cracking_rsa_fit2010

35
High Performance Linux Clusters For Breaking RSA Associate Professor National University of Sciences & Technology Pakistan Navy Engineering College Karachi, Pakistan President Ibn Khaldun Systems Karachi, Pakistan http://www.ibnkhaldun.com.pk Dr. Athar Mahboob

Upload: atharmahboob

Post on 09-Apr-2018

219 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 1/35

High Performance Linux Clusters

For Breaking RSA

Associate Professor National University of Sciences & TechnologyPakistan Navy Engineering CollegeKarachi, Pakistan

PresidentIbn Khaldun SystemsKarachi, Pakistanhttp://www.ibnkhaldun.com.pk

Dr. Athar Mahboob

Page 2: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 2/35

2

The Problem● Factor a composite number n into its prime factors –

according to the Fundamental Theorem of Arithmetic

● Requires computational Scalability as n becomes large● Factoring thought to be a simple problem – ignored for

centuries● Easy to verify an answer ● With the advent of Public Key Cryptography based on

RSA – great bounty in being able to factor large integers

n = ∏ pie i e i

∈ℤ

p i∈ P

Page 3: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 3/35

3

Notices of the AMS, December

1996

Page 4: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 4/35

4

The Problem is Relevant

http://www.h-online.com/security/news/item/768-bit-RSA-cracked-898986.html

Page 5: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 5/35

5

Motivation and Credits● Learn about Integer factorization problem● Learn about Linux clustering techniques and solutions● In addition to all the software packages which are mentioned in

this presentation some of the results presented are from jointwork with Dr. Junaid Ahmed Zubairi and Dr. Nassar Ikrampublished as Book chapter:

Athar Mahboob, Junaid Zubairi and Nassar Ikram, BookChapter “High Performance Linux Clusters For Breaking RSA”in Bantham USA, eBook on Applications of Modern HighPerformance Networks, eISBN: 978-1-60805-077-2, 2009.

Page 6: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 6/35

6

The RSA Public Key

CryptosystemKey Generation

Select p , q p and q both primeCalculate n n = p × qSelect integer d gcd ( (n), d ) = 1; 1 < d < (n )

Calculate e e = d -1 mod (n )Public Key KU = { e , n}Private Key KR = { d , n}

Encryption

Plaintext: M < nCiphertext: C = M e (mod n )

Decryption

Ciphertext: CPlaintext: M = C d (mod n )

Page 7: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 7/35

7

Clusters● An interconnection of

computer nodes andsuitable software to make

it behave/appear like onecomputer ● Two principal drivers:

– Business driver –availability

– Research and scientificdriver – scalability

Software

Hardware

Cluster Node

Network Interface

System Bus

CPU

Memory

Operating System

System Libraries

Cluster Middleware

End User Processes

Page 8: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 8/35

8

High Availability Clusters

PrimaryLVS

Director Server 2

Server 1

Server 3

Server n

.

.

.

Client 2

Client 1

Client 3

Client n

.

.

.

BackupLVS

Director

High SpeedCluster

Interconnect

SharedStorage

Consistent view of Application State

ClientAccessNetwork

Cluster VirtualIP Address(es)

Heartbeat

Typical Use Cases:● Enterprise Information Services (Email,Database) – high availability● Web Application Server Farms – highavailability with load balancing

Examples:● Linux HA (Hearbeat + LVS)● Oracle Clusterware● Redhat Cluster Suite

Page 9: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 9/35

9

HPC Clusters

● Computational scalability● For scientific problem solving●

Two approaches: – MPI: Message Passing API for cooperating

processes running across multiple nodes – SSI: Single Server Image, a distributed

operating system approach

Page 10: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 10/35

10

Single Server Image Clusters

● Create the illusion of one big SMP machine● With a single process space: ps, top●

Makes clustering transparent to processes – no need of MPI● Still need a multi-programmed application●

Many attempts in Linux: – Mosix (and then openMosix and then nothing) – OpenSSI (big bang and then nothing) – Kerrighed (the slow and steady SSI turtle!)

