Search results “Side channel attacks in cryptography tools”
Software Side-Channel attack on AES - White Box Unboxing 4/4 - RHme3 Qualifier
Solving the AES whitebox crypto challenge without even touching crypto or AES. The tools: https://github.com/SideChannelMarvels Challenge: https://github.com/Riscure/Rhme-2017/tree/master/prequalifications/White%20Box%20Unboxing -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 7172 LiveOverflow
Hardware security - Introduction to Side Channel Attacks
hardware security - Introduction to Side Channel Attacks To get certificate subscribe at: https://www.coursera.org/learn/hardware-security ================================== Hardware security playlist: https://www.youtube.com/playlist?list=PL2jykFOD1AWZRNhehPCsDLhfRkM1abYHd ================================== About this course: In this course, we will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks to these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.
Views: 1140 intrigano
Side Channel Timing Attack Demonstration
Demonstration of a timing-based side channel attack. This attack takes advantage of a known timing imbalance in the standard ANSI C memcmp function, in which it exits as soon as a compared byte does not match. This results in the function taking a longer time given the more bytes that match between the compared blocks of memory. As long as there's a measurable timing imbalance, a system can be exploited regardless of the particular compare process used. More hardware hacking projects and presentations can be found at http://www.grandideastudio.com/portfolio/security/ NOTE: I FAIL AT MATH! From 1:24-1:33 where I'm describing the maximum possible key press combinations for a 4-digit PIN with 4 choices each (4*4*4*4), I incorrectly state 1024 as the answer. That's not true. It's 256. Still, the timing attack is an extremely useful method to reduce the keyspace needed for a brute force attack.
Views: 3973 Joe Grand
Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
Terrible DPA explanation and sharing my experience solving the side channel analysis challenge "piece of scake" from the rhme2 CTF. A real DPA tutorial by Colin O'Flynn: https://www.youtube.com/watch?v=OlX-p4AGhWs The ChipWhisperer AES tutorial: http://www.newae.com/sidechannel/cwdocs/tutorial.html ChipWhsiperer: http://newae.com/tools/chipwhisperer/ The DPA paper: https://www.rambus.com/introduction-to-differential-power-analysis-and-related-attacks/ rhme2 challenge files: https://github.com/Riscure/Rhme-2016 -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #CTF #HardwareSecurity
Views: 40019 LiveOverflow
RSA Power Analysis Side-Channel Attack - rhme2
Preparing an arduino nano board to perform a power analysis side channel attack and explaining how that can be used to break RSA. Also proof I can't count. RSA video: https://www.youtube.com/watch?v=sYCzu04ftaY rhme2 by riscure: http://rhme.riscure.com/home Oscilloscope: Rigol DS2072A Soldering Station: Weller WD1 -=[ 💻 Related Products ]=- → Soldering station:* https://amzn.to/2SII4du → Oscilloscope:* https://amzn.to/2SMsDAY → Cheaper Oscilloscope:* https://amzn.to/2RCzCyX -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 18827 LiveOverflow
Statistical Tools Flavor Side-Channel Collision Attacks.
Talk at eurocrypt 2012. Author: Amir Moradi. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=24257
Views: 330 TheIACR
06 Practical Side Channel Attacks On Modern Browsers Angelo Prado
These are the videos from Takedowncon Rocketcity 2014: http://www.irongeek.com/i.php?page=videos/takedowncon-rocketcity-2014/mainlist
Views: 525 Adrian Crenshaw
Amir Herzberg - Cross-site Search Attacks: Practical Side-channel Privacy Attacks... [27 Jul 2015]
This talk is part of the CrySP Speaker Series on Privacy. For more information and to view other talks in the series, go to: https://crysp.uwaterloo.ca/speakers/ Cross-site Search Attacks: Practical Side-channel Privacy Attacks on Web Services Amir Herzberg, Bar Ilan University July 27, 2015 Abstract: Cross-site search (XS-search) attacks circumvent the same-origin policy and extract sensitive information, by using the time it takes for the browser to receive responses to search queries. This side-channel is usually considered impractical, due to the limited attack duration and high variability of delays. This may be true for naive XS-search attacks; however, we show that the use of better tools facilitates effective XS-search attacks, exposing information efficiently and precisely. We present and evaluate three types of tools: (1) appropriate statistical tests, (2) amplification of the timing side-channel, by `inflating' communication or computation, and (3) optimized, tailored divide-and-conquer algorithms, to identify terms from large `dictionaries'. These techniques may be applicable in other scenarios. We implemented and evaluated the attacks against the popular Gmail and Bing services, in several environments and ethical experiments, taking careful, IRB-approved measures to avoid exposure of personal information. Try a demo of the attack that efficiently extracts the name of authenticated Gmail user online in http://xssearch.weebly.com/. Joint work with Nethanel Gelernter. Bio: Prof. Amir Herzberg is a tenured professor in the department of computer science, Bar Ilan university. He received B.Sc. (1982, Computer Engineering), M.Sc. (1987, Electrical Engineering) and D.Sc. (1991, Computer Science), all from the Technion, Israel. His current research interests include Network security, Applied cryptography, Privacy, anonymity and covert communication, Cyber-security, Usable security and social-engineering attacks, Financial cryptography, Trust management, Network protocols and distributed algorithms, Security of and using new network paradigms. He filled research and management positions in IBM Research, Israeli Defense Forces and several companies, and is consulting when time allows.
