DOI QR코드

DOI QR Code

Key-pair(Public key, Private key) conflict analysis using OpenSSL

OpenSSL을 이용한 키쌍(공개키·개인키) 충돌율 분석

  • Received : 2014.07.22
  • Accepted : 2014.08.07
  • Published : 2014.08.31

Abstract

The development of public-key-based technique that enables a variety of services(E-government, e-banking, e-payment, etc.) evaluated as having complete safety. On the other hand, vulnerabilities(e.g, heartbleed bug, etc.) are constantly being discovered. In this paper, a public key infrastructure to verify the safety and reliability, the collision rate using OpenSSL key pair was analyzed. the experiment was performed using the following procedure. Openssl was used to create five private certification agencies, and each of the private certificate authority certificates to create 2 million, generating a total of 10 million by the certificate of the key pair conflicts analysis. The results revealed 35,000 in 1 million, 0.35% chance of a public key, a private key conflict occurred. This is sufficient in various fields(E-payment, Security Server, etc.). A future public-key-based technique to remove the threat of a random number generator, large minority issues, in-depth study of selection will be needed.

Keywords

The public key based technique;RSA Cryptosystem;The key pair conflict analysis;The collision rate

References

  1. In Bum Kim, "A Study on Enforce the Policy of User Certification in Public Certificate System", Journal of Korea Information Assurance Society 10(4), PP.69-76, 2010.
  2. M. Stevens, A. Sotirov, J. Appelbaum, A. Lenstra, D. Molnar, D. A. Osvik, and B. de Weger, "Short chosen-prex collisions for MD5 and the creation of a rogue CA certicate", In S. Halevi, editor, Crypto 2009, volume 5677 of Lecture Notes in Computer Science, pages 55-69. Springer, Heidelberg, 2009. DOI: http://dx.doi.org/10.1007/978-3-642-03356-8_4 https://doi.org/10.1007/978-3-642-03356-8_4
  3. D. Loebenberger and M. Nusken, "Analyzing standards for RSA integers", In A. Nitaj and D. Pointcheval,editors, Africacrypt '11, volume 6737 of Lecture Notes in Computer Science, pp.260-277, Springer, 2011.
  4. Yeon-ho Jung, "Domestic PKI Construction and technology", Journal of Korea Information Assurance Society 17(6), pp.122-131, December, 2007.
  5. Seon-keun Lee, "A Study on the Modulus Multiplier Speed-up Throughput in the RSA Cryptosystem." THE JOURNAL OF KOREA INFORMATION AND COMMUNICATIONS SOCIETY 4(3), pp.217-233, September, 2009.
  6. Kwang-Eun Gil, Yi-Roo Baek, Whan-koo Kim, Jea-cheol Ha, "Fault Analysis Attacks on Control Statement of RSA Exponentiation Algorithm", Journal of The Korea Institute of Information Security and Cryptology 19(6), pp.63-70, December, 2009.
  7. Yunyoung Lee, Soonhaeng Hur, Sangjoo Park, Donghwi Shin, Dongho Won, Seungjoo Kim, "CipherSuite Setting Problem of SSL Protocol and It's Solutions", Korea Information Processing Society Review, pp.359-366, October, 2008.
  8. Behrouz A. Forouzan, "Cryptography and Network Security", McGrawHillKorea, 2008.
  9. Woo Hyun Ahn, Hyungsu Kim, "Attacking OpenSSL Shared Library Using Code Injection", Journal of KISS : Computer Systems and Theory, pp.226-238, August, 2010.
  10. Jong-Hoon Park, Chul-won Kim, "Design and Implementation of Web Service System for secure Message Transmission in Electronic Commerce", THE JOURNAL OF KOREA INFORMATION AND COMMUNICATIONS SOCIETY 14(8), August, 2010. DOI: http://dx.doi.org/10.6109/jkiice.2010.14.8.1855 https://doi.org/10.6109/jkiice.2010.14.8.1855
  11. Soo-jong Mo, Won-hi Cho, Sun-young Yu, Jae-hong Yim, "Design and Implementation of PKI based Cryptography Communication Component", Journal of the Korea Institute of Information and Communication Engineering, pp.1316-1322, 2005.
  12. R. Holz, L. Braun, N. Kammenhuber, and G. Carle. The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, IMC '11, pages 427-444. ACM, 2011. DOI: http://dx.doi.org/10.1145/2068816.2068856 https://doi.org/10.1145/2068816.2068856
  13. S. Cavallar, Zimmermann, "Factorization of a 512-bit RSA modulus", In B. Preneel, editor, Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 1-18, Springer, Heidelberg, 2000.
  14. S. Yilek, E. Rescorla, H. Shacham, B. Enright, and S. Savage, "When private keys are public: results from the 2008 debian OpenSSL vulnerability", In A. Feldmann and L. Mathy, editors, Internet Measurement Conference, pp.15-27, ACM, 2009. DOI: http://dx.doi.org/10.1145/1644893.1644896 https://doi.org/10.1145/1644893.1644896
  15. Kyoung-Soon Hong, "Accessibility Evaluation of Accredited Certificate Subscriber Software", Journal of the Korea Contents Association, pp.40-53, February, 2011. DOI: http://dx.doi.org/10.5392/JKCA.2011.11.2.040 https://doi.org/10.5392/JKCA.2011.11.2.040
  16. P. Q. Nguyen and I. Shparlinski, "The insecurity of the digital signature algorithm with partially known nonces", Journal of Cryptology 15(3), pp.151-176, 2002. DOI: http://dx.doi.org/10.1007/s00145-002-0021-3 https://doi.org/10.1007/s00145-002-0021-3
  17. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. "Internet X.509 Public Key Infrastructure Certicate and Certicate Revocation List (CRL) Prole", RFC 5280, 2008.
  18. Pil-Yong Kang, "Certificate usage and policy direction of the mobile revolution era", KIISC, Review 21(1), pp.51-56, Fedbruary, 2011.
  19. W.-J. Kang, "An Efficient Privacy Preserving Method based on Semantic Security Policy Enforcement", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 13, No. 6, pp. 173-186, Dec. 2013. https://doi.org/10.7236/JIIBC.2013.13.6.173
  20. J.-M. Kang, Y.-J. Song, "A Study on Structural Holes of Privacy Protection for Life Logging Service as analyzing/processing of Big-Data", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 14, No. 1, pp. 189-193, Feb. 2014. https://doi.org/10.7236/JIIBC.2014.14.1.189
  21. J.-H. Jun, M.-J. Kim, J.-H. Cho, C.-W. Ahn, S.-H. Kim, "Detection Method of Distributed Denial-of-Service Flooding Attacks Using Analysis of Flow Information", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 14, No. 1, pp. 203-209, Feb. 2014. https://doi.org/10.7236/JIIBC.2014.14.1.203

Acknowledgement

Supported by : 서일대학교