Presented at
Black Hat USA 2016,
Aug. 3, 2016, 11:30 a.m.
(50 minutes).
We investigate nonce-reuse issues with the Galois/Counter Mode (GCM) algorithm as used in TLS. Nonce reuse in GCM allows an attacker to recover the authentication key and forge messages as described by Joux. With an Internet-wide scan we identified over 70,000 HTTPS servers that are at risk of nonce reuse. We also identified 184 HTTPS servers repeating nonces directly in a short connection. Affected servers include large corporations, financial institutions, and a credit card company. We implement a proof of concept attack allowing us to violate the authenticity of affected HTTPS connections and inject content.
Presenters:
-
Sean Devlin
- none
Sean Devlin is a cofounder of NCC Group's Cryptography Services and a coauthor of the Matasano Crypto Challenges. Previously a principal consultant with Matasano and NCC Group, he is now an independent security researcher and consultant.
-
Hanno Böck
Johannes Böck works as a freelance journalist and regularly covers IT security topics for the German IT news webpage Golem.de. He has written for several newspapers in the past and is the author of the monthly Bulletproof TLS Newsletter. Hanno also runs the Fuzzing Project, an effort to improve the security of free software applications.
-
Aaron Zauner / azet
- SBA-Research
as Aaron Zauner
Aaron Zauner is self-employed and primarily does engineering work, training, consulting and research on IT Infrastructure Architecture, Operations & Development, High Performance Computing and Information Security. He's been working in different corners of the IT-industry over more than 10 years, has seen the fallacies of distributed computing - still enjoys working and researching in the industry. Loves tuning, scaling and securing of distributed systems - building on and contributing to great Free & Open Source Software. He has held talks on DevOps, HPC and Security related topics at various venues - from local meetups to internationally recognized conferences. In addition, he currently holds a research position at SBA-Research in Vienna where he focuses on network security, applied cryptography, conducting Internet-wide surveys, attacking protocol implementations and proliferating strong cryptography.
-
Philipp Jovanovic
- Swiss Federal Institute of Technology Lausanne (EPFL)
Philipp Jovanovic finished his PhD in the field of symmetric cryptology at the University of Passau, Germany, in 2015. In his thesis "Analysis and Design of Symmetric Cryptographic Algorithms" he investigates fault-based attacks on various block ciphers and presents NORX a novel authenticated encryption scheme which is a second round candidate in the still ongoing CAESAR competition. After his graduation, Philipp became a post-doc at the Swiss Federal Institute of Technology Lausanne (EPFL), Switzerland, where he currently works at the Decentralized and Distributed Systems (DeDiS) Lab on scalable cryptographic protocols and their applications in the areas of Internet PKI, software deployment, generation of public randomness, blockchains, etc. He is also a regular speaker at academic and non-academic conferences, and presented, amongst others, at the Chaos Communication Congress, ESORICS, and FSE.
Links:
Similar Presentations: