DOC PREVIEW
MASON ECE 646 - Symmetric Key Generation with System Information

This preview shows page 1-2-3-4 out of 13 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

ECE646 Project Final Report – Paul Kohlbrener Page 1 of 13Symmetric Key Generation with SystemInformationAn ECE 646 Semester ProjectFall 2001Paul KohlbrennerECE646 Project Final Report – Paul Kohlbrener Page 2 of 131.0 IntroductionIn my project specification I proposed to “… construct a system that generates a key by combiningbits from a user and a user selectable set of other sources. “ I accomplished this task.The Skey system will encrypt a file using a pass phrase supplied by the user. The pass phrase iscombined with a random number to increase its entropy. The random number is hidden using secretsharing and the shares are encrypted with data unique to the user’s system. Finally, the encryptedshares are stored in the file header of the encrypted file. Decryption begins much like the encryptionprocess, a pass phrase is obtained from the user and the unique system data is read. The encryptedshares of the secret random number are decrypted and the random number generated when the filewas encrypted is combined with the user’s pass phrase to form the final file decryption key.2.0 The Skey system2.1 Major subsystemsThe Skey system has three major subsystems. Each of these subsystems provides support to thedriver program. The subsystems are:• The arbitrary length integer math package.• The AES encryption package.• The secret sharing package.2.2 The Math ModuleContained in the files SkeyMath.h and SkeyMath.c the math module implements the functionalityneeded for the secret sharing module. Integers can be any length. Each integer must be separatelyallocated (using functions from SkeyMath). The maximum length of the integer is set at allocationtime. Functions supported are:• Addition• Subtraction• Multiplication• Division (with reminder)• Modular Multiplication• Modular Exponentiation• Random number generation• Random prime number generation• Assignment• Comparison• Initialization with 64 bit C integer• Printing of numbers in hex and decimalECE646 Project Final Report – Paul Kohlbrener Page 3 of 13Integers are represented as a pointer to a struct containing a pointer to an array of bytes, a sign, alength, and a flag indicating wither the number was allocated from the heap or the local stack. TheMost Significant Byte (MSB) is located at the highest numbered array location. This conforms toLittle-Endian notation.The Division algorithm used is the classical algorithm from the Handbook of Applied Cryptography(Algorithm 14.20). I implemented the speed-ups suggested in Note 14.23.The Modular Multiplication operation just multiplies the two operands (into a larger temporaryvariable) and performs a division by the modulus before returning the result. I looked at usingMontgomery multiplication but Note 14.39 appears to recommend against this.The Modular Exponentiation uses a simple right-to-left binary exponentiation algorithm.The Random Number Generator will generate a random number the length of the return containerpassed to it. The generator must be initialized by calling InitRandomNumberGenerator. The pointerreturned by this initialization call is then passed by the application to the generator each time arandom number is requested. The initialization routine uses four sources of random bits to initializethe system:• The 64-bit return value from: QueryPerformanceCounter. This call returns the current valueof the high-resolution performance counter.• The 64-bit return value from: GetSystemTimeAsFileTime. This call returns the currentsystem time in 100-ns increments.• The 32-bit return value from: GetCursorPos. This call returns the current position of themouse.• The 32-bit return value from: GetCurrentProcessId. This call returns the current process ID.ECE646 Project Final Report – Paul Kohlbrener Page 4 of 13The two 64-bit quantities are appended and set as the “Input” in the state struct. The CursorPos ismodexp’ed by the process id (using a modulus the length of the desired return container). Thisquantity is set as the “Key” in the state struct. A random number is then requested using thisconstructed state.The random number generator works by first doing an AES encrypt of the “Input” value in the stateusing the “Key” value as a key. The resulting quantity is then modexp’ed by the 64-bit quantityobtained from a call to GetSystemTimeAsFileTime. Finally, the old “Input” value is moved to be thenext “Key” value, the result of the modexp is set as the new “Input” value, and the modexp isreturned as the random integer.If the size of the requested random number is larger then 128 bits the process iterates until enoughbits are generated. I have not had time to assess the goodness of the random numbers produced bythis process.The prime number generator starts by calling the random number generator to get a random number.This random number has its least-significant bit set (to make it odd) and optionally it can have it’smost-significant byte set to 0x01 (the secret sharing algorithm likes numbers like this). The numberis then passed to IsPrime where it is determined if the number is prime. The routine iterates, addingtwo each time, until IsPrime returns true. Is prime does a few trial divisions (the first 10 primes) andthen calls MillerRabin for 10 rounds. Obviously using more then 10 primes could make this faster.The math module contains a callable test suite. Each major operation returns a “coverage” variablethat indicates which functional blocks within the operation were exercised. Note that this is not atrue “path coverage” as not all unique paths through the routine are identified. The test suite callseach of the operations with a number of test variables and records the combined test coverageachieved. The test suite uses number that are less then 8 bytes long so that results can be comparedto the same operation done with 64-bit integers in C.2.3 The AES ModuleECE646 Project Final Report – Paul Kohlbrener Page 5 of 13The AES module is a very straightforward implementation of AES written from scratch from thedraft standard and the original AES proposal. It implements all three key sizes


View Full Document

MASON ECE 646 - Symmetric Key Generation with System Information

Documents in this Course
Load more
Download Symmetric Key Generation with System Information
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Symmetric Key Generation with System Information and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Symmetric Key Generation with System Information 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?