Hacking hardened software crypto

Riscure | July 22-23 & July 24-25



Overview

Software crypto plays a large role in securing for instance content and mobile payments, but how does it stand up to local attackers with full control over a device? After taking the course, you will know how to attack software obfuscated ciphers, without spending endless time in de-obfuscation and reverse engineering.

Cryptography is increasingly deployed without hardware support (such as secure key storage) in scenarios in which an attacker is assumed to have full control of the environment. This includes e.g. DRM and mobile payment solutions.

With this level of access, attackers have unrestricted access to the cryptographic implementation: they can read and modify all files, monitor the execution flow and tamper with it. The scenario in which the adversary has full control over the cryptographic implementation is known as white-box attack model.

The challenge of implementing cryptography in the white-box attack model is to design the cryptographic algorithm such that all cryptographic assets remain secure. The techniques used are known as white-box cryptography and have similarities with code obfuscation. Recently, two classes of devastating attacks that require little knowledge of the implementation details and no reverse engineering of the algorithm were introduced.

This course will give you practical experience with the most powerful attacks known against white box crypto: differential computational analysis and differential fault injection attacks. Concretely you will walk away with the following skills:

Day 1:
  • understand what the typical attacks
  • Introduction to differential computational analysis
  • Key retrieval of an open source WBC solution
  • Preprocessing techniques to speed up the attack

Day 2:
  • Identify countermeasures against differential computation analysis
  • Introduction to fault analysis attacks
  • Key retrieval with fault analysis of an open source
  • Countermeasures against fault analysis attack


The attacks are performed with both open source tools and commercial grade tooling.

Who Should Take this Course

- Developers wishing to understand attacks on obfuscated software ciphers / whitebox crypto
- Security researchers wishing to add a new set of attacks to their skills

Student Requirements

A course for devs and researchers with basic knowledge of crypto and software attacks. No in-depth knowledge about crypto, software obfuscation or differential computation attacks is assumed.

What Students Should Bring

Laptop

What Students Will Be Provided With

handouts, open-source tools to perform the attacks at home

Trainers

Jasper (@jzvw) currently is CTO for Riscure North America. As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat trainings, Intel Security Conference, RSA, EDSC, BSides, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, GMU and the University of Amsterdam. Specialties: binary code analysis, side channel analysis, fault injection, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.