Views: 11 CrySP at UWaterloo
Attacking OpenSSL using Side-channel Attacks (SHA2017)
https://media.ccc.de/v/SHA2017-169-attacking_openssl_using_side-channel_attacks The RSA case study Side channel attacks (SCA) gained attention in the past years. New low cost tools like Chip-Whisperer proved that these attacks are not any more a theoretical, academic risk but a real threat to the security of the embedded systems. Many cryptographic products are now being developed having this attacks in mind and countermeasures are being implemented. This is the case of the omnipresent OpenSSL, which implement protections against side channel attacks to prevent the extraction of the secret key. In our presentation, we will briefly introduce SCA to the audience and discuss later the countermeasures implemented in the OpenSSL RSA and our attack that allows us to bypass them. #NetworkSecurity Praveen Vadnala Lukasz Chmielewski
Views: 339 SHA2017
Side Channels and Clouds: New Challenges in Cryptography
Emerging trends in computation such as cloud computing, virtualization and trusted computing require that computation be carried out in remote and hostile environments, where attackers have unprecedented access to the devices, the data and the programs. This poses new challenges for cryptography. Vinod Vaikuntanathan of the MIT/IBM T.J. Watson Research Center recently spoke at the University of Washington, sharing his recent work in solving two of these new challenges, side-channel attacks and computing on encrypted data.
Views: 3917 UW Video
RSA Attack series -6 ( Hastad attack ) --Arabic
المحتوى - نظرى الـ attack - تطبيق الـ attack بـ python tool
Views: 163 Karem Ali
Side-Channel Analysis Demo: FPGA Board
Elke DeMulder, Research Scientist for Cryptography Research, demonstrates how field programmable gate arrays (FPGAs) can be compromised by side-channel attacks.
Views: 11189 Rambus Inc.
How to detect side channel attacks in cloud infrastructures
SecludIT http://www.secludit.com Slides http://www.slideshare.net/PasqualePuzio/how-to-detect-side-channel-attacks-in-cloud-infrastructures We integrated Elastic Detector, which is SecludIT's product, with OSSIM in order to detect side-channel attacks occurring in cloud infrastructures. Elastic Detector takes care of solving the cloud elasticity issue, collecting security-relevant logs and forwarding (rsyslog) them to OSSIM where the correlation takes place (thanks to our plugin). DEMO showed at the RaSIEM workshop (ARES conference) in Regensburg, Germany.
Views: 1113 Pasquale Puzio
All in the Timing: Side-Channel Attacks
Philip James https://2018.pycon-au.org/talks/45261-all-in-the-timing-sidechannel-attacks/ Here, you’ll learn about a category of security issue known as side channel attacks. You’ll be amused to see how features like automatic data compression, short-circuit execution, and deterministic hashing can be abused to bypass security systems. No security background knowledge is required. Python, PyCon, PyConAU, australia, programming, sydney This video is licensed under CC BY 3.0 AU ‹https://creativecommons.org/licenses/by/3.0/au/›. PyCon Australia (“PyCon AU”) is the national conference for the Python Programming Community, bringing together professional, student and enthusiast developers with a love for developing with Python. PyCon AU, the national Python Language conference, is on again this August in Sydney, at the International Convention Centre, Sydney, August 24 - 28 2018. Python, PyCon, PyConAU
Views: 155 PyCon Australia
All in the timing: How side channel attacks work
Philip "Phildini" James, Asheesh Laroia https://2018.northbaypython.org/schedule/presentation/22/ In this talk, you’ll learn about a category of security issue known as side channel attacks. You’ll be amused to see how features like automatic data compression, short-circuit execution, and deterministic hashing can be abused to bypass security systems. No security background knowledge is required. The talk assumes at least intermediate Python experience. We’ll take a tour of real side channel vulnerabilities in open source Python codebases, including the patches that fixed them. It also offers practical advice for avoiding these issues. My goal is to demystify this topic, even if you aren’t writing security-critical software. This talk is for intermediate or higher Python developers who want a foundation for understanding side channel security vulnerabilities. We hope to allow software developers without a security background to understand the security mindset. A Python conference north of the Golden Gate North Bay Python is a single-track conference with a carefully curated set of talks representing the diverse Python community and their different areas of interest. If a topic is less to your interest, or you've met some people you really want to sit down and chat with, we'll have plenty of areas away from the main theatre to catch up and chat. Our goal is to keep prices as low as possible. That means we won't be catering lunch. Instead, you can look forward to extra-long lunch breaks you can use to explore all of the great food options around the venue.
Views: 97 North Bay Python
Unboxing The White-Box: Practical Attacks Against Obfuscated Ciphers
by Eloi Sanfelix & Job de Haas & Cristofaro Mune White-Box Cryptography (WBC) aims to provide software implementations of cryptographic algorithms that are resistant against an attacker with full access to the internals. Therefore, the key must remain secure even if the attacker is able to inspect and modify the execution of the cryptographic algorithm. This is often referred to as "security in the White-Box context." In a vanilla implementation of a cryptographic algorithm, access to intermediate results directly leads to extraction of the key. To achieve security in the white-box context, data encoding schemes and strong obfuscation are typically applied. This type of implementation is commonly seen in DRM systems, and is currently gaining momentum in the mobile payment market. Assessing the security of WBC implementations is a challenge both for evaluators and for WBC designers, as it often requires a powerful mix of reverse engineering and applied cryptanalysis skills. In this presentation, we show how attacks typically used to attack hardware cryptosystems can be ported to the white-box settings. We will introduce generic yet practical attacks on WBC implementations of the TDES and AES ciphers. Additionally, we will analyze the requirements for each attack and discuss potential countermeasures. We have applied these attacks to recover cryptographic keys from commercial as well as academic implementations. During the presentation, we will demonstrate several attacks on open source WBC implementations using custom tools. If you are tasked with evaluating the attack resistance of a WBC-based solution, this presentation will provide a better understanding of what White-Box Cryptography is and how to evaluate its robustness against different key extraction attacks. If you are a WBC designer, you will obtain a better understanding of what the most common weak points of such schemes are. Our results highlight the importance of evaluating WBC implementations with respect to these generic attacks in order to provide correct judgment about their level of security.
Views: 2345 Black Hat
DEF CON 24 - Side channel attacks on high security electronic safe locks
Plore Hacker Electronic locks are becoming increasingly common on consumer-grade safes, particularly those used to secure guns. This talk explores vulnerabilities of several UL-listed Type 1 "High Security" electronic safe locks. Using side-channel attacks, we recover the owner-configured keycodes on two models of these locks from outside of locked safes without any damage to the locks or safes. Discussion includes power-line analysis, timing attacks, and lockout-defeat strategies on embedded devices. An embedded software developer with a background in electrical engineering, Plore has long been fascinated by computer security and locks. One day he found himself wondering if the trust bestowed on electronic locks was actually misplaced. He decided to investigate.
Views: 939 HackersOnBoard
Web Timing Attacks Made Practical
by Timothy Morgan & Jason Morgan Timing side-channel attacks are a well-known class of flaw in cryptographic systems and applications in general. While these issues have been researched for decades, the complexities involved in obtaining accurate timing measurements and performing accurate statistical analysis has prevented the average pentester from identifying and exploiting these issues on a day-to-day basis. In this paper, we build on past research to make remote timing attacks practical against modern web applications. We scrutinize both methods of data collection and statistical analysis used by previous researchers, significantly improving results in both areas. We implement an adaptive Kalman filter, which provides greater accuracy in classifying timing differences, making timing attacks more practical in congested networks and speeding up attacks in ideal conditions. As part of this research, a new open source timing attack tool suite is being released to the community.
