2024-08-07 –, Emerald
Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.
This workshop has been developed over the last 8 years, refining the topics covered and how it is presented. At this time the workshop includes a VM with sample challenges and a tool called cryptosploit developed to aid in attacking cryptographic systems. The students will learn the theory and gain access to this tool to help them here and in other attempts to test and attack cryptographic systems.
* Stream Cipher overview (5 minutes)
* Properties of XOR
* Keystream reuse
* Keystream reuse exercise (10-15 minutes)
* Practice encrypting with a stream cipher service
* Decrypt a chosen file
* Recover keystream
* Block Cipher review (10 minutes)
* Block Cipher Modes
* ECB mode oracle
* ECB mode oracle exercise (10-15 minutes)
* ECB cut and paste attack
* CBC Mode malleability
* CBC Mode malleability exercise (10-15)
* privilege escalation through CBC mode malleability
* Padding Oracle Attacks
* What is the attack? (3 minutes)
* Where can this attack be used and how to detect it (3 minutes)
* Examples of the vulnerability in the real world (3 minutes)
* Practice with script to crack Padding Oracle (10-15 minutes)
* (EC)DSA known nonce and repeated nonce attack
* How does DSA work? (3 minutes)
* Where can this attack be used and how to detect it (3 minutes)
* Differences with ECDSA
* Examples of the vulnerability in the real world (3 minutes)
* Hands on implementing the attack (10 minutes)
* RSA Introduction (5 minutes)
* Attacking homomorphic properties of RSA
* Homomorphic encryption and adaptive chosen ciphertext attacks (3
minutes)
* Types of Oracles (2 minutes)
* Implementing the attack (10 minutes)
* Bleichenbacher '06
* PKCS1.5 padding (2 minutes)
* What is the attack? (3 minutes)
* Examples of the vulnerability (3 minutes)
* Hands on implementing the attack (15 minutes)
* CRT bad signature attack
* What is the attack? (3 minutes)
* Hands on implementation (10 minutes)
* CVE-2020-0601
* CA certificate cache
* Choosing a generator to match public key with new known private key
* Bonus
* Below are sections I don't usually have full time to cover, but will
include material for and discuss with students if there's time and
interest
* Weiner Attack
* What is the attack? (6 minutes)
* Examples of the vulnerability (2 minutes)
* Hands on implementation (15 minutes)
* Batch GCD
* Reuse of entropy in RSA key generation in the wild (3 minutes)
* Batch GCD algorithm (5 minutes)
* Hands on exercise (15 minutes)
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.