Blog‎ > ‎

32c3 comments, random ramblings, thoughts, notes, dump part V

posted Feb 12, 2016, 5:49 AM by Sami Lehtinen   [ updated Feb 12, 2016, 5:49 AM ]
#GOIBlock- Technical observations about recent Internet censorship in India. All licensed Internet Service Providers (ISPs) must block access to certain websites. This was of course issued as a secret block order. Yet this lead to leak of that order which revealed number of popular Internet services being blocked based on it. DNS hijack, IP address blocking, null routing. Protocol & port based blocking. Deep Packet Inspection (DPI). Open Observatory of Network Interference (OONI) - https://ooni.torproject.org/ -.  TCP, DNS, HTTP and TLS connection tampering and circumvention measures. Publishing & Visualizing data. Logjam Diffie-Hellman, discrete logarithms and The NSA. Attack Implementations, Find Vulnerabilities, Adding Backdoors, Attacking Cryptography Algorithms, Breaking Symmetric Cryptography, Breaking Public Key Cryptography RSA / Diffie-Hellman. Public & Private Key. Factoring using Number Field Sieve: Polynomial selection, Relation finding, Linear algebra, Square root. 512-bit takes < 1 core-year. 768-bit RSA < 1000 core-years using nice cracking cluster it should take less than year. 1024-bit RSA < 1000000 core-years. 2024bit-RSA, is the currently recommended minimum key size. Using cloud services it's cheap and fast to factor keys, 512 bit RSA key factorization took 4 hours and costed 75 USD. So it's probable that NSA can factor 1024 bit RSA keys when needed. Discrete Logarithm, Diffie-Hellman cryptanalysis with number field sieve discrete log algorithm using descent at the end. Computing shared key. Cracking DH keys is about 3,5 times slower than RSA keys. Cracking Perfect Forward Secrecy (PFS) is very fast if the same p is used for subsequent keys. Well, that's what you get, if you short cut steps in crypto. Exploiting Diffie-Hellman key in Logjam attack. Weakened TLS Export cipher suites, used by FREAK and Logjam. Encryption downgrade attack. Cracking TLS / SSL took about 70 seconds. If Logjam attack was successful. 1024-bit discrete log encryption is so easy to crack that it can be used for mass surveillance and wide-scale passive decryption. Using special purpose designed custom hardware cracking gets much faster. GENIE, SIGINT, Analysis of Target Systems, Cryptanalytic IT Systems, Exploitation Solutions, Microelectronics, GENIE, Data Acquisition and Cover Support. Cracking IKE Key Exchange for IPsec VPNs. Attack Orchestration. Use Elliptic Curve Cryptography (ECC) use DH with >= 2048 bit keys. Using parasite threads made me smile. That's one of the most common ways I modify existing live systems, while taking control of the aspects I care about. Of course I also inject code, but parasite threads are often very useful, unless the original project offers suitable interface which can be extended with code injection. Linux is not Unix nor is FreeBSD. Making security Theater won't help, you'll need actual security. Security measures which are trivial to circumvent do not provide real security. If your code fails all the time, because it's lacking privilege then you're doing it right. Household, Totalitarianism and Cyberspace. Philosophical Perspectives on Privacy Drawing. Beyond Anti Evil Maid. CoreOS. Trusted Computing Platform (TPM), Trusted Computing Process. Trusting arbitrary user input. Fully trusted platform boot process. Without that you can't keep any secrets. Reviewing source code of software doesn't matter, if operating system, BIOS or hardware can't be trusted. Whole stack needs to be secure. So if you can't trust CPU or there is CPU backdoor, other stuff doesn't really matter. Because CPU is in control of all that. Most of Free and Open-Source Software (FOSS) platforms completely ignore TPM. BIOS BMP image decompression buffer overflow exploit. Which allowed you to do arbitrary code execution in BIOS and exploiting system on firmware level. Cryptographic communication between TPM and vendor. Proper cryptography prevents MitM my local OS and allows remote attestation. My comment, I think this is something which is being used with SIM and EMV chip cards. So those can be remotely 'accessed & modified' without anyone outside very closed circles knowing what's really happening. Which is of course the right way of doing that. We know that 2FA over phone network can't be trusted either, without right authentication & validation and requires signed messages. Platform Configuration Registers (PCR, PCRs). Storing disk encryption key in TPM. TPM only verifies system boot state. Unfortunately user has no way of knowing whether system is trustworthy. Shared secret with dynamic component. Risk of dynamic exposure. Which often matches design of Time-based One-Time Passwords (TOTP). sealtotp, tpmtotp. Lol, ANSI QR-code. TPM process uses system RAM and system RAM can be trivially accessed. Amny badly written systems disable IOMMU, which allows data to be stolen from RAM using DMA. Using hardware to attack laptop security measures. Or using NFC to communicate with external authentication device, like phone, or hardware key storage = Hardware Security Module (HSM). What attacks are we always vulnerable to? Arbitrary DMA attacks are here to stay. Secure Boot with Unified Extensible Firmware Interface (UEFI, EFI). It seems that quite many talks were about TLS, server, networkm security and exploits, more or less silly fails by developers and designers.