When Strong Encryption, Isn't

Presented at THOTCON 0xA (2019), May 4, 2019, 1 p.m. (50 minutes).

It always pays to read the fine print and know what questions to ask. Recently, a very large mobile device vendor released a 17 page specification on their NFC encryption method. Since my employer planned to consume this, I was asked to give the document a pro forma review. Excellent design decisions were made throughout, in many cases going well beyond what might actually be required under the circumstances. At the bottom of page 16 (of 17) was a seemingly innocuous statement that caught my eye, explaining why an obvious security measure (a random initialization [IV] vector) was *not* required. It struck me as odd that such a large vendor would explicitly state why a particular security control was unnecessary, so I started asking questions. After being initially being rebuffed with an explanation that I simply did not understand how it worked, I continued to press, and ultimately I was able to demonstrate that their implementation was deeply flawed. It was flawed to the extent that I was able to decrypt their encrypted traffic without ever having to know their encryption key. It was at this point, the vendor stopped responding to my emails. In the presentation, plan to focus on the analysis of how their implmentation was flawed, describing how their encryption was implemented incorrectly, and the process required to decrypt the data. This will require a brief overview of encryption, digging into the details of the specific methods the vendor used in their implementation.

Presenters:

  • Kurt Kincaid
    Encryption geek, infosec guy, medieval English literature nerd, artist, author, martial artist. Runs with scissors.

Similar Presentations: