Security Lessons from Bletchley Park and EnigmaCraig Heath
Ā
Presented at DC4420 in London.
A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today.
Digital resistance, East European demo artJari Jaanto
Ā
The Alternative Party presents a showcase of old computer hardware (and new software for them) from the Soviet Union and East European countries, showing a rare glimpse of the unique computing culture that is very different from the corporate-driven, western hardware offerings. A show of unique styles of digital art, influenced by demo art and local computer hobbyist cliques, with a distinct Eastern flavour.
Security Lessons from Bletchley Park and EnigmaCraig Heath
Ā
Presented at DC4420 in London.
A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today.
Digital resistance, East European demo artJari Jaanto
Ā
The Alternative Party presents a showcase of old computer hardware (and new software for them) from the Soviet Union and East European countries, showing a rare glimpse of the unique computing culture that is very different from the corporate-driven, western hardware offerings. A show of unique styles of digital art, influenced by demo art and local computer hobbyist cliques, with a distinct Eastern flavour.
MISRA-C as a functional programming with subset of C programming languageKiyoshi Ogawa
Ā
MISRA-C is a safety Coding standard. CertC is a security Coding standard. Both rules avoid undefined, unspecified and implementation definition that cause different behaviors with a same code. Undefined, unspecified and implementation definition cause side effects, so those rules can be easy to describe functional programming. Software coding rules only focus to space dimensions, HDL coding rules such as STARC RTL design style guides focus to Space and Time Dimensions.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
This is the first part of my introduction to cryptography lectures I have presented at numerous institutions in Lithuania. The presentation is based on the book by known cryptography expert Christof Paar.
A Brief History of British Computing VCF PNW 2019Steve Jamieson
Ā
Presented at the Vintage Computer Festival (VCF) Pacific North West (PNW) March 24th 2019.
This talk will briefly cover the computers, technology and people from British computing history, including some of the more obscure and less well-known stories. We'll quickly review some British contributions to the early days of computers, then move on to the exciting times of the 70's & 80's. In those days the British home computing scene was the most active and innovative outside of the USA, but many British computers never made it to these shores and are largely unknown on this side of the pond. We'll finish up with some good places to see computers in the UK next time you visit.
MISRA-C as a functional programming with subset of C programming languageKiyoshi Ogawa
Ā
MISRA-C is a safety Coding standard. CertC is a security Coding standard. Both rules avoid undefined, unspecified and implementation definition that cause different behaviors with a same code. Undefined, unspecified and implementation definition cause side effects, so those rules can be easy to describe functional programming. Software coding rules only focus to space dimensions, HDL coding rules such as STARC RTL design style guides focus to Space and Time Dimensions.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
This is the first part of my introduction to cryptography lectures I have presented at numerous institutions in Lithuania. The presentation is based on the book by known cryptography expert Christof Paar.
A Brief History of British Computing VCF PNW 2019Steve Jamieson
Ā
Presented at the Vintage Computer Festival (VCF) Pacific North West (PNW) March 24th 2019.
This talk will briefly cover the computers, technology and people from British computing history, including some of the more obscure and less well-known stories. We'll quickly review some British contributions to the early days of computers, then move on to the exciting times of the 70's & 80's. In those days the British home computing scene was the most active and innovative outside of the USA, but many British computers never made it to these shores and are largely unknown on this side of the pond. We'll finish up with some good places to see computers in the UK next time you visit.
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...44CON
Ā
Your job is to secure operations. But nobody listens to you. Thereās no budget. Management keeps making bad security decisions that seem to sabotage your efforts. Do you flee or do you try harder? The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management weāre trying to protect. And thatās where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse- shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new found stance.
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
Ā
One of the hottest topics in current crypto research is Post-Quantum Cryptography. This branch of cryptography addresses asymmetric crypto systems that are not prone to quantum computers.
Virtually all asymmetric crypto systems currently in use (Diffie-Hellman, RSA, DSA, and Elliptic Curve Crypto Systems) are not Post-Quantum. They will be useless, once advanced quantum computers will be available. Quantum computer technology has made considerable progress in recent years, with major organisations, like Google, NSA, and NASA, investing in it.
Post-Quantum Cryptography uses advanced mathematical concepts. Even if one knows the basics of current asymmetric cryptography (integer factorisation, discrete logarithms, ā¦), Post-Quantum algorithms are hard to understand.
The goal of this presentation is to explain Post-Quantum Cryptography in a way that is comprehensible for non-mathematicians. Five families of crypto systems (as good as all known Post-Quantum algorithms belong to these) will be introduced:
Lattice-based systems:
The concept of lattice-based asymmetric encryption will be explained with a two-dimensional grid (real-world implementations use 250 dimensions and more). Some lattice-based ciphers (e.g., New Hope) make use of the Learning with Error (LWE) concept. I will demonstrate LWE encryption in a way that is understandable to somebody who knows Gaussian elimination (this is taught at middle school). Other lattice-based systems (especially NTRU) use truncated polynomials, which I will also explain in a simple way.
Code-based systems:
McEliece and a few other asymmetric ciphers are based on error correction codes. While teaching the whole McEliece algorithm might be too complex for a 44CON presentation, it is certainly possible to explain error correction codes and the main McEliece fundamentals.
Non-commutative systems:
There are nice ways to explain non-commutative groups and the crypto systems based on these, using everyday-life examples. Especially, twisting a Rubikās Cube and plaiting a braid are easy-to-understand group operations a crypto system can be built on.
Multivariate systems:
Multivariate crypto can be explained to somebody who knows Gaussian elimination.