Views: 6329 Black Hat
Practical side-channel attacks on embedded device cryptography - Dr Owen Lo and Doug Carson
The associated research paper is here: https://www.tandfonline.com/doi/abs/10.1080/23742917.2016.1231523
Views: 1418 The Cyber Academy
Authenticated Encryption in the Face of Protocol and Side Channel Leakage
Paper by Guy Barwell and Daniel P. Martin and Elisabeth Oswald and Martijn Stam, presented at Asiacrypt 2017. See https://www.iacr.org/cryptodb/data/paper.php?pubkey=28250
Views: 64 TheIACR
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Authors: Xiaokuan Zhang, Yuan Xiao and Yinqian Zhang (The Ohio State University) presented at CCS 2016 - the 23rd ACM Conference on Computer and Communications Security (Hofburg Palace Vienna, Austria / October 24-28, 2016) - organized by SBA Research
Views: 347 CCS 2016
ParTI   Towards Combined Hardware Countermeasures against Side Channel and Fault Injection Attacks
Tobias Schneider and Amir Moradi and Tim Güneysu, Crypto 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27644
Views: 218 TheIACR
COSIC seminar "VerMI: Verification Tool for Masked Implementations" (Victor Arribas Abril)
COSIC seminar – VerMI: Verification Tool for Masked Implementations – Victor Arribas Abril (KU Leuven) Masking is a widely used countermeasure against Side-Channel Attacks, nonetheless, the implementation of these countermeasures is challenging. Experimental security evaluation requires special equipment, a considerable amount of time, and extensive technical knowledge. Therefore, to automate and to speed up this process, a formal verification can be performed to asses the security of a design. In this work we present VerMI, a verification tool in the form of a logic simulator that checks the properties defined in Threshold Implementations to address the security of a hardware implementation for meaningful orders of security. The tool is designed so that any masking scheme can be evaluated. It accepts combinational and sequential logic and is able to analyze an entire cipher in short time. With the tool we have managed to spot a flaw in the round-based KECCAK implementation by Gross et al., published in DSD 2017.
Horizontal Side Channel Attacks and Countermeasures on the ISW Masking Scheme
Alberto Battistello and Jean-Sébastien Coron and Emmanuel Prouff and Rina Zeitoun, CHES 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27843
Views: 327 TheIACR
Cryptography timing attacks on MAC verification (collision resistance)
Cryptography timing attacks on MAC verification To get certificate subscribe: https://www.coursera.org/learn/crypto ======================== Playlist URL: https://www.youtube.com/playlist?list=PL2jykFOD1AWYosqucluZghEVjUkopdD1e ======================== About this course: Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key.
Views: 260 intrigano
On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces
From USENIX Security '12 Ivan Martinovic, University of Oxford; Doug Davies, Mario Frank, and Daniele Perito, University of California, Berkeley; Tomas Ros, University of Geneva; Dawn Song, University of California, Berkeley
Views: 487 USENIX
SDR as Side Channel Attack Platform (eh17)
https://media.ccc.de/v/EH2017-8571-sdr_as_side_channel_attack_platform Ein weg um Software Defined Radios für Seitenkanalangriffe zu verwenden. bolek42
Views: 808 media.ccc.de
Generic Side-Channel Distinguishers: Improvements and Limitations (Crypto 2011)
Nicolas Veyrat-Charvillon and François-Xavier Standaert Université catholique de Louvain, Belgium Abstract. The goal of generic side-channel distinguishers is to allow key recoveries against any type of implementation, under minimum assumptions on the underlying hardware. Such distinguishers are particularly interesting in view of recent technological advances. Indeed, the traditional leakage models used in side-channel attacks, based on the Hamming weight or distance of the data contained in an implementation, are progressively invalidated by the increased variability in nanoscale electronic devices. In this paper, we consequently provide two contributions related to the application of side-channel analysis against emerging cryptographic implementations. First, we describe a new statistical test that is aimed to be generic and efficient when exploiting high-dimensional leakages. The proposed distinguisher is fully non-parametric. It formulates the leakage distributions using a copula and discriminates keys based on the detection of an "outlier behavior". Next, we provide experiments putting forward the limitations of generic side-channel analysis in advanced scenarios, where leaking devices are protected with counter-measures. Our results exhibit that all non-proled attacks published so far can sometimes give a false sense of security, due to incorrect leakage models. That is, there exists settings in which an implementation is secure against such non-profiled attacks and can be defeated with profiling. This confirms that the evaluations of cryptographic implementations should always consider profiling, as a worst case scenario.
