored are encrypted using RSA algorithm. The data receiver is able to encrypt the message retrieved from the cloud environment using private key. Two different separate RSA systems are used. The presented approach is divided into three parts. First, an RSA key is generated for each sender. Then masking the message by newly chosen mask proposed individually by every member, additionally encrypted by individual RSA private key of each member is proceed. Next, encrypting the gathered message inside the cloud environment, using the public key of the receiver is executed. In the third step, the message is decrypted by the receiver using his private RSA key. The scheme reduces the computational load on users side and transfers calculations and storage effort to the cloud environment. The proposed algorithm was developed for storing and sending the data that originally are produced by a group of users, but the receiver of the data is single. It was implemented using Java 8 and OpenStack software. Numerical test of different key length for RSA are presented.

E-Voting Protocol Based On Public-Key Cryptography

In this paper we propose a new secure E-Voting protocol based on public-key encryption cryptosystem. This protocol is summarized in three processes: firstly, access control process which involves the identification and authentication phases for the applied citizens. Secondly, the voting process which will be done by ciphering the voter information using public-key encryption cryptosystem (RSA), to be submitted over an insecure network to the specified government election server. Finally, the election server administrator will sort the final result by deciphering the received encrypted information using RSA private key. Actually, this E-Voting protocol is more efficient than others E-Voting protocols since the voter can vote from his/her own personal computer (PC) without any extra cost and effort. The RSA public-key encryption system ensures the security of the proposed protocol. However, to prevent a brute force attack, the choice of the key size becomes crucial.

Packet level access control scheme for internetwork security

Increasing user demands to access resources, such as databases and application programmes, beyond those available in a single network has resulted in the introduction of teleprocessing systems and communication services between networks supported by different organisations. Consequently, the sharing of network resources introduces security threats such as unauthorised reading, modifying, adding or deleting of the contents of resources. It is therefore necessary to implement certain access control mechanisms to protect these resources from unauthorised access. In the paper, an internet access control scheme which operates at the network level (or the packet level) is presented. This scheme allows controlled access to the internal resources of a network, and only trusted systems can gain access to external networks. In this scheme, a secure communication link is established between a requesting machine and the requested remote resource at the initiation of an external session. All the entities, the network gateways and the machines at the end points, along this communication path are authenticated during the initiation process. Any subsequent packets transmitted along this path are also authenticated throughout the session to ensure that they originated from the machine initiating the session. The scheme uses the RSA and the DES security algorithms to implement session initiation and packet origin authentication, respectively. A major issue in internet access control is the distribution of packet keys (which are used for packet authentication purposes) to network entities for each communication session. This problem has been overcome in the scheme by deriving the packet authentication key from the RSA private key of each network entity, using a reference key number concept, and allowing a different packet authentication key for each external session between communicating entities. This eliminates the need to distribute the packet authentication keys, which otherwise could be a major threat to the integrity of an access control scheme. The overheads incurred due to the extra access control procedures have been quantified and are presented in the paper. It was found that the overheads of this scheme are smaller in comparison with the visa scheme [1].