Presented at
DeepSec 2015 „DeepSec No. 9“,
Unknown date/time
(Unknown duration).
The course covers cryptographic pitfalls and issues every security developer should be aware of. To understand the discussed problems, many cryptographic attacks will be presented and the participants will get an opportunity to develop these attacks using scenarios prepared in our virtual machine.
The training is dedicated to two groups:
First, it is intended for security developers who want to design and develop their new crypto application properly.
Second, the training is intended for penetration testers since the course presents a bunch of practical crypto attacks generally applicable to standardized protocols as well as custom applications.
Contents
Day 1:
- Crypto APIs
- Basic Padding Oracle Attacks Vaudenay
- Hash functions and hash extension attacks
- How to Break XML Encryption Overview BEAST / CRIME / Poodle / RC4
Day 2:
- RSA
- RSA fault attacks and RSA bad randomness
- Bleichenbacher's attack
- Breaking RSA in XML-EncryptionBackwards Compatibility attacks
- Invalid Curve Attacks Requirements
- Basic programming skills
- Basic skills in math or crypto are recommended
(or at least, you should definitely know about XOR or modular exponentiation)
- A laptop with a recent version of "Virtual Box" (the virtual machine will be provided).
VMWare and other virtualization software should also work but cannot be supported.
Presenters:
-
Juraj Somorovsky
- Ruhr University Bochum
Dr. Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security" he analyzes various cryptographic attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications and in countless frameworks and applications. He presented his work at many scientific and industry conferences, including Usenix Security or OWASP Germany. Currently, he works as a Postdoc at the Ruhr University Bochum, and as a security specialist for his co-founded company 3curity GmbH. Dr. Tibor Jager is an academic cryptographer, doing research in applied and theoretical cryptography. His work focuses on practical cryptographic constructions, attacks and countermeasures, and the design and formal analysis of cryptographic protocols. He teaches computer networks and IT-security at Ruhr University Bochum. Together with Juraj Somorovsky, he found and reported flaws in cryptographic standards and libraries, including W3C's XML Encryption.
-
Tibor Jager
- Ruhr University Bochum
Dr. Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security" he analyzes various cryptographic attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications and in countless frameworks and applications. He presented his work at many scientific and industry conferences, including Usenix Security or OWASP Germany. Currently, he works as a Postdoc at the Ruhr University Bochum, and as a security specialist for his co-founded company 3curity GmbH. Dr. Tibor Jager is an academic cryptographer, doing research in applied and theoretical cryptography. His work focuses on practical cryptographic constructions, attacks and countermeasures, and the design and formal analysis of cryptographic protocols. He teaches computer networks and IT-security at Ruhr University Bochum. Together with Juraj Somorovsky, he found and reported flaws in cryptographic standards and libraries, including W3C's XML Encryption.
Links:
Similar Presentations: