Back To Schedule
Tuesday, November 19 • 9:00am - 5:00pm
2 Day Pre-Conference Training: Application Cryptanalysis with Bletchley

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

2 Day Class running Monday Nov 18 and Tuesday Nov 19

Use of cryptography permeates todays computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.  Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner.  In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.  Each lecture session will be followed by lab exercises where students will utilize the Bletchley toolkit and other open source tools to attack vulnerable applications.
Outline for two-day version:
Day 1
1. Crypto refresher
  A. Pseudorandom number generators
  B. Block ciphers and their modes
  C. Hashes and (H)MACs
2. Attacks on nonces
  A. Statistical/structural analysis
  B. Attacking weak seeds
  C. Attacking weak algorithms
  D. Examples of past flaws in real-world applications
3. Exercise: Weak nonces
  A. Fun with Stompy
  B. Attacking a linear congruential generator (LCG)
4. Attacks on encrypted tokens
  A. Determining block size / mode
  B. Basics of block swapping
  C. Attacks on ECB and CBC modes
D. Algorithm Reuse
5. Exercise: Block swapping
  A. Analyzing encoded blobs
  B. Identifying algorithm reuse
  C. Forging tokens
6. Padding oracle attacks
  A. Theory
  B. Real-world examples
7. Exercise: Asking the oracle
Day 2
8. Hash length-extension attacks (3/4 hr)
  A. Naive Hash-based MAC construction
  B. The popular M-D hash method
  C. Construction of an attack
9. Exercise: A simple HLE attack (1.5 hrs)
  A. Identifying hashed elements
  B. Constructing a message
10. Attacking unprotected stream ciphers (1 1/4 hr)
  A. Refresher on synchronous ciphers and modes (OFB/CTR)
  B. Identifying stream ciphers
  C. Static IV decryption
  D. Looking for decryption oracles
11. Exercise: Bit flipping for success (2 hrs)
  A. Building a bit probe script
  B. Modifying ciphertexts
12. Open lab time (1-2 hrs)
  A. Bonus exercise: breaking a password generator; or
  B. Finish implementations from previous exercises

avatar for Timothy Morgan

Timothy Morgan

Tim is credited with the discovery and responsible disclosure of several security vulnerabilities in commercial off-the-shelf and open source software including: IBM Tivoli Access Manager, Real Networks Real Player, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice... Read More →

Tuesday November 19, 2013 9:00am - 5:00pm EST
Chelsea (7th Floor) NY Marriott Marquis

Attendees (0)