the devil is in the (implementation) details
DESCRIPTION
Let's see how simple implementation problems in cryptosystems can lead to severe issues and full plaintext recovery even using strong algorithms like RSA. Presented @ Università degli Studi di Bergamo (Italy) on 05/06/2013 during the Security of Systems class taught by Prof. Stefano Paraboschi. [Warning: the presentation is not meant to be studied but to provide the presenter a visual canvas that needs to be filled with her words]TRANSCRIPT
The devil is in thedetails
how NOT to do security
implementation
05/06/2013 - Università degli Studi di Bergamo Enrico Bacis
Side Channel Attacks
A parity problem
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
n = 15 (p = 3, q = 5)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(2·m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(2·m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(4·m)
err
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(8·m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Multiplicative Property of RSA
Can we only hack farms?
PKCS#1 v1.5
0002 RANDOM PAD 00 MESSAGE
Broken by Bleichenbacher Attack (1998)
Electronic Codebook
ECB CBC
Cipher Block Chaining
Padding Oracle Attack
Timing Attack
"Never ever implementyour own cryptosystem"
( Dan Boneh )
Android and Mobile Vulnerabilities
Sniffing
Man In The Middle Attack
Man In The Middle Attack
Why Eve and Mallory Love Android
1074 of 13500 (8%) apps
● Trusting all Certicates● Allowing all Hostnames
39.5 to 185 million users
SSL/TLS issues
Thank you