COPACOBANA: RECONFIGURABLE COMPUTING IN CRYPTANALYSIS

Ben Johnstone

Overview

GoalsArchitectureDESPerformanceConclusion

What is COPACOBANA?

Cost Optimized Parallel Code Breaker

History

Developed at the Universities of Bochum and Kiel in Germany2006- Breaks DES in 9 daysLater improved to ~6 days

Goals

Two main objectives:

1. Optimum cost-performance ratio

2. Flexibility due to reprogrammabilty

Architecture

ReconfigurableUses Xilinx Spartan-3 1000

Parallel120 FPGA chipsController board

Optimized cost-performance ratioCOTS hardware

Internal View

Motivation for RC

SupercomputersFast, powerful, easy to programExpensive, bad cost-performance ratio

Distributed systems may have privacy issuesi.e. Boinc: Using other user’s idle PCs

ReconfigurableFlexible compared to ASICS

Applications

Optimized for cryptanalysisMain application: DES key searchCan also crack 1-time password systemsAttack primitive systems

ePass: machine readable passports Norton Diskreet: hard drive encryption

Security EstimationsAids other attacks

Parallelized Elliptic Curve Method (ECM)

DES

Symmetric block cipherEncryption standard set in 1976Remained a popular standard for several decadesWeaknesses:

Short key length (56-bits)Susceptible to differential, linear cryptanalysis

2002 – AES effective

Cryptanalysis

Encryption: Ek(P) -> CiphertextGoal: Get the preimage (plaintext)

Little knowledge of plaintext beforehandRequires the key

Known-plaintextUse a preexisting plaintext block found in the ciphertext

Methods

Brute forceTry every key until something works56-bit key -> 2^56 or 72,057,594,037,927,936 keys

Differential cryptanalysisObserve how different inputs affect the output

Linear cryptanalysis

DES Exhaustive Key Search

Performance

Per FPGA:4 keys per cycle400 million keys per second @ 100MHz

Total:120 FPGAs -> 4.8E10 keys per secondOn average check 2^55 keys750,599 seconds

Average time: 6-8 days

Vs. GPP

Pentium 4 CPU2 million keys per second @ 3GHzWith 1 PC2^34 seconds -> 545 yearsNeed ~22,000 processors to match the performance of COPACOBANA

Vs Supercomputer

1998 – Deep Crack breaks DES in 56 hours1999 – Deep Crack and distributed.net break DES in < 24 hours

Cost

As of 2006: $10,000Deep Crack: $250,000Equivalent performance PC

Need ~22k Pentium 43.6 million Euros (2006)

Power600W

Limitations

Brute force infeasible for bigger keysAES-128: 1.1x10^77 keysFastest supercomputer would take 1 billion billion years

More complex methods not possible with COPACOBANA aloneDES is deprecated

Conclusion

COPACOBANA delivers low-cost DES cracking capabilitiesCan’t break modern/advanced encryption

DES is mainly used in legacy systems

Later work:2008- New version developed with Virtex-4 SX 35 FPGAsRIVYERA: breaks DES in < one day

Questions?

Sources

[1]Arora, Mohit. Nov. 6 2012. http://www.eetimes.com/design/embedded-internet-design/4372428/How-secure-is-AES-against-brute-force-attacks-

[2] COPACOBANA S3-1000. 2 Nov. 2012. http://www.sciengines.com/products/computers-and-clusters/copacobana-s3-1000.html

[3] COPACOBANA: A Codebreaker for DES and other Ciphers. 2 Nov. 2012. http://www.copacobana.org/index.html

[4] Data Encryption Standard. 2 Nov. 2012. http://en.wikipedia.org/wiki/Data_Encryption_Standard#cite_note-copacobana-2006-18

[5] Howson, Ian. A Cost/Performance Study of Modern FPGAs in Cryptanalysis.

[6] Pelzl, Jan. 4 Dec. 2006. Cryptanalysis With a Cost-Optimized FPGA Cluster.[7] S. Kumar et. al. 10 Oct. 2009. Breaking Ciphers with COPACOBANA A Cost-Optimized Parallel Code Breaker or How to Break DES for 8,980 €[8] Tim Erhan Guneysu. Feb. 2009. Cryptography and Cryptanalysis on Reconfigurable Devices: Security Implementations for Hardware and Reprogrammable Devices.

Pictures

http://www.copacobana.org/photos/photo_b3.jpg

http://upload.wikimedia.org/wikipedia/commons/thumb/0/06/Data_Encryption_Standard_InfoBox_Diagram.png/300px-Data_Encryption_Standard_InfoBox_Diagram.png

http://www.copacobana.org/photos/photo_5.jpg

http://sigma.octopart.com/9219807/image/Xilinx-XC3S1000-4FGG456C.jpg

http://www.copacobana.org/photos/photo_7.jpg

http://mixeur.x86-guide.com/Photos/Stock_photos/Intel%20Pentium%204%20%20LGA775.jpg

http://www.maximrio.com/Images/copacabana/copacabana_beach_1.jpg

Key search layout and Deep Crack image taken from [6]