Hash-based signatures: If properly explained, Hash-based signatures are easier to understand than any other asymmetric crypto scheme.
I will explain these systems with cartoons, drawings, photographs, a Rubikās Cube and other items.
In addition, I will give a short introduction to quantum computers and the current Post-Quantum Crypto Competition (organised by US authority NIST).
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
Ā
Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.
In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.
To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.
The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as āguest introspectionā or āvirtual-machine introspectionā. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.
Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...44CON
Ā
Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:
Unexpected consequences (why did it decide this rifle is a banana?)
Data leakage (how did they know Joe has diabetes)
Memory corruption and other exploitation techniques (boom! RCE)
Influence the output
In other words, while ML is great at identifying and classifying patterns, an attacker can take advantage of this and take control of the system.
This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others ā a live demo will be shown on stage!
Garbage In, RCE Out :)
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...44CON
Ā
Numerous technical articles, presentations, and even books exists about reverse engineering the Windows Driver Model (WDM) for purposes that vary from simply understanding how a specific driver works, to malware analysis and bug hunting. On the other hand, Microsoft has been providing the Kernel Mode Driver Framework (KMDF) for quite a while and we now see more and more drivers shifting to this framework instead of interacting directly with the OS like in the old WDM times. Yet, there is close to no information on how to approach this model from a reverse engineering and offensive standpoint.
In this presentation, I will first do a quick recap on WDM drivers, its common structures, and how to identify its entry points. Then Iāll introduce KMDF with all its relevant functions for reverse engineering through a set of case-studies. Iāll describe how to interact with a KMDF device object through SetupDI api and how to find and analyze the different IO queues dispatch routines. Does the framework actually enhances security? Weāll come to a conclusion after revealing some major vendor implementation problems.
Armed with this knowledge, you will be able to run your own bug hunting session over any KMDF driver.
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
Ā
In March 2018, the UK launched its Secure by Design report in order to help defend against security threats, especially for consumer Internet of Things products and services. Over the past few years, poorly secured IoT devices have been hijacked in both targeted as well as large-scale DDoS attacks such as Mirai. In addition to this, poor security can threaten both privacy and safety.
The speaker, David Rogers authored the UKās āCode of Practice for Security in Consumer IoT Products and Associated Servicesā, in collaboration with DCMS, NCSC, ICO and industry colleagues with extensive support from the security research community. David will discuss the guidelines within the Code of Practice, why these were prioritised and why the top three became dealing with the password problem, implementing vulnerability disclosure and acting on it and addressing software updates. David will also look at whatās next: what will the challenges be and will the Code of Practice succeed in its aims? How can IoT products possibly be certified and how will the threat landscape change in response to improving security?
Weak analogies make poor realities ā are we sitting on a Security Debt Crisis...44CON
Ā
Cyber Security is often framed in terms of āRiskā- the possibility of suffering harm or loss ā and the āManagementā of Risk to reduce uncertainty. This is familiar territory for businesses. Cyber Security falls in neatly under Risk Management, is assigned a suitable place on the organigramme, tossed some spare budget and granted a few paragraphs in the board report. NIST defines Risk as a āfunction of the likelihood of a given threat-sourceās exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisationā.
Key theme:
This presentation explores the idea that making cyber security analogous to risk is holding us back. How about we talk about security ādebtā instead? Technical Debt is already a well understood concept in software development ā the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security.
In this presentation we will comment on the power of āanalogiesā and how theyāve shaped our industry. Weāll then consider the difference between the āsecurity as riskā and the āsecurity as debtā paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.
Con speakers fear the Nerf gun. Overrun your talk time at your peril; Steve will shoot your arse with extreme prejudice until you STFU. We had to find a way to pwn the gun and shoot him back.
Thatās when we found the Nerf Terrascout: a remote tank gun controlled over 2.4GHz, with a video feed to the remote, complete with crosshairs.
At first, we thought this would be a trivial job: figure out the RF and take control. It turned in to a mammoth hardware, firmware and RF reversing project.
This puppy is so over-specced it would drive you to tears.
The talk will cover the fails, hair loss and eventual success. There wonāt be any smart dildos in it, though some of the techniques used are equally suited to teledildonics exploitation, if thatās your thing.
Reversing RF in a high frequency environment using SDRs is challenging. Weāll discuss how we worked around these issues using hardware reversing skills.
We had to import hardware from China for this project, which we could then programme ourselves using SPI, impersonate the legitimate controller and ājack the tank gun.
This talk will of course include a live demonstration of hijacking the tank gun and (possibly) shooting Steve.
Security module for php7 ā Killing bugclasses and virtual-patching the rest! ...44CON
Ā
Presented by: Julien Voisin and Thibault Koechlin
Suhosin is a great PHP module, but unfortunately, itās getting old, new ways have been found to compromise PHP applications, and some arenāt working anymore; and it doesnāt play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applicationsā code.
2. whoami
ā¢ Bob Weiss - @pwcrack -
President and Founder,
Password Crackers, Inc.
(pwcrack.com) & Defcon Goon
ā¢ Benjamin Gatti - @BenjaminoG -
Developer, OpenVPN
3. Alan Turing
Were Alan Turing alive today,
he would be unconstrained by
either the mechanical
computing devices of the
1940's; or it's pharisaical
provincialism.
We are pleased to present a
digital Enigma attack in
London at #44Con during this
centennial of his birth.
15. Stecker Isolation
Letters for each Stecker Binned separately.
26!! - 6!! (150T) to 26^3 (17K) (pwned)
EDGYEMHENYFYEJOEIYKUFMKEUA
THEFOXJUMPEDOVERTHELAZYDOG
TOUORD Chi
(E Stecker)