SlideShare a Scribd company logo

Sullivan randomness-infiltrate 2014

Cloudflare
Cloudflare

Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise. We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.

Internet
1 of 68
Download to read offline
Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator
Who Am I? • Cryptography Engineer, Security Researcher • Lead the CloudFlare Security Engineering Team • Work with Cryptography at scale • Builder and Breaker 2
Randomness 3
Randomness • What is randomness? • Why is randomness important? • How bad randomness can destroy a computer security system 4
Randomness • Broken random number generator is very problematic ! • This talk demos attacks on: • Bitcoin • TLS/SSL 5
Randomness • Random number generators can be compromised in multiple ways ! • Explicit subversion • Algorithmic weakness • Poor seeding ! • All three are exploitable 6
The Internet is broken 7
The Internet is broken • A failure of trust at scale • Slow adoption by community of new standards • DNSSEC • Perfect Forward Secrecy • Fundamental parts of it are broken • Revocation — as shown by Heartbleed vulnerability 8
A trying year • Events since June 2013 exposed fragility • Threats moved from theoretical to concrete • Opinions of the “paranoid” are now mainstream 9
Leaked documents • Purported attempts to subvert public standards and open source projects • Subversion of random number generation • I can talk about this since I was never involved 10
Dual_EC_DRBG 11
Dual_EC_DRBG • It was reported that RSA took 10 million to make Dual_EC_DRBG default in BSAFE in 2004 • Removed as default in 2013 12
Dual_EC_DRBG • Clumsy, slow random number generator based on elliptic curves • Came with two “random” starting points • Missed opportunity(?) if they are random • Starting points can be chosen such that creator has a back door • Patented by Vanstone and Brown (2005) • 32 bytes of data reveal entire stream 13
Dual_EC_DRBG • Internal state is entirely dependent on the seed 14
Dual_EC_DRBG • TLS client hello only reveals 28 bytes of random • RSA implemented non-standard “extended random” TLS extension • Reveals the full 32 bytes of consecutive data required 15
Dual_EC_DRBG • “On the Practical Exploitability of Dual EC in TLS Implementations” - 2014 • Lange, Bernstein, Green, et al. • Looked into OpenSSL-FIPS, SChannel, BSAFE, used trojaned points ! • Findings • TLS for each are fingerprintable • TLS session key in seconds to hours of computation — passively 16
Dual_EC_DRBG - Takeaways • Many protocols include random values (nonces, IVs, session ids, etc.) • Internal state can be recovered with this data • All future random can be derived from internal state 17
Intel RDRAND 18
Intel RDRAND • IvyBridge and later random number generator — in hardware • Designed to be fast • Has an AES-based “whitening” step at the end 19
Intel RDRAND 20
Intel RDRAND • Exploitability: it’s a hardware instruction • Virtualized environments - override from hypervisor • Microcode updates ! • Verifiability • Designers have not looked at production chips in Haswell • Is there a backdoor in silicon? Hard to tell. 21
Intel RDRAND • FreeBSD and Linux patched to make RDRAND sole source of entropy • Eventually patches were blocked or reverted • Linux now mixes RDRAND into /dev/random ! • What motivated these patches? 22
Intel RDRAND - takeaways • Randomness can come from hardware • Should be mixed with other sources • Looking at randomness does not reveal backdoors 23
A bit about entropy 24
A bit about entropy • Why is RDRAND dangerous on its own, but ok to mix? ! • Statistical randomness is not enough • Cryptographic randomness needs • To be unpredictable • To have high entropy 25
A bit about entropy • Entropy is the amount of information contained in a sequence of numbers • If you know the sequence, it is predictable ! • The digits of pi are statistically random, but are predictable • The entropy is equivalent to the definition: “ratio of circumference to diameter of a circle” • This sentence only needs a few bytes to express 26
A bit about entropy • Entropy is in the eyes of the beholder • Known information takes away from the entropy • Digits of pi have high entropy to someone who doesn’t know math ! • The NIST random beacon is not cryptographic randomness • Generated with high entropy process, but disclosed to the world 27
A bit about entropy • Encrypted the digits of pi with a 128 bit AES key • Tell the world that’s what it is ! • The entropy to you is low • The entropy to the world is 128 bit 28
A bit about entropy • Same with Dual_EC_DRBG • Say P = nQ • The relationship between P & Q can be computed by solving ECDLP • That takes ~2^128 computations • The entropy to the world is 128 bits • The entropy to whoever knows n (the creator) is almost zero given 32 consecutive bytes 29
A bit about entropy • Independent entropy is additive • RDRAND is ok to mix in, it can only increase randomness 30
The Digital Signature Algorithm (DSA) 31
The Digital Signature Algorithm (DSA) • Public Key cryptography primitive proposed in 1991 • Allows the owner of a private key to sign hash of a message • The public key is used to verify the signature 32
The Digital Signature Algorithm (DSA) • Where is it used? Everywhere. • What kind of key is your ssh key? • ECDSA: elliptic curve variant used in TLS, bitcoin 33
The Digital Signature Algorithm (DSA) • Core complaint: DSA and ECDSA require cryptographic randomness • Repeated signature with same random value reveal the private key 34
The Digital Signature Algorithm (DSA) • Signature • Pick a random k • Convolute k with private key and hash of message • Publish R, S ! • Solve DLP on R -> k 35
The Digital Signature Algorithm (DSA) • Any known k • Extract private key • Any repeated k with same private key • Extract k 36
The Digital Signature Algorithm (DSA) • The Math 37
The Digital Signature Algorithm (DSA) • The Math 38
The Digital Signature Algorithm (DSA) • Breaking DSA 39
Bitcoin 40
Bitcoin • Fundamental security based on ECDSA • Public key hash is your Bitcoin address • Private key allows you to spend • ECDSA signature proves transaction 41
Bitcoin • OP_CHECKSIG • Verify that a payment was made 42
Bitcoin • Two transactions by same Bitcoin address with same random value k ! • Signature includes S, R • R = kG, where G is base point • If R1 = R1, most likely the same k was used 43
Bitcoin • Demo • /fun - hash1="270666214c4a9654e2b0c40cbe6e57331ab2d8034f8c648944d5d3c7550b46dc" - sig1="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b02201b0d10a717ffccbfe5483bb7aa1cdcdc2a4e8775c706aaeddbcbfd55df190 dd5012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" - hash2="9bc17698be66f12460b7d7f87e47e1bbc03203194d0cf539ca9b862b23742b0a" - sig2="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b0220507b798addf5097c11fb4ed40518b2c3e468feb3d09a1fea837cf9d16ae2 5ef6012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" 44
Other DSA risks • VPN signatures • IPSec uses DSA, ECDSA • OpenVPN • SSH keys • Secure boot chain • low entropy boot environments • Codesigning keys 45
Symptoms of DSA break • Look at the R value • Repeating R means your key is compromised 46
RSA 47
RSA • Public Key Cryptosystem • Basis of the Public Key Infrastructure • Security is based on strength of factoring large numbers ! • RSA modulus N has two factors P & Q • RSA key pairs created by randomly generating P & Q 48
RSA • Taiwanese government id: each person has a unique RSA key 49
RSA • Factoring P*Q is hard • Factoring P*Q and P*R is easy: Chinese remainder theorem • You can also find the GCD of a large number of numbers ! • Factoring RSA keys from certified smart cards: Coppersmith in the wild - 2013 • This is exactly what Bernstein, Heninger, Lange did 50
RSA • They found that some even had recognizable patterns 51
RSA • Result of bad entropy initialization, bad RNG • No Demo, https://factorable.net covers it 52
RSA • Need to attack before keys are created • Bootloading, early execution vulnerable to weak PRNG • TrueCrypt? GnuPG? Probably. • Rely on system to generate RSA keys • Routers and embedded devices - ephemeral RSA keys 53
RSA • What are the symptoms? • No symptoms, totally passive • Where can you harvest public keys? • Scan the internet • PGP lists - keybase.io? 54
TLS 55
TLS • The crown jewel of Internet encryption is SSL/TLS • Breaking this removes privacy on the internet • I will demonstrate one attack and point out two others 56
Handshake • Breakdown of RSA handshake ! • Random from client • Decryption from server 57
Handshake • Breakdown of DHE handshake ! • Random from Client • Random from Server 58
DH on the wire • Client sends aG • Server sends bG • Pre-master secret is abG 59
Perfect Secrecy • RSA is vulnerable to client randomness bugs — session key leak • ECDSA is vulnerable to server randomness bugs — private key leak • DH is vulnerable to both client and server randomness bugs 60
TLS • Demo • node.js server with a modified OpenSSL binding for the RNG • Do a handshake • Measure it, steal DH private key, decrypt stream 61
Vectors of attack 62
Vectors of attack 63 Application Userland CSPRNG sharedlib /dev/random Kernel timing Hypervisor RDRAND
How to exploit more generally • Override RDRAND in hypervisor • Other protocols: OpenVPN, IPSec • Where to find randomness for context: nonces, IVs • Trojan the OS image — /dev/random or system openssl • Extracting RNG state through remote memory disclosure: heartbleed 64
More examples from history • RSA • Debian RNG • ECDSA • Sony Playstation 2 • Android Wallet • Examples: iOS 7.0 bootloader RNG — change BIOS 65
More targets • Other things that depend on good RNG ! • Session cookies • Kaminsky’s DNS poisoning attack mitigation • Suite B - ECDSA Certificate Authorities 66
Conclusion • Randomness is important • Subverting PRNG • Can be done in different layers • Very hard to detect • Exploit bugs in PRNG • Repeated random breaks DSA 67
Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator

Recommended

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
Cloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3
Nick Sullivan
 

Recommended

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
Cloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3
Nick Sullivan
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
Nick Sullivan
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
Nick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
Nick Sullivan
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham Go
Nick Sullivan
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
Cloudflare
 
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoDEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
Cisco DevNet
 
Security with VA Smalltalk
Security with VA SmalltalkSecurity with VA Smalltalk
Security with VA Smalltalk
ESUG
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 network
idsecconf
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projects
OwaspCzech
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor Workshop
Velocidex Enterprises
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
Carlos Martinez Cagnazzo
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networking
markmcclain
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Cloudflare
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
antitree
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
Sam Bowne
 
Go Containers
Go ContainersGo Containers
Go Containers
Cloudflare
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
Cloudflare
 

More Related Content

What's hot

Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
Nick Sullivan
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
Cloudflare
 
Security with VA Smalltalk
Security with VA SmalltalkSecurity with VA Smalltalk
Security with VA Smalltalk
ESUG
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
 

What's hot (20)

An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham Go
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
 
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoDEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
 
Security with VA Smalltalk
Security with VA SmalltalkSecurity with VA Smalltalk
Security with VA Smalltalk
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 network
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projects
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor Workshop
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networking
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
 

Viewers also liked

Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
Cloudflare
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
Cloudflare
 
Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season
Cloudflare
 
WordPress London Meetup January 2012
WordPress London Meetup January 2012WordPress London Meetup January 2012
WordPress London Meetup January 2012
Cloudflare
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksHow to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
Cloudflare
 
Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming
Cloudflare
 
Hardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyHardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense Strategy
Cloudflare
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
EnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
EnergySec
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles Away
EnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
EnergySec
 

Viewers also liked (18)

Go Containers
Go ContainersGo Containers
Go Containers
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
 
SortaSQL
SortaSQLSortaSQL
SortaSQL
 
Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season
 
WordPress London Meetup January 2012
WordPress London Meetup January 2012WordPress London Meetup January 2012
WordPress London Meetup January 2012
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksHow to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
 
A Channel Compendium
A Channel CompendiumA Channel Compendium
A Channel Compendium
 
Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming
 
Hardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyHardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense Strategy
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles Away
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
What to do when pseudo- is not good enough
What to do when pseudo- is not good enoughWhat to do when pseudo- is not good enough
What to do when pseudo- is not good enough
 

Similar to Sullivan randomness-infiltrate 2014

«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
0xdec0de
 

Similar to Sullivan randomness-infiltrate 2014 (20)

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
DEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackersDEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackers
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Cryptography
CryptographyCryptography
Cryptography
 
OWASP Much ado about randomness
OWASP Much ado about randomnessOWASP Much ado about randomness
OWASP Much ado about randomness
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers
 
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
 
Cryptography-101
Cryptography-101Cryptography-101
Cryptography-101
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Cryptography
CryptographyCryptography
Cryptography
 

More from Cloudflare

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
Cloudflare
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
Cloudflare
 

More from Cloudflare (20)

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
 
Why you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceWhy you should replace your d do s hardware appliance
Why you should replace your d do s hardware appliance
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarDon't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
 
Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 

Recently uploaded

VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 

Recently uploaded (20)

Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 

Sullivan randomness-infiltrate 2014

  • 1. Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator
  • 2. Who Am I? • Cryptography Engineer, Security Researcher • Lead the CloudFlare Security Engineering Team • Work with Cryptography at scale • Builder and Breaker 2
  • 4. Randomness • What is randomness? • Why is randomness important? • How bad randomness can destroy a computer security system 4
  • 5. Randomness • Broken random number generator is very problematic ! • This talk demos attacks on: • Bitcoin • TLS/SSL 5
  • 6. Randomness • Random number generators can be compromised in multiple ways ! • Explicit subversion • Algorithmic weakness • Poor seeding ! • All three are exploitable 6
  • 7. The Internet is broken 7
  • 8. The Internet is broken • A failure of trust at scale • Slow adoption by community of new standards • DNSSEC • Perfect Forward Secrecy • Fundamental parts of it are broken • Revocation — as shown by Heartbleed vulnerability 8
  • 9. A trying year • Events since June 2013 exposed fragility • Threats moved from theoretical to concrete • Opinions of the “paranoid” are now mainstream 9
  • 10. Leaked documents • Purported attempts to subvert public standards and open source projects • Subversion of random number generation • I can talk about this since I was never involved 10
  • 12. Dual_EC_DRBG • It was reported that RSA took 10 million to make Dual_EC_DRBG default in BSAFE in 2004 • Removed as default in 2013 12
  • 13. Dual_EC_DRBG • Clumsy, slow random number generator based on elliptic curves • Came with two “random” starting points • Missed opportunity(?) if they are random • Starting points can be chosen such that creator has a back door • Patented by Vanstone and Brown (2005) • 32 bytes of data reveal entire stream 13
  • 14. Dual_EC_DRBG • Internal state is entirely dependent on the seed 14
  • 15. Dual_EC_DRBG • TLS client hello only reveals 28 bytes of random • RSA implemented non-standard “extended random” TLS extension • Reveals the full 32 bytes of consecutive data required 15
  • 16. Dual_EC_DRBG • “On the Practical Exploitability of Dual EC in TLS Implementations” - 2014 • Lange, Bernstein, Green, et al. • Looked into OpenSSL-FIPS, SChannel, BSAFE, used trojaned points ! • Findings • TLS for each are fingerprintable • TLS session key in seconds to hours of computation — passively 16
  • 17. Dual_EC_DRBG - Takeaways • Many protocols include random values (nonces, IVs, session ids, etc.) • Internal state can be recovered with this data • All future random can be derived from internal state 17
  • 19. Intel RDRAND • IvyBridge and later random number generator — in hardware • Designed to be fast • Has an AES-based “whitening” step at the end 19
  • 21. Intel RDRAND • Exploitability: it’s a hardware instruction • Virtualized environments - override from hypervisor • Microcode updates ! • Verifiability • Designers have not looked at production chips in Haswell • Is there a backdoor in silicon? Hard to tell. 21
  • 22. Intel RDRAND • FreeBSD and Linux patched to make RDRAND sole source of entropy • Eventually patches were blocked or reverted • Linux now mixes RDRAND into /dev/random ! • What motivated these patches? 22
  • 23. Intel RDRAND - takeaways • Randomness can come from hardware • Should be mixed with other sources • Looking at randomness does not reveal backdoors 23
  • 24. A bit about entropy 24
  • 25. A bit about entropy • Why is RDRAND dangerous on its own, but ok to mix? ! • Statistical randomness is not enough • Cryptographic randomness needs • To be unpredictable • To have high entropy 25
  • 26. A bit about entropy • Entropy is the amount of information contained in a sequence of numbers • If you know the sequence, it is predictable ! • The digits of pi are statistically random, but are predictable • The entropy is equivalent to the definition: “ratio of circumference to diameter of a circle” • This sentence only needs a few bytes to express 26
  • 27. A bit about entropy • Entropy is in the eyes of the beholder • Known information takes away from the entropy • Digits of pi have high entropy to someone who doesn’t know math ! • The NIST random beacon is not cryptographic randomness • Generated with high entropy process, but disclosed to the world 27
  • 28. A bit about entropy • Encrypted the digits of pi with a 128 bit AES key • Tell the world that’s what it is ! • The entropy to you is low • The entropy to the world is 128 bit 28
  • 29. A bit about entropy • Same with Dual_EC_DRBG • Say P = nQ • The relationship between P & Q can be computed by solving ECDLP • That takes ~2^128 computations • The entropy to the world is 128 bits • The entropy to whoever knows n (the creator) is almost zero given 32 consecutive bytes 29
  • 30. A bit about entropy • Independent entropy is additive • RDRAND is ok to mix in, it can only increase randomness 30
  • 31. The Digital Signature Algorithm (DSA) 31
  • 32. The Digital Signature Algorithm (DSA) • Public Key cryptography primitive proposed in 1991 • Allows the owner of a private key to sign hash of a message • The public key is used to verify the signature 32
  • 33. The Digital Signature Algorithm (DSA) • Where is it used? Everywhere. • What kind of key is your ssh key? • ECDSA: elliptic curve variant used in TLS, bitcoin 33
  • 34. The Digital Signature Algorithm (DSA) • Core complaint: DSA and ECDSA require cryptographic randomness • Repeated signature with same random value reveal the private key 34
  • 35. The Digital Signature Algorithm (DSA) • Signature • Pick a random k • Convolute k with private key and hash of message • Publish R, S ! • Solve DLP on R -> k 35
  • 36. The Digital Signature Algorithm (DSA) • Any known k • Extract private key • Any repeated k with same private key • Extract k 36
  • 37. The Digital Signature Algorithm (DSA) • The Math 37
  • 38. The Digital Signature Algorithm (DSA) • The Math 38
  • 39. The Digital Signature Algorithm (DSA) • Breaking DSA 39
  • 41. Bitcoin • Fundamental security based on ECDSA • Public key hash is your Bitcoin address • Private key allows you to spend • ECDSA signature proves transaction 41
  • 42. Bitcoin • OP_CHECKSIG • Verify that a payment was made 42
  • 43. Bitcoin • Two transactions by same Bitcoin address with same random value k ! • Signature includes S, R • R = kG, where G is base point • If R1 = R1, most likely the same k was used 43
  • 44. Bitcoin • Demo • /fun - hash1="270666214c4a9654e2b0c40cbe6e57331ab2d8034f8c648944d5d3c7550b46dc" - sig1="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b02201b0d10a717ffccbfe5483bb7aa1cdcdc2a4e8775c706aaeddbcbfd55df190 dd5012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" - hash2="9bc17698be66f12460b7d7f87e47e1bbc03203194d0cf539ca9b862b23742b0a" - sig2="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b0220507b798addf5097c11fb4ed40518b2c3e468feb3d09a1fea837cf9d16ae2 5ef6012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" 44
  • 45. Other DSA risks • VPN signatures • IPSec uses DSA, ECDSA • OpenVPN • SSH keys • Secure boot chain • low entropy boot environments • Codesigning keys 45
  • 46. Symptoms of DSA break • Look at the R value • Repeating R means your key is compromised 46
  • 48. RSA • Public Key Cryptosystem • Basis of the Public Key Infrastructure • Security is based on strength of factoring large numbers ! • RSA modulus N has two factors P & Q • RSA key pairs created by randomly generating P & Q 48
  • 49. RSA • Taiwanese government id: each person has a unique RSA key 49
  • 50. RSA • Factoring P*Q is hard • Factoring P*Q and P*R is easy: Chinese remainder theorem • You can also find the GCD of a large number of numbers ! • Factoring RSA keys from certified smart cards: Coppersmith in the wild - 2013 • This is exactly what Bernstein, Heninger, Lange did 50
  • 51. RSA • They found that some even had recognizable patterns 51
  • 52. RSA • Result of bad entropy initialization, bad RNG • No Demo, https://factorable.net covers it 52
  • 53. RSA • Need to attack before keys are created • Bootloading, early execution vulnerable to weak PRNG • TrueCrypt? GnuPG? Probably. • Rely on system to generate RSA keys • Routers and embedded devices - ephemeral RSA keys 53
  • 54. RSA • What are the symptoms? • No symptoms, totally passive • Where can you harvest public keys? • Scan the internet • PGP lists - keybase.io? 54
  • 56. TLS • The crown jewel of Internet encryption is SSL/TLS • Breaking this removes privacy on the internet • I will demonstrate one attack and point out two others 56
  • 57. Handshake • Breakdown of RSA handshake ! • Random from client • Decryption from server 57
  • 58. Handshake • Breakdown of DHE handshake ! • Random from Client • Random from Server 58
  • 59. DH on the wire • Client sends aG • Server sends bG • Pre-master secret is abG 59
  • 60. Perfect Secrecy • RSA is vulnerable to client randomness bugs — session key leak • ECDSA is vulnerable to server randomness bugs — private key leak • DH is vulnerable to both client and server randomness bugs 60
  • 61. TLS • Demo • node.js server with a modified OpenSSL binding for the RNG • Do a handshake • Measure it, steal DH private key, decrypt stream 61
  • 63. Vectors of attack 63 Application Userland CSPRNG sharedlib /dev/random Kernel timing Hypervisor RDRAND
  • 64. How to exploit more generally • Override RDRAND in hypervisor • Other protocols: OpenVPN, IPSec • Where to find randomness for context: nonces, IVs • Trojan the OS image — /dev/random or system openssl • Extracting RNG state through remote memory disclosure: heartbleed 64
  • 65. More examples from history • RSA • Debian RNG • ECDSA • Sony Playstation 2 • Android Wallet • Examples: iOS 7.0 bootloader RNG — change BIOS 65
  • 66. More targets • Other things that depend on good RNG ! • Session cookies • Kaminsky’s DNS poisoning attack mitigation • Suite B - ECDSA Certificate Authorities 66
  • 67. Conclusion • Randomness is important • Subverting PRNG • Can be done in different layers • Very hard to detect • Exploit bugs in PRNG • Repeated random breaks DSA 67
  • 68. Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator