Let's see how simple implementation problems in cryptosystems can lead to severe issues and full plaintext recovery even using strong algorithms like RSA. Presented @ Università degli Studi di Bergamo (Italy) on 05/06/2013 during the Security of Systems class taught by Prof. Stefano Paraboschi. [Warning: the presentation is not meant to be studied but to provide the presenter a visual canvas that needs to be filled with her words]

1. The devil is in the
details
how NOT to do security
implementation
05/06/2013 - Università degli Studi di Bergamo Enrico Bacis

2. Side Channel Attacks

3. A parity problem

5. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
n = 15 (p = 3, q = 5)

6. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(m)
ok

7. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

8. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(2·m)
ok

9. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(2·m)
ok

10. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

11. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(4·m)
err

12. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

13. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
enc(8·m)
ok

14. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

15. Multiplicative Property of RSA

16. Can we only hack farms?

17. PKCS#1 v1.5
0002 RANDOM PAD 00 MESSAGE
Broken by Bleichenbacher Attack (1998)

18. Electronic Codebook

19. ECB CBC

20. Cipher Block Chaining

22. Padding Oracle Attack

24. Timing Attack

26. "Never ever implement
your own cryptosystem"
( Dan Boneh )

27. Android and Mobile Vulnerabilities

28. Sniffing

29. Man In The Middle Attack

30. Man In The Middle Attack

31. Why Eve and Mallory Love Android
1074 of 13500 (8%) apps
● Trusting all Certicates
● Allowing all Hostnames
39.5 to 185 million users
SSL/TLS issues

33. Thank you