InfoconDB

Presented at Kawaiicon (2019), Oct. 18, 2019, 12:15 p.m. (15 minutes).

If you want to store your data securely in the cloud, you need to properly encrypt it and be the sole owner of the cryptographic keys. Several cloud data encryption solutions exist that promise to automate this process. However, now that your cryptographic keys are stored by such a central solution, you have to trust that it cannot be compromised or else all of your precious cloud data may be at risk.

In this talk we will present an in-depth analysis of one of the leading cloud data encryption solutions. Besides describing the overall system architecture, we will discuss and demonstrate several critical vulnerabilities in the different components that can result in a full remote compromise of the solution.

For the analysis we developed a coverage-based blackbox fuzzer using the FRIDA framework. The fuzzer can be rapidly adapted to different targets and architectures and, hence, will help security researchers in analyzing other solutions. It will be released after the talk as open source.

Presenters:

Dennis Mantz
Dennis is a Pentester and Security Researcher at ERNW focusing on mobile and embedded security. His fields of interest include firmware reverse engineering, binary exploitation and software defined radios. In his free time he enjoys participating in, and sometimes also hosting Capture The Flag (CTF) competitions.
Birk Kauer
Birk is a Security Researcher at ERNW Research and enjoys exploitation the most, especially in very tricky and complex situations. He often attends CTFs (Capture the Flags) to challenge himself with tricky exploits while keeping up with daily consulting and assessment work. He currently holds OSCP, OSCE and OSEE certificates from Offensive-Security.

Decrypt everything, everywhere

Presenters:

Links:

Similar Presentations: