second presentation on IT Security.

1. Side-Channel Attacks Stefan FODOR(backb0ne fl00d3r ) 1 day before June 'couse the true 1337 hax0rs don't care about vulnerabilities

3. Classes of side channel attack

4. Examples

5. Countermeasures

6. Questions?

11. Power monitoring attacks

12. Electromagnetic attacks

13. Acoustic cryptoanalysis

14. Differential fault analysis

16. Apache + mod_SSL

17. Compared time needed to decrypting multiple requests

18. They deduced multiple 1024 bit private-key

20. Bad : recovered 96% of the text based on audio

21. Worse : 69% of all 10 random character password

22. Worst : works on ATMs, too

24. Monitor the electromagnetic field of the smart-phone performing encryptions

25. Deduces the encryption key

27. Recover the disk encryption key

28. … after freezing the RAM Memory

29. Released in July 2008, still no decent remedy

31. Questions?

33. http://en.wikipedia.org/wiki/Side_channel_attack

34. http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml

35. http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

36. http://citp.princeton.edu/memory/

37. http://www.youtube.com/watch?v=4L8rnYhnLt8