SlideShare une entreprise Scribd logo

ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet

Cyber Security Alliance
Cyber Security Alliance

This document discusses hash flooding denial of service (DoS) attacks and defenses. It presents the theory behind exploiting weaknesses in hash functions like MurmurHash2/3 through differential cryptanalysis. Specifically, it shows how to generate multicollision inputs that result in the same hash value. This allows an attacker to force worst-case insertion times into hash tables, overloading systems. The document notes that many systems using MurmurHash2/3 remain vulnerable. It then discusses potential real-world attacks against uses of hashes in applications like web frameworks. As an example, it demonstrates how to attack internal hash tables in Ruby on Rails, though default protections prevent attacks on request parameters.

Technologie
1  sur  121
Télécharger pour lire hors ligne
Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
Jean-Philippe Cryptography expert at the Kudelski Group Applied crypto researcher https://131002.net @aumasson Martin Independent SW engineer and security expert Ruby core dev team member http://www.martinbosslet.de @_emboss_
Hash-flooding DoS reloaded: attacks and defenses
Denial-of-Service (DoS) attacks “Attempt to make a machine or network resource unavailable to its intended users.” Wikipedia
Popular DoS techniques are distributed HTTP or TCP SYN flood… (DDoS)
More subtle techniques exploit properties of TCP-congestion-avoidance algorithms…
Hash-flooding DoS reloaded: attacks and defenses
Hash tables used in many applications to maintain an association between objects Example: Python dictionaries d={} # empty table d[12345]=0xc # insertion d[‘astring’]=‘foo’ # insertion d[(‘a’,‘tuple’)]=0 # insertion print d[‘a string’] # lookup
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc d[‘astring’]=‘foo’ , hash(‘astring’)=0
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc (‘a’,’tuple’): 0 d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ d[‘astring’]=‘foo’ , hash(‘astring’)=0
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ (‘a’, ‘tuple’): ‘foo’ d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
Hash flooding: Send to a server many inputs with a same hash (a multicollision) so as to enforce worst-case insert time
send 2MB of POST data consisting of 200.000 colliding 10B strings ≈ 40.000.000.000 string comparisons (at least 10s on a 2GHz machine…)
Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
Patches released consisting of a stronger hash with randomization (to make colliding values impossible to find)
MurmurHash2 “used in code by Google, Microsoft, Yahoo, and many others” http://code.google.com/p/smhasher/wiki/MurmurHash CRuby, JRuby
MurmurHash3 “successor to MurmurHash2” Oracle’s Java SE, Rubinius
Hash-flooding DoS reloaded: attacks and defenses
1. Theory
MurmurHash3 core Processes the input per blocks of 4 bytes for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); 0x80000000 h1 = h1 *5+0 xe6546b64;} 0x80000000
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 diff in h1: 0x80000000 ^ 0x80000000 = 0 h1 ^= k1; h1 = ROTL32 ( h1 ,13); COLLISION! h1 = h1 *5+0 xe6546b64;}
M1 M2 32-bit 32-bit h1=f(X)=H h1=X M1^D1 M2^D2 32-bit 32-bit h1=f(X^D3^D3)=H h1=X^D3 2 colliding 8-byte inputs
M1 M2 M3 M4 M5 M6 collision collision collision Chain collisions => multicollisions 8n bytes => 2 n colliding inputs
A multicollision works for any seed => “Universal” multicollisions h1=seed; for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; // transform of k1 independent of the seed! h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Even simpler for MurmurHash2
Consequence: Systems using MurmurHash2/3 remain vulnerable to hash-flooding
Other hash attacked
Even weaker than MurmurHash2… Also vulnerable to hash flooding
CityHash64( BU9[85WWp/ HASH!, 16 ) = b82e7612e6933d2f CityHash64( 8{YDLn;d.2 HASH!, 16 ) = b82e7612e6933d2f CityHash64( d+nkK&t?yr HASH!, 16 ) = b82e7612e6933d2f CityHash64( {A.#v5i]V{ HASH!, 16 ) = b82e7612e6933d2f CityHash64( FBC=/hJeA!HASH!, 16 ) = b82e7612e6933d2f CityHash64( $03$=K1.-H!HASH!, 16 ) = b82e7612e6933d2f CityHash64( 3o'L'Piw!HASH!, 16 ) = b82e7612e6933d2f CityHash64( duDu%qaUS@"HASH!, 16 ) = b82e7612e6933d2f CityHash64( IZVo|0S=BX"HASH!, 16 ) = b82e7612e6933d2f CityHash64( X2V|P=<u,=#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 9<%45yG]qG#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 6?4O:'<Vho#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 2u 2}7g^>3$HASH!, 16 ) = b82e7612e6933d2f CityHash64( kqwnZH=cKG$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Nl+:rtvw}K$HASH!, 16 ) = b82e7612e6933d2f CityHash64( s/pI!<5u*]$HASH!, 16 ) = b82e7612e6933d2f CityHash64( f|P~n*<xPc$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Cj7TCG|G}}$HASH!, 16 ) = b82e7612e6933d2f CityHash64( a4$>Jf3PF'%HASH!, 16 ) = b82e7612e6933d2f
2. Practice
Breaking Murmur: We‘ve got the recipe – Now all we need is the (hash) cake
Where are hashes used?
Internally vs. Externally
Parser symbol tables Method lookup tables Attributes / Instance variables IP Addresses Transaction IDs Database Indexing Session IDs HTTP Headers JSON Representation URL-encoded POST form data Deduplication (HashSet) A* search algorithm Dictionaries …
=> Where aren’t they used?
Can’t we use something different?
We could, but amortized constant time is just too sexy
Possible real-life attacks
Attack internal use?
Elegant, but low impact
Need a high-profile target
Web Application
Example #1 Rails
First: Attacking MurmurHash in Ruby
Straight-forward with a few quirks
Apply the recipe
Demo
Should work with Rails out of the box, no?
Unfortunately, no
Demo
def POST … @env["rack.request.form_hash"] = parse_query(form_vars) … end
def parse_query(qs) Utils.parse_nested_query(qs) end
def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
def unescape(s, encoding = Encoding::UTF_8) URI.decode_www_form_component(s, encoding) end
def self.decode_www_form_component(str, enc=Encoding::UTF_8) raise ArgumentError, "invalid %-encoding (#{str})" unless /A[^%]*(?:%hh[^%]*)*z/ =~ str str.gsub(/+|%hh/, TBLDECWWWCOMP_).force_encoding(enc) end
/A[^%]*(?:%hh[^%]*)*z/ ???
Catches invalid % encodings (e.g. %ZV, %%1 instead of %2F)
def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
def normalize_params(params, name, v = nil) name =~ %r(A[[]]*([^[]]+)]*) k = $1 || '' … end
%r(A[[]]*([^[]]+)]*) ???
helps transform [[]] to []
idea: pre-generate matching values
create random values passing the regular expressions
that should do it, right?
Demo
def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
class KeySpaceConstrainedParams def []=(key, value) @size += key.size if key && !@params.key?(key) raise RangeError, 'exceeded available parameter key space‘ if @size > @limit @params[key] = value end end
What now? Rails is safe?
Remember: Hashes are used everywhere
So if application/x-www-form-urlencoded doesn't work, how about application/json ?
Again, with the encoding...
Fast-forward...
Demo
Conclusion Patchwork is not helping
too many places
code bloat
yet another loophole will be found
Fix it at the root
Example #2 Java
String(byte[] bytes)
public String(byte bytes[], int offset, int length, Charset charset) { … char[] v = StringCoding.decode(charset, bytes, offset, length); … }
Tough nut to crack
What now? Java is safe?
String(char[] value)
public String(char value[]) { int size = value.length; this.offset = 0; this.count = size; this.value = Arrays.copyOf(value, size); }
No decoding!
Substitute byte[] operations with equivalent operations on char[]
Demo
Disclosure Oracle (Java): Sep 11 CRuby, JRuby, Rubinius: Aug 30
Hash-flooding DoS reloaded: attacks and defenses
SipHash: a fast short-input PRF New crypto algorithm to fix hash-flooding: • Rigorous security requirements and analysis • Speed competitive with that of weak hashes Peer-reviewed research paper (A., Bernstein). published at DIAC 2012, INDOCRYPT 2012
SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ 736f6d6570736575 v1 = k1 ⊕ 646f72616e646f6d v2 = k0 ⊕ 6c7967656e657261 v3 = k1 ⊕ 7465646279746573
SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ “somepseu” v1 = k1 ⊕ “dorandom” v2 = k0 ⊕ “lygenera” v3 = k1 ⊕ “tedbytes”
SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m0 c iterations of SipRound v0 ⊕= m0
SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m1 c iterations of SipRound v0 ⊕= m1
SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m2 c iterations of SipRound v0 ⊕= m2
SipHash compression Message parsed as 64-bit words m0, m1, … Etc.
SipRound
SipHash finalization v2 ⊕= 255 d iterations of SipRound Return v0 ⊕ v1 ⊕ v2 ⊕ v3
SipHash-2-4 hashing 15 bytes
Family SipHash-c-d Fast proposal: SipHash-2-4 Conservative proposal: SipHash-4-8 Weaker versions for cryptanalysis: SipHash-1-0, SipHash-2-0, etc. SipHash-1-1, SipHash-2-1, etc. Etc.
Proof of simplicity June 20: paper published online June 28: 18 third-party implementations C (Floodyberry, Boßlet, Neves); C# (Haynes) Cryptol (Lazar); Erlang, Javascript, PHP (Denis) Go (Chestnykh); Haskell (Hanquez) Java, Ruby (Boßlet); Lisp (Brown); Perl6 (Julin)
Who is using SipHash? http://www.opendns.com/ http://www.rust-lang.org/ Soon?
Take home message • DoS is doable with only small data/bandwidth • Java- and Ruby-based web applications vulnerable to DoS (and maybe others…) • SipHash offers both security and performance Contact us if you need to check your application
Hash-flooding DoS reloaded: attacks and defenses THANK YOU!

Recommandé

Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Ds 2 cycle
Ds 2 cycleDs 2 cycle
Ds 2 cycleChaitanya Kn
 
A verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysA verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysAleksandr Yampolskiy
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionChristoph Matthies
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Let’s talk about microbenchmarking
Let’s talk about microbenchmarkingLet’s talk about microbenchmarking
Let’s talk about microbenchmarkingAndrey Akinshin
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 

Recommandé

Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Ds 2 cycle
Ds 2 cycleDs 2 cycle
Ds 2 cycleChaitanya Kn
 
A verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysA verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysAleksandr Yampolskiy
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionChristoph Matthies
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Let’s talk about microbenchmarking
Let’s talk about microbenchmarkingLet’s talk about microbenchmarking
Let’s talk about microbenchmarkingAndrey Akinshin
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Platonov Sergey
 
COSCUP: Introduction to Julia
COSCUP: Introduction to JuliaCOSCUP: Introduction to Julia
COSCUP: Introduction to Julia岳華 杜
 
Asssignment2
Asssignment2 Asssignment2
Asssignment2 AnnamalikAnnamalik
 
Java puzzles
Java puzzlesJava puzzles
Java puzzlesNikola Petrov
 
Java Puzzle
Java PuzzleJava Puzzle
Java PuzzleSFilipp
 
Clojure class
Clojure classClojure class
Clojure classAysylu Greenberg
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2Vani Kandhasamy
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
 
Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Platonov Sergey
 
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...Alex Pruden
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and IsogeniesPriyanka Aash
 
Distributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutDistributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutSuneel Marthi
 
Predicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPredicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPhilippe Camacho, Ph.D.
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013Amazon Web Services
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksPascal Flöschel
 

Contenu connexe

Tendances

Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Platonov Sergey
 
COSCUP: Introduction to Julia
COSCUP: Introduction to JuliaCOSCUP: Introduction to Julia
COSCUP: Introduction to Julia岳華 杜
 
Java Puzzle
Java PuzzleJava Puzzle
Java PuzzleSFilipp
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
 
Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Platonov Sergey
 
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...Alex Pruden
 
Distributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutDistributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutSuneel Marthi
 
Predicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPredicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPhilippe Camacho, Ph.D.
 

