Upload
enrico-bacis
View
140
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Let's see how simple implementation problems in cryptosystems can lead to severe issues and full plaintext recovery even using strong algorithms like RSA. Presented @ Università degli Studi di Bergamo (Italy) on 05/06/2013 during the Security of Systems class taught by Prof. Stefano Paraboschi. [Warning: the presentation is not meant to be studied but to provide the presenter a visual canvas that needs to be filled with her words]
Citation preview
The devil is in thedetails
how NOT to do security
implementation
05/06/2013 - Università degli Studi di Bergamo Enrico Bacis
Side Channel Attacks
A parity problem
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
n = 15 (p = 3, q = 5)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(2·m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(2·m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(4·m)
err
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(8·m)
ok
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Multiplicative Property of RSA
Can we only hack farms?
PKCS#1 v1.5
0002 RANDOM PAD 00 MESSAGE
Broken by Bleichenbacher Attack (1998)
Electronic Codebook
ECB CBC
Cipher Block Chaining
Padding Oracle Attack
Timing Attack
"Never ever implementyour own cryptosystem"
( Dan Boneh )
Android and Mobile Vulnerabilities
Sniffing
Man In The Middle Attack
Man In The Middle Attack
Why Eve and Mallory Love Android
1074 of 13500 (8%) apps
● Trusting all Certicates● Allowing all Hostnames
39.5 to 185 million users
SSL/TLS issues
Thank you