Blog‎ > ‎

34C3 - TUWAT - Talks - Part 7

posted Apr 15, 2018, 10:07 AM by Sami Lehtinen   [ updated Apr 15, 2018, 10:07 AM ]
  • BGP and the Rule of Custom - This talk should be interesting. I haven't ever really dug deep with BGP routing, but I've read the basics several times. They started with interesting history talk. Mesh protocol, routing between AS numbers. Interconnections between organizations are public knowledge. Tier 1 providers, Tier 2 operators and customers.
  • Mobile Data Interception from the Interconnection Link -  Lots of interesting attacks against different mobile networks. And why you shouldn't use SMS for OTP authentication. And finally in Q&A, security costs money, yet everybody seems to expect it to be free (or something similar). The usual mantra.
  • MQA - A clever stealth DRM-Trojan - Hmm, curious what have they done. This talk should provide a "A critical look on a new audio Format". Master Quality Authenticated (MQA). Digital Rights Management (DRM). Lots of talk about media formats and hardware being used and so on. Lossy compression. 24 bit quantization using 192 Hz sampling rate for audio. Licensing fees.
  • Low Cost Non-Invasive Biomedical Imaging - An Open Electrical Impedance Tomography (EIT) Project. Preventative scans combined with AI analytics, that would be awesome. How about getting full body scan every week or month? Resolution, cost and time discussed. Now they got to theelectode arrays, that's the first obvious thing which I thought about when thinking how the stuff could work. Interesting and good talk. Nothing new afaik, but let's hope this technology got bright future.
  • Briar - Fresh talk about Briar Resilient P2P Messaging for Everyone. Good talk, encouraged me to test the beta with friends. Encrypted communication over avian carriers, nice, classic. Of course not forgetting secure sneaker net and dead drop communication. Lessons about cryptographic algorithms being used. No protection from global passive network observer. Briar uses mesh networking and net split is totally normal situation. Branched chats. Decentralize all the things. Let's hope Briar adds alternate key exchange, now they only offer QR code and Bluetooth. It's underestimating users that they assume that there can't be other secure ways of exchanging keys. "You must meet up with the person you want to add as a contact. This will prevent anyone from impersonating you or reading your messages in future". That's just making it hard for users.
  • Electromagnetic Threats for Information Security - Ways to Chaos in Digital and Analogue Electronics. Of course I can start by saying, this is nothing new at all. But let's see if they come up with anything really interesting or new. Electromagnetic & RF communications Security. TEMPEST was mentioned. On high level this of course leads to Electromagnetic Warfare (EW). Attack rating: availability / cost, dimensions / mobility, capabilities. Required technical knowledge. Effective range, target knowledge, target specific? Effects detection, effects classification, impact estimation, propagation chain estimation. Radiated / conducted, coupling front-door / back-door and so on. Lots of basics, let's hope they've got a great demonstrations. Well, just some quite boring demonstrations. But this is important aspect when doing Information Security (InfoSec) and  functional safety risks analysis and planning required countermeasures.
  • The Noise Protocol Framework - Secure channel protocols, TLS, IPsec, SSH. Two parties online, atuh + key agreement. Authenticated Key Exchange (AKE). Forward secrecy, mutual or one-way authentication, preknowledge of identities, type of crytpography used (signatures, DH, encryption). Signatures for authentication and Diffie-Hellman for key exchange. Lots and lots of basics. Noise Protocol - the project link. The talk didn't contain anything  new at all, just lost of basics and truly classic stuff. Read this The Noise Protocol Framework instead of watching the video. Yet event that document doesn't contain anything new, because it was on way too high level without enough technical details.
  • Forensic Architecture. Timing and locating things from video / photographs. Time space relations. Correcting invalid meta data. Measuring items in video / photographs. This is also very important to remember, if you think you're "anonymizing" video / photos. Data and information leak is inevitable, unless you're extremely careful with all information being sent out. In reality, you should always assume that information will leak.