AppSec Europe 2016 has ended
Back To Schedule
Friday, July 1 • 14:10 - 14:55
Practical Attacks on Real World Crypto Implementations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

While the cryptographic community concentrates on designing provably secure cryptographic primitives, real world implementations still suffer from vulnerabilities presented more than a decade ago at scientific crypto conferences. In the recent years, we could for example observe resurrections of padding oracles, Bleichenbacher attacks, or invalid curve attacks. These examples prove the existence of a large gap between the crypto and security communities. 

This talk will give an overview of our recent attacks on cryptographic libraries. We will first discuss the application of Bleichenbacher's attack on various TLS implementations. We will give important insights about the side channels that allowed us to perform the attacks. In particular, we first show that there existed implementations allowing us to apply direct Bleichenbacher's attack. Second, we show that additional exception handling in object oriented languages could lead to timing side channels, which could be exploited over the network, in real conditions. 

We will then move to the description of invalid curve attacks (also know as invalid point attacks). These attacks were first described by Biehl et al. at Crypto 2000, and can be circumvented by simply checking whether an incoming point belongs to a correct curve. However, our recent study of various crypto libraries and Hardware Security Modules revealed that three of them were vulnerable to these attacks. This allowed us to extract EC private keys from Java servers or from the Utimaco HSM. 
At the end of the talk, a real attack against an Apache Tomcat server will be presented, and how it could be used to extract a private EC key. 

This talk is based on these publications: 
- Christopher Meyer, Juraj Somorovsky, Eugen Weiss, Jörg Schwenk, Sebastian Schinzel and Erik Tews. Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. 23rd USENIX Security Symposium (Usenix Security 2014). 
- Tibor Jager, Juraj Somorovsky and Jörg Schwenk. Practical Invalid Curve Attacks on TLS-ECDH. ESORICS 2015. 
- Den­nis Kup­ser, Chris­ti­an Main­ka, Jörg Schwenk, Juraj So­mo­rovs­ky. How to Break XML En­cryp­ti­on - Au­to­ma­ti­cal­ly.Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT), 2015 

Our papers are available at https://www.nds.rub.de/chair/people/jsomorovsky/

avatar for Juraj Somorovsky

Juraj Somorovsky

Security Consultant, Ruhr-University Bochum
Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security“ he analyzes various attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications... Read More →

Friday July 1, 2016 14:10 - 14:55 CEST
Room C (Tiziano Ballroom Sec. 2)