Tendances (14)

Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”
 
COSCUP: Introduction to Julia
COSCUP: Introduction to JuliaCOSCUP: Introduction to Julia
COSCUP: Introduction to Julia
 
Asssignment2
Asssignment2 Asssignment2
Asssignment2
 
Java puzzles
Java puzzlesJava puzzles
Java puzzles
 
Java Puzzle
Java PuzzleJava Puzzle
Java Puzzle
 
Clojure class
Clojure classClojure class
Clojure class
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2
 
Computer security
Computer security Computer security
Computer security
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their Applications
 
Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”
 
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and Isogenies
 
Distributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutDistributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache Mahout
 
Predicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPredicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant Hashing
 

En vedette

F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013Amazon Web Services
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 

En vedette (10)

Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 

Similaire à ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet

Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cppAlamgir Hossain
 
Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06Aritra Sarkar
 
Lecture3 combinational blocks
Lecture3 combinational blocksLecture3 combinational blocks
Lecture3 combinational blocksNima Shafiee
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Mozaic Works
 
Computer graphics lab manual
Computer graphics lab manualComputer graphics lab manual
Computer graphics lab manualUma mohan
 
Ee693 sept2014midsem
Ee693 sept2014midsemEe693 sept2014midsem
Ee693 sept2014midsemGopi Saiteja
 
QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017Fred J. Hickernell
 
Ch01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluitonCh01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluitonshin
 
Introduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from ScratchIntroduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from ScratchAhmed BESBES
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
Efficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCLEfficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCLJonas Traub
 
PyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into CoroutinePyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into CoroutineDaehee Kim
 
C++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptxC++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptxssuser3cbb4c
 
Understanding the Disruptor
Understanding the DisruptorUnderstanding the Disruptor
Understanding the DisruptorTrisha Gee
 

Similaire à ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet (20)

Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cpp
 
Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06
 
Lecture3 combinational blocks
Lecture3 combinational blocksLecture3 combinational blocks
Lecture3 combinational blocks
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
 
Computer graphics lab manual
Computer graphics lab manualComputer graphics lab manual
Computer graphics lab manual
 
Ee693 sept2014midsem
Ee693 sept2014midsemEe693 sept2014midsem
Ee693 sept2014midsem
 
Faster Python, FOSDEM
Faster Python, FOSDEMFaster Python, FOSDEM
Faster Python, FOSDEM
 
QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017
 
Ch01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluitonCh01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluiton
 
Introduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from ScratchIntroduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from Scratch
 
Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...
Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...
Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 
C++ TUTORIAL 10
C++ TUTORIAL 10C++ TUTORIAL 10
C++ TUTORIAL 10
 
Efficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCLEfficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCL
 
PyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into CoroutinePyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into Coroutine
 
03.01 hash tables
03.01 hash tables03.01 hash tables
03.01 hash tables
 
QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...
QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...
QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...
 
C++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptxC++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptx
 
Understanding the Disruptor
Understanding the DisruptorUnderstanding the Disruptor
Understanding the Disruptor
 
Introduction VHDL.ppt
Introduction VHDL.pptIntroduction VHDL.ppt
Introduction VHDL.ppt
 

Plus de Cyber Security Alliance

Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Cyber Security Alliance
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksCyber Security Alliance
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 

Plus de Cyber Security Alliance (20)

Bug Bounty @ Swisscom
Bug Bounty @ SwisscomBug Bounty @ Swisscom
Bug Bounty @ Swisscom
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacks
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
 
Blockchain for Beginners
Blockchain for Beginners Blockchain for Beginners
Blockchain for Beginners
 
Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging apps
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacks
 
Rump : iOS patch diffing
Rump : iOS patch diffingRump : iOS patch diffing
Rump : iOS patch diffing
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Rump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabriceRump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabrice
 
Operation emmental appsec
Operation emmental appsecOperation emmental appsec
Operation emmental appsec
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet

  • 1. Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
  • 2. Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
  • 3. Jean-Philippe Cryptography expert at the Kudelski Group Applied crypto researcher https://131002.net @aumasson Martin Independent SW engineer and security expert Ruby core dev team member http://www.martinbosslet.de @_emboss_
  • 4. Hash-flooding DoS reloaded: attacks and defenses
  • 5. Denial-of-Service (DoS) attacks “Attempt to make a machine or network resource unavailable to its intended users.” Wikipedia
  • 6. Popular DoS techniques are distributed HTTP or TCP SYN flood… (DDoS)
  • 7. More subtle techniques exploit properties of TCP-congestion-avoidance algorithms…
  • 8. Hash-flooding DoS reloaded: attacks and defenses
  • 9. Hash tables used in many applications to maintain an association between objects Example: Python dictionaries d={} # empty table d[12345]=0xc # insertion d[‘astring’]=‘foo’ # insertion d[(‘a’,‘tuple’)]=0 # insertion print d[‘a string’] # lookup
  • 10. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average
  • 11. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
  • 12. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc d[‘astring’]=‘foo’ , hash(‘astring’)=0
  • 13. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc (‘a’,’tuple’): 0 d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
  • 14. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
  • 15. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ d[‘astring’]=‘foo’ , hash(‘astring’)=0
  • 16. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ (‘a’, ‘tuple’): ‘foo’ d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
  • 17. Hash flooding: Send to a server many inputs with a same hash (a multicollision) so as to enforce worst-case insert time
  • 18. send 2MB of POST data consisting of 200.000 colliding 10B strings ≈ 40.000.000.000 string comparisons (at least 10s on a 2GHz machine…)
  • 19. Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
  • 20. Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
  • 21.
  • 22. Patches released consisting of a stronger hash with randomization (to make colliding values impossible to find)
  • 23. MurmurHash2 “used in code by Google, Microsoft, Yahoo, and many others” http://code.google.com/p/smhasher/wiki/MurmurHash CRuby, JRuby
  • 24. MurmurHash3 “successor to MurmurHash2” Oracle’s Java SE, Rubinius
  • 25. Hash-flooding DoS reloaded: attacks and defenses
  • 27. MurmurHash3 core Processes the input per blocks of 4 bytes for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 28. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 29. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 30. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 31. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); 0x80000000 h1 = h1 *5+0 xe6546b64;} 0x80000000
  • 32. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 33. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 34. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 diff in h1: 0x80000000 ^ 0x80000000 = 0 h1 ^= k1; h1 = ROTL32 ( h1 ,13); COLLISION! h1 = h1 *5+0 xe6546b64;}
  • 35. M1 M2 32-bit 32-bit h1=f(X)=H h1=X M1^D1 M2^D2 32-bit 32-bit h1=f(X^D3^D3)=H h1=X^D3 2 colliding 8-byte inputs
  • 36. M1 M2 M3 M4 M5 M6 collision collision collision Chain collisions => multicollisions 8n bytes => 2 n colliding inputs
  • 37. A multicollision works for any seed => “Universal” multicollisions h1=seed; for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; // transform of k1 independent of the seed! h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 38. Even simpler for MurmurHash2
  • 39. Consequence: Systems using MurmurHash2/3 remain vulnerable to hash-flooding
  • 41. Even weaker than MurmurHash2… Also vulnerable to hash flooding
  • 42. CityHash64( BU9[85WWp/ HASH!, 16 ) = b82e7612e6933d2f CityHash64( 8{YDLn;d.2 HASH!, 16 ) = b82e7612e6933d2f CityHash64( d+nkK&t?yr HASH!, 16 ) = b82e7612e6933d2f CityHash64( {A.#v5i]V{ HASH!, 16 ) = b82e7612e6933d2f CityHash64( FBC=/hJeA!HASH!, 16 ) = b82e7612e6933d2f CityHash64( $03$=K1.-H!HASH!, 16 ) = b82e7612e6933d2f CityHash64( 3o'L'Piw!HASH!, 16 ) = b82e7612e6933d2f CityHash64( duDu%qaUS@"HASH!, 16 ) = b82e7612e6933d2f CityHash64( IZVo|0S=BX"HASH!, 16 ) = b82e7612e6933d2f CityHash64( X2V|P=<u,=#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 9<%45yG]qG#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 6?4O:'<Vho#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 2u 2}7g^>3$HASH!, 16 ) = b82e7612e6933d2f CityHash64( kqwnZH=cKG$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Nl+:rtvw}K$HASH!, 16 ) = b82e7612e6933d2f CityHash64( s/pI!<5u*]$HASH!, 16 ) = b82e7612e6933d2f CityHash64( f|P~n*<xPc$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Cj7TCG|G}}$HASH!, 16 ) = b82e7612e6933d2f CityHash64( a4$>Jf3PF'%HASH!, 16 ) = b82e7612e6933d2f