Page 11: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 11/35

11

Linux, Open Source and SomeMisconceptions

● Business model is based onservices alone:

– Implementation – Customizations – Training – Documentation – Support

● A fair and consumer friendly

business model for softwarebecause: – Software is incrementally

developed

– Software is infinitely replicable

● Open source is freesoftware !

● Software is free, peopleare not !

● Free as in “freedom” notnecessarily as in “freebeer”

● Open source is a viablebusiness model

● Open source is a better software engineeringmethodology

Page 12: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 12/35

12

Linux and Open Source - SomeDisruptions

● Oracle banking on Linux as the OS to runOracle (Oracle Enterprise Linux, OCFS, Isthe Sun setting on Solaris?)

● Open Source ERP (Adempiere)● Open Source in Health Informatics (VA

Vista)● Google Android uses Linux as OS● Most toolchain vendors are moving to

Eclipse as the IDE

Page 13: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 13/35

13

Top500 HPC Clusters✔ Linux has been gaining ground in HPC space✔ Linux is the dominant UNIX which will survive✔ Linux is the universal operating system✔ From cell phones to super computers Linux is portable

Data from http://www.top500.org

Page 14: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 14/35

14

The Kerrighed and Linux Kernel

● Kerrighed 2.4 based on Linux 2.6.20 kernel● Uses configfs pseudo filesystem for cluster

configuration, especially scheduler policy● Supports NFSROOT based root filesystem

for cluster nodes● The project has existed for more than a

decade● The project is active● Well documented

Page 15: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 15/35

15

Kerrighed Features●

Global Process Management – Cluster wide PIDs – Process migration with open

files, pipes, sockets,shared memory segments,etc.

– Mosix-like global processscheduler.

– Full cluster wide UNIXprocess managementinterface (ps, top, kill, etc).

– Customizable distributedscheduler

● Global Memory Management

– Support for distributed system Vmemory segments.

– Memory injection(EXPERIMENTAL)

Checkpoint / restart – Checkpoint/restart of single

processes

– Checkpoint/restart of applications(EXPERIMENTAL)

Architecture – Support of SMP / multi-cores

machines

– Support for x86-64 architecture(i386 / x86-32 / IA32 is notsupported anymore).

Page 16: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 16/35

Page 17: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 17/35

17

The Cluster Interconnect

Data from http://www.top500.org

✔ Plays a significant role in cluster performance✔ Significance depends on the nature of cooperating processes✔ Gigabit Ethernet gaining ground as an off-the-shelf interconnect✔ Gigabit Ethernet performs well most of the time

Page 18: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 18/35

18

The Clustering Recipe● Build a “root filesystem” for

cluster nodes: debootstrap● Setup Network Booting:

DHCP, TFTP, NFS, NTP● Build Kerrighed Linux

Kernel●

Build factoring softwaretoolkit● Boot and enjoy

Cluster Boot Server

Linux Operating System

DHCP Server

TFTP Server

NFS Server

NTP Server

DNS Server

Root filesystem and Kernel for Cluster Nodes

Page 19: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 19/35

19

Network Booting Cluster Nodes

Cluster NodeWith System

BIOS Capableof PXE Boot

Cluster BootServer

1. DHCP Request by PXE Boot Firmware

2. DHCP Response containing IP Address,Boot Server and Bootfile Name

3. TFTP Request by PXE Boot Firmware

4. TFTP Response containing Boot Kernel

5. NFS Mount Request by Node

6. Root Filesystem for Node

7. NTP Time Synchronization Request

8. NTP Response

Makes it easy to add nodes to cluster Uses standard protocols andmechanisms:● PXE● DHCP● TFT● NFS● NTP

Cluster Interconnect

Node 1 Node 2 Node n...

Cluster BootServer

Page 20: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 20/35

20

Kerrighed in Action✔

Linux Kernel building is a processing intensive task✔ Use “make -j n” to start n parallel build processes

Page 21: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 21/35

21

Stability Issues in Kerrighed

Page 22: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 22/35

Page 23: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 23/35

23

Sieveing

● We sift out the possible factors from 1 to

sqrt(n).● Factors occur in pairs. You find one of the

pair, the other is trivial.