Views: 516 TheIACR
The Mechanical Cryptographer: Tolerant Algebraic Side-Channel Attacks using pseudo-Boolean Solvers
Machine solvers are a class of general-purpose software tools which input a set of equations and output a satisfying assignment to these equations (or a proof of unsatisfiability). Solvers are used for a variety of practical applications, from VLSI verification to transportation route planning. Recently several authors have attempted to use solvers to perform one of the most challenging tasks in modern computer science - cryptanalysis of symmetric block ciphers such as AES. To use a solver for cryptanalysis, we provide it with a known plaintext, a known ciphertext and the set of mathematical equations which use an unknown secret key to transform between the two. The solver is then expected to output the secret key which links the given plaintext and ciphertext, thus satisfying the equation set. Fortunately, solvers are not currently capable of directly attacking modern ciphers. However, the situation is drastically different when side-channel data (information leaked from the cryptographic device due to its internal structure) is introduced into the equation. This talk will introduce side-channel cryptographic attacks, survey our latest efforts in using machine solvers to attack cryptosystems, and conclude with a successful attack on the AES cipher which requires surprisingly little side-channel data and computation time. Joint work with Mathieu Renauld, Fran�ois-Xavier Standaert and Avishai Wool
Views: 103 Microsoft Research
cryptography - Padding Oracle Attacks
Cryptography To get certificate subscribe: https://www.coursera.org/learn/cryptography ======================== Playlist URL: https://www.youtube.com/playlist?list=PL2jykFOD1AWb07OLBdFI2QIHvPo3aTTeu ============================ Youtube channel: https://www.youtube.com/user/intrigano ============================ https://scsa.ge/en/online-courses/ https://www.facebook.com/cyberassociation/
Views: 7634 intrigano
LABS 46 Basic Data Encryption Using Advanced Encryption Package REVIEW
Lab Scenario : Data encryption and decryption operations require major security applications to secure data. Most systems uses block ciphers, such as public AES standars. However, implementations of block ciphers such as AES, as well as other cryptographic algorithms, are subject to side-channel attacks. These attacks allow adversaries to extrat secret keys from devices y passively monitoring the power consumption of other side channels. Countermeasures are required for applications to which side-channel attacks are a threat. These include several military and aerospace applications in which program information, classified data, algorithms, and secret keys reside on assets that may not always be physically protected. To be an Expert Ethical Hacker and Penetration Tester, you must understand file data encryption.
[BlackHat EU 2013] Power Analysis Attacks for Cheapskates
Power Analysis Attacks for Cheapskates Presented By: Colin O'Flynn Power analysis attacks present a devious method of cracking cryptographic systems. But looking at papers published in this field show that often the equipment used is fairly expensive: the typical oscilloscope used often have at least a 1 GSPS sampling rate, and then various probes and amplifiers also add to this cost. What is a poor researcher to do without such tools? This presentation will give a detailed description of how to setup a power analysis lab for a few hundred dollars, one that provides sufficient performance to attack real devices. It's based on some open-source hardware & software I developed, and is small enough to fit in your pocket. This will be demonstrated live against a microcontroller implementing AES, with details provided so attendees can duplicate the demonstration. This includes an open-hardware design for the capture board & open-source Python tools for doing the capture. Underlying theory behind side-channel attacks will be presented, giving attendees a complete picture of how such attacks work
Views: 86 TalksDump
Time Trial: Racing Towards Practical Timing Attacks
By Daniel A. Mayer and Joel Sandin "Attacks on software become increasingly sophisticated over time and while the community has a good understanding of many classes of vulnerabilities that are commonly exploited, the practical relevance of side-channel attacks is much less understood. One common side-channel vulnerability that is present in many web applications today are timing side-channels which allow an attacker to extract information based on different response times. These side-channel vulnerabilities are easily introduced wherever sensitive values such as credentials or API keys are processed before responding to a client. Even though there is basic awareness of timing side-channel attacks in the community, they often go unnoticed or are flagged during code audits without a true understanding of their exploitability in practice. In this talk, we provide both a tool 'time trial' and guidance on the detection and exploitability of timing side-channel vulnerabilities in common web application scenarios. Specifically, the focus of our presentation is on remote timing attacks, which are performed over a LAN, in a cloud environment, or on the Internet. To illustrate this, we first present experimental timing results that demonstrate how precisely timing can be measured and, more importantly, which timing differences can be distinguished remotely. Second, we compare our results with timing differences that are typically encountered in modern web frameworks and servers. The discussed attack scenarios include database queries, message authentication codes, web API keys, OAuth tokens, and login functions. Our presentation has significance for a wide spectrum of the conference audience. Attendees in defensive security roles will gain a better understanding of the threat timing side-channel vulnerabilities pose and, based on the demonstrated attacks, will be better able to evaluate the severity and impact of a successful side-channel attack. Attendees in a penetration testing role will learn how to distinguish theoretical timing attacks from legitimately exploitable flaws by using our tool 'time trial'. Finally, attendees focused on research implications will receive a comprehensive update on the state-of-the-art in exploiting timing attacks in practice."
Views: 1004 Black Hat
ChipWhisperer Tutorial #B3-1: Timing Attack against Password Protection
See http://newae.com/sidechannel/cwdocs/tutorialbasictimingpasswd.html for full details!
Views: 1073 NewAE Technology Inc.
COM-402 Spring 2018 Lecture 8: Side Channel Attacks (Part 1)
EPFL COM-402: Information Security and Privacy Lecture by Prof. Bryan Ford
Views: 96 COM-402
Jasper van Woudenberg on Side channel analysis and fault injection
Hardware attacks, once a niche field restricted to military and early smartcard security researchers, are becoming more relevant with the explosion of embedded devices that surround us. On the technical side, this talk will introduce side channel and fault injection techniques, and how these affect the security of any device "out in the field"; and what software and hardware devs can do to mitigate these attacks. On the grand-scheme-of-things, this talk will put these attacks in context of the future of (embedded/IoT) security. Jasper (@jzvw) van Woudenberg currently is CTO for Riscure North America. As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat trainings, Intel Security Conference, RSA, EDSC, BSides, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, GMU and the University of Amsterdam.
Views: 925 Fastly
hardwear.io 2017:- TEMPEST Attacks Against AES by Craig Ramsay
Side-channel attacks can recover secret keys from cryptographic algorithms (including the pervasive AES) using measurements such as power use. However, these previously-known attacks on AES tend to require unrestricted, physical access to the device. Using improved antenna and signal processing, Fox-IT and Riscure show how to covertly recover the encryption key from two realistic AES-256 implementations while: 1. Attacking at a distance of up to 1 m (30 cm in realistic conditions; "TEMPEST"), 2. Using minimal equipment (fits in a jacket pocket, costs less than €200) and 3. Needing only a few minutes (5 minutes for 1 m and 50 seconds for 30 cm.) To the best of our knowledge, this is the first public demonstration of such covert attacks from a distance. Thanks for watching this video and you can join us on various social networking sites. Website: https://hardwear.io/ Facebook: http://www.facebook.com/hardwear.io Twitter: http://twitter.com/hardwear_io
Views: 350 hardwear.io
Cryptography 7.3| Chosen ciphertext attacks 12 min
Introduction to Cryptography - I ===================== Materials (video, slides, english subtitles) from / Stanford Introduction to Cryptography Slides & Subtitle Link: http://www.mediafire.com/file/rr8pnxag9kpe3g7/Crypto-I.rar/file About this Course: Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on fun (optional) programming projects. In a second course (Crypto II) we will cover more advanced cryptographic tasks such as zero-knowledge, privacy mechanisms, and other forms of encryption. SKILLS YOU WILL GAIN During the 66 Video in this Course: 1 - Cryptography, 2 - Cryptographic Attacks, 3 - Public-Key Cryptography, 4 - Symmetric-Key Algorithm,
Views: 58 TO Courses
BeEF Browser Exploitation - Client Side Attacks With Kali Linux
NordVPN: Affiliate Link: https://nordvpn.org/hacker Use the promo code for 77% Off your order Promo Code: hacker Hey guys! HackerSploit here back again with another video, in this video, we will be looking at how to perform client-side browser exploitation with BeEF. BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. I Hope you enjoy/enjoyed the video. If you have any questions or suggestions feel free to ask them in the comments section or on my social networks. HackerSploit Website: https://hsploit.com/ HackerSploit Android App: https://play.google.com/store/apps/details?id=com.hsploitnews.hsploit&hl=en 🔴 Support The Channel NordVPN Affiliate Links: https://nordvpn.org/hacker NordVPN Promo Code: hacker Patreon: http://patreon.com/hackersploit 🔴 Get Our Courses Get a special discount on our courses: The Complete Deep Web Course 2018: https://www.udemy.com/the-complete-deep-web-course-2017/?couponCode=DWCBP2017 🔴 SOCIAL NETWORKS ------------------------------- Facebook: https://www.facebook.com/HackerSploit/ Instagram: https://www.instagram.com/alexi_ahmed/ Twitter: https://twitter.com/HackerSploit Kik Username: HackerSploit Patreon: http://patreon.com/hackersploit -------------------------------- Thanks for watching! Благодаря за гледането 感谢您观看 Merci d'avoir regardé Grazie per la visione Gracias por ver شكرا للمشاهدة دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद
Views: 32791 HackerSploit
ChipWhisperer: A 2-Min Overview of Side Channel Analysis Platform
Check out the project on Hackaday: http://hackaday.io/project/956-ChipWhisperer , and I'll be at O'Reilly Solid in May: http://solidcon.com/solid2014/public/schedule/detail/33655
Views: 11926 Colin O'Flynn
NDSS 2018 - KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Session 4B: Software Attacks and Secure Architectures 01 KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks SUMMARY Besides cryptographic secrets, software-based sidechannel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. These attacks have also been demonstrated in JavaScript embedded in websites by a remote attacker. We extend the stateof-the-art with a new interrupt-based attack and the first Prime+ Probe attack on kernel interrupt handlers. Previously proposed countermeasures fail to prevent software-based keystroke timing attacks as they do not protect keystroke processing through the entire software stack. We close this gap with KeyDrown, a new defense mechanism against software-based keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel, making the keystroke interrupt density uniform over time, i.e., independent of the real keystrokes. All keystrokes, including fake keystrokes, are carefully propagated through the shared library to make them indistinguishable by exploiting the specific properties of software-based side channels. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using software-based sidechannel attacks. SLIDES http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/03/NDSS2018_04B-1_Schwarz_Slides.pdf PAPER https://www.ndss-symposium.org/wp-content/uploads/sites/25/2018/02/ndss2018_04B-1_Schwarz_paper.pdf AUTHORS Michael Schwarz (Graz University of Technology) Moritz Lipp (Graz University of Technology) Daniel Gruss (Graz University of Technology) Samuel Weiser (Graz University of Technology) Clementine Maurice (Univ. Rennes, CNRS, IRISA) Raphael Spreitzer (Graz University of Technology) Stefan Mangard (Graz University of Technology) Network and Distributed System Security (NDSS) Symposium 2018, 18-21 February 2018, Catamaran Resort Hotel & Spa in San Diego, California. https://www.ndss-symposium.org/ndss2018/programme/ ABOUT NDSS The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. https://www.ndss-symposium.org/ #NDSS #NDSS18 #NDSS2018 #InternetSecurity
Views: 141 NDSS Symposium
On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces
This video is part of the Infosec Video Collection at SecurityTube.net: http://www.securitytube.net On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces Slide :- https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final56.pdf Brain computer interfaces (BCI) are becoming increasingly popular in the gaming and entertainment industries. Consumer-grade BCI devices are available for a few hundred dollars and are used in a variety of applications, such as video games, hands-free keyboards, or as an assistant in relaxation training. There are application stores similar to the ones used for smart phones, where application developers have access to an API to collect data from the BCI devices. The security risks involved in using consumer-grade BCI devices have never been studied and the impact of malicious software with access to the device is unexplored. We take a first step in studying the security implications of such devices and demonstrate that this upcoming technology could be turned against users to reveal their private and secret information. We use inexpensive electroencephalography (EEG) based BCI devices to test the feasibility of simple, yet effective, attacks. The captured EEG signal could reveal the user.s private informa- tion about, e.g., bank cards, PIN numbers, area of living, the knowledge of the known persons. This is the first attempt to study the security implications of consumer-grade BCI devices. We show that the entropy of the private information is decreased on the average by approximately 15 % - 40 % compared to random guessing attacks.
Views: 2403 SecurityTubeCons
CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem
• Paper and supplementary material: https://popl19.sigplan.org/event/popl-2019-research-papers-ct-wasm-type-driven-secure-cryptography-for-the-web-ecosystem • Abstract: A significant amount of both client and server-side cryptography is implemented in JavaScript. Despite widespread concerns about its security, no other language has been able to match the convenience that comes from its ubiquitous support on the “web ecosystem” - the wide variety of technologies that collectively underpins the modern World Wide Web. With the introduction of the new WebAssembly bytecode language (Wasm) into the web ecosystem, we have a unique opportunity to advance a principled alternative to existing JavaScript cryptography use cases which does not compromise this convenience. We present Constant-Time WebAssembly (CT-Wasm), a type-driven, strict extension to WebAssembly which facilitates the verifiably secure implementation of cryptographic algorithms. CT-Wasm’s type system ensures that code written in CT-Wasm is both information flow secure and resistant to timing side channel attacks; like base Wasm, these guarantees are verifiable in linear time. Building on an existing Wasm mechanization, we mechanize the full CT-Wasm specification, prove soundness of the extended type system, implement a verified type checker, and give several proofs of the language’s security properties. We provide two implementations of CT-Wasm: an OCaml reference interpreter and a native implementation for Node.js and Chromium that extends Google’s V8 engine. We also implement a CT-Wasm to Wasm rewrite tool that allows developers to reap the benefits of CT-Wasm’s type system today, while developing cryptographic algorithms for base Wasm environments. We evaluate the language, our implementations, and supporting tools by porting several cryptographic primitives - Salsa20, SHA-256, and TEA - and the full TweetNaCl library. We find that CT-Wasm is fast, expressive, and generates code that we experimentally measure to be constant-time.
Views: 6 POPL 2019
COSIC seminar - Towards Efficient and Automated Side Channel Evaluations... (Danilo Šijačić)
COSIC seminar - Towards Efficient and Automated Side Channel Evaluations at Design Time - Danilo Šijačić (KU Leuven) Models and tools developed by the semiconductor community have matured over decades of use. As a result, hardware simulations can yield highly accurate and easily automated pre-silicon estimates for e.g. timing and area figures. In this work we design, implement, and evaluate CASCADE, a framework that combines a largely automated full-stack standard-cell design flow with the state of the art techniques for side channel analysis. We show how it can be used to efficiently evaluate side channel leakage prior to chip manufacturing. Moreover, it is independent of the underlying countermeasure and it can be applied starting from the earliest stages of the design flow. Additionally, we provide experimental validation through assessment of the side channel security of representative cryptographic circuits. We discuss aspects related to the performance, scalability, and utility to the designers. In particular, we show that CASCADE can evaluate information leakage with 1 million simulated traces in less than 4 hours using a single desktop workstation, for a design larger than 100kGE.
SideChannel Timing Attack Demo
Side Channel Timing Attack on PIN protected Hard Drive. Inspired by Joe Grand (https://www.youtube.com/watch?v=2-zQp26nbY8) and Colin O'Flynn (https://www.youtube.com/watch?v=p0AuTPmFjTY&t=7s). Highly recommend to check them out. :)
Views: 160 Kevin2600
HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows
by Tom Van Goethem & Mathy Vanhoef Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these attacks require an adversary capable of observing or manipulating network traffic. This prevented a wide and easy exploitation of these vulnerabilities. In contrast, we introduce HEIST, a set of techniques that allows us to carry out attacks against SSL/TLS purely in the browser. More generally, and surprisingly, with HEIST it becomes possible to exploit certain flaws in network protocols without having to sniff actual traffic. HEIST abuses weaknesses and subtleties in the browser, and the underlying HTTP, SSL/TLS, and TCP layers. Most importantly, we discover a side-channel attack that leaks the exact size of any cross-origin response. This side-channel abuses the way responses are sent at the TCP level. Combined with the fact that SSL/TLS lacks length-hiding capabilities, HEIST can directly infer the length of the plaintext message. Concretely, this means that compression-based attacks such as CRIME and BREACH can now be performed purely in the browser, by any malicious website or script, without requiring network access. Moreover, we also show that our length-exposing attacks can be used to obtain sensitive information from unwitting victims by abusing services on popular websites. Finally, we explore the reach and feasibility of exploiting HEIST. We show that attacks can be performed on virtually every web service, even when HTTP/2 is used. In fact, HTTP/2 allows for more damaging attack techniques, further increasing the impact of HEIST. In short, HEIST is a set of novel attack techniques that brings network-level attacks to the browser, posing an imminent threat to our online security and privacy.
Views: 14229 Black Hat
Revisiting SSL/TLS implementations: new Bleichenbacher side channels and attacks
usenix 2014 this video is not belong to me
Views: 667 Hailey Bang