The devil is in the (implementation) details

The devil is in thedetails

how NOT to do security

implementation

05/06/2013 - Università degli Studi di Bergamo Enrico Bacis

Side Channel Attacks

A parity problem

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

n = 15 (p = 3, q = 5)

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

enc(m)

ok

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

enc(2·m)

ok

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

enc(2·m)

ok

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

enc(4·m)

err

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

enc(8·m)

ok

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

Multiplicative Property of RSA

Can we only hack farms?

PKCS#1 v1.5

0002 RANDOM PAD 00 MESSAGE

Broken by Bleichenbacher Attack (1998)

Electronic Codebook

ECB CBC

Cipher Block Chaining

Padding Oracle Attack

Timing Attack

"Never ever implementyour own cryptosystem"

( Dan Boneh )

Android and Mobile Vulnerabilities

Sniffing

Man In The Middle Attack

Man In The Middle Attack

Why Eve and Mallory Love Android

1074 of 13500 (8%) apps

● Trusting all Certicates● Allowing all Hostnames

39.5 to 185 million users

SSL/TLS issues

Thank you