● Divide by each successive prime from 1 tosqrt(n)

A sieve, or sifter, separates wanted elements from unwanted material using a woven screen such as a mesh or net. However, in cooking, especially with flour , a sifter is used to aerate the substance, among other things. Astrainer is a type of sieve typically used to separate a solid from a liquid. The word "sift" derives from sieve.

From: http://en.wikipedia.org/wiki/Sieve

Page 24: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 24/35

24

Fermat's Improvement● Factor 8051● Factor 3599● Factor 2496● Hint: It's easy to factor these numbers if you

recognize them to be a difference of two squares● a 2 – b 2 = (a – b)(a + b)● 8051 = 8100 – 49

= 90 2 – 7 2

= (90 – 7)(90+7)= 83*97

Page 25: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 25/35

Page 26: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 26/35

26

Time Complexity of VariousInteger Factorization Algorithms

Page 27: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 27/35

27

Factorization Trend● Year Largest Integer that could be factored

(digits)● 1970 20● 1980 50● 1990 116● 1994 129● 1996 130● 2003 174● 2010 232

Page 28: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 28/35

28

Parallelization and Sieving● Finding relations

– Large number of relations are needed – Finding relations is the time consuming part – It can be done in parallel

● Solving a matrix storing relations – Cannot be done in parallel – Is not the time consuming part – Can be done by a single node once sufficient number

of relations are avilable

Page 29: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 29/35

29

Msieve on Kerrighed in Action

Page 30: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 30/35

30

The Bounty – Factoring a 103Digit Number

279227912220351686582028455516412641158896790659830288566001946957408123456789012133589058792410781116

= 2 x 2 x 109 x 173 x 367 x 431 x 7573 x 504353 x1997715487 x 22918009218061 x133835033152975400607354515726890753138186867985471862847417

Number of Nodes

Number of CPUs

Time(seconds)

Speedup

1 1 124 1X4 8 20 6X

Performance of QS Algorithm On 4 Node (8 CPU) Cluster, Pentium 4, 2.4 GHz

Page 31: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 31/35

31

Future Directions●

Kerrighed 3.0 – More stable, more features – Runs inside Linux Containers (light-weight

virtual machines)● Oracle Cluster File System 1.6 – for NFS

scalability and reliability during relationsaccumulation

● Python factorization script with automaticrecovery (factmsieve.py) by Brian Gladman

● Try Discrete Logarithm Problem● And Elliptic Curve Discrete Logarithm Problem

Page 32: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 32/35

32

Kerrighed and Linux ContainersKerrighed provides SSI features using a Linux container (lxc). In a fewwords, a container is basically a light-weight virtual machine sharing itskernel with the host OS. Depending on the needs, it may share or isolatesome resources with its host, such as PIDs, IPCs, Net, file systems, etc.,and provides resource control groups (memory usage allowed, etc.).

On a Kerrighed kernel, the host system doesn't provides kerrighedfeatures. Those features are only available inside a special Linuxcontainer called Kerrighed container. A process running on the hostsystem will behave as on a non patched kernel. Processes runningin the Kerrighed container will have the ability to migrate from onenode to another, checkpoint and restart, use distant memory, etc.

By default on the Kerrighed system, the host system shares mosts of itsressources with the Kerrighed container (Network addresses, physicaldevices, filesystem, system users, etc). When the Kerrighed serviceboots the container, it additionally executes a configurable set of commands. By default, a ssh server listening on port 2222 is launched oneach node. Once connected, you are in the SSI cluster!

From http://www.kerrighed.org

Page 33: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 33/35

33

Some Links/References

● Kerrighed: Single Server Image LinuxClusters, http://www.kerrighed.org

● MSIEVE: A Library for Factoring LargeIntegers, Jason Papadopoulos hosted atSourceforge

Page 34: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 34/35

34

Questions

Page 35: Cracking_RSA_FIT2010

8/7/2019 Cracking_RSA_FIT2010

http://slidepdf.com/reader/full/crackingrsafit2010 35/35

35

Thanks for your patience