  • 44. Breaking Murmur: We‘ve got the recipe – Now all we need is the (hash) cake
  • 47. Parser symbol tables Method lookup tables Attributes / Instance variables IP Addresses Transaction IDs Database Indexing Session IDs HTTP Headers JSON Representation URL-encoded POST form data Deduplication (HashSet) A* search algorithm Dictionaries …
  • 48. => Where aren’t they used?
  • 49. Can’t we use something different?
  • 50. We could, but amortized constant time is just too sexy
  • 56. Example #1 Rails
  • 60. Demo
  • 61. Should work with Rails out of the box, no?
  • 63. Demo
  • 64. def POST … @env["rack.request.form_hash"] = parse_query(form_vars) … end
  • 66. def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
  • 67. def unescape(s, encoding = Encoding::UTF_8) URI.decode_www_form_component(s, encoding) end
  • 68. def self.decode_www_form_component(str, enc=Encoding::UTF_8) raise ArgumentError, "invalid %-encoding (#{str})" unless /A[^%]*(?:%hh[^%]*)*z/ =~ str str.gsub(/+|%hh/, TBLDECWWWCOMP_).force_encoding(enc) end
  • 70. Catches invalid % encodings (e.g. %ZV, %%1 instead of %2F)
  • 71. def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
  • 72. def normalize_params(params, name, v = nil) name =~ %r(A[[]]*([^[]]+)]*) k = $1 || '' … end
  • 76. create random values passing the regular expressions
  • 77. that should do it, right?
  • 78. Demo
  • 79.
  • 80. def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
  • 81. class KeySpaceConstrainedParams def []=(key, value) @size += key.size if key && !@params.key?(key) raise RangeError, 'exceeded available parameter key space‘ if @size > @limit @params[key] = value end end
  • 82.
  • 83. What now? Rails is safe?
  • 85. So if application/x-www-form-urlencoded doesn't work, how about application/json ?
  • 86. Again, with the encoding...
  • 88. Demo
  • 92. yet another loophole will be found
  • 93. Fix it at the root
  • 94. Example #2 Java
  • 96. public String(byte bytes[], int offset, int length, Charset charset) { … char[] v = StringCoding.decode(charset, bytes, offset, length); … }
  • 97. Tough nut to crack
  • 98. What now? Java is safe?
  • 100. public String(char value[]) { int size = value.length; this.offset = 0; this.count = size; this.value = Arrays.copyOf(value, size); }
  • 102. Substitute byte[] operations with equivalent operations on char[]
  • 103. Demo
  • 104. Disclosure Oracle (Java): Sep 11 CRuby, JRuby, Rubinius: Aug 30
  • 105. Hash-flooding DoS reloaded: attacks and defenses
  • 106. SipHash: a fast short-input PRF New crypto algorithm to fix hash-flooding: • Rigorous security requirements and analysis • Speed competitive with that of weak hashes Peer-reviewed research paper (A., Bernstein). published at DIAC 2012, INDOCRYPT 2012
  • 107. SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ 736f6d6570736575 v1 = k1 ⊕ 646f72616e646f6d v2 = k0 ⊕ 6c7967656e657261 v3 = k1 ⊕ 7465646279746573
  • 108. SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ “somepseu” v1 = k1 ⊕ “dorandom” v2 = k0 ⊕ “lygenera” v3 = k1 ⊕ “tedbytes”
  • 109. SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m0 c iterations of SipRound v0 ⊕= m0
  • 110. SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m1 c iterations of SipRound v0 ⊕= m1
  • 111. SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m2 c iterations of SipRound v0 ⊕= m2
  • 112. SipHash compression Message parsed as 64-bit words m0, m1, … Etc.
  • 114. SipHash finalization v2 ⊕= 255 d iterations of SipRound Return v0 ⊕ v1 ⊕ v2 ⊕ v3
  • 116. Family SipHash-c-d Fast proposal: SipHash-2-4 Conservative proposal: SipHash-4-8 Weaker versions for cryptanalysis: SipHash-1-0, SipHash-2-0, etc. SipHash-1-1, SipHash-2-1, etc. Etc.
  • 117.
  • 118. Proof of simplicity June 20: paper published online June 28: 18 third-party implementations C (Floodyberry, Boßlet, Neves); C# (Haynes) Cryptol (Lazar); Erlang, Javascript, PHP (Denis) Go (Chestnykh); Haskell (Hanquez) Java, Ruby (Boßlet); Lisp (Brown); Perl6 (Julin)
  • 119. Who is using SipHash? http://www.opendns.com/ http://www.rust-lang.org/ Soon?
  • 120. Take home message • DoS is doable with only small data/bandwidth • Java- and Ruby-based web applications vulnerable to DoS (and maybe others…) • SipHash offers both security and performance Contact us if you need to check your application
  • 121. Hash-flooding DoS reloaded: attacks and defenses THANK YOU!