How to defend from an attacker armed with a mathematician

Quickie

method_archi Methodology & Architecture

Room 8

Thursday from 13:00 til 13:20

Diffie-Hellman key exchange is one of the most common public-key cryptographic methods in use in the Internet. It is a fundamental building block for IPsec, SSH, and TLS. Diffie-Hellman key exchange allows two parties to agree on a shared secret in the presence of an eavesdropper. Since the security of Diffie-Hellman relies crucially on the group parameters, implementations can be vulnerable to an attacker who provides maliciously generated parameters that change the properties of the group. In January 2016 we found a vulnerability affecting OpenSSL leveraging indeed this kind of attack (CVE-2016-0701). The research made while studying OpenSSL code base also highlighted a semi-mysterious RFC (RFC 5114 – “Additional Dif e-Hellman Groups for Use with IETF Standards”) originating from Defense contractor BBN. The mathematical property of the groups introduced in RFC 5114 were of particular interest since made OpenSSL particularly susceptible to a Key Recovery Attack.

Antonio Sanso Antonio Sanso

Antonio works as Senior Software Engineer at Adobe Research Switzerland where he is part of the Adobe Experience Manager security team. Antonio is co-author of “OAuth 2 in Action" book. He found vulnerabilities in popular software as OpenSSL, Google Chrome, Apple Safari and is included in the Google, Facebook, Microsoft, Paypal and Github security hall of fame. He is an avid open source contributor, being the Vice President (chair) for Apache Oltu and PMC member for Apache Sling. His working interests span from web application security to cryptography. Antonio is also the author of more than a dozen computer security patents and applied cryptography academic papers. He holds an MSc in Computer Science.