A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a Black Hat conference talk that delves into RSA signature forgery vulnerabilities persisting a decade after Bleichenbacher's 2006 attack. Learn about the researchers' use of dynamic symbolic execution to analyze signature verification logic across various implementations, resulting in 6 new CVEs. Discover the systematic approach used to uncover these flaws, including the release of a toolchain and relevant artifacts. Gain insights into why such vulnerabilities continue to exist and how to prevent similar mistakes in the future. Follow the presentation's structure, covering topics from textbook RSA signatures to PKCS#1 v1.5 Signature Scheme, Bleichenbacher's low exponent attack, and specific case studies involving Openswan and strongSwan implementations.
Syllabus
Intro
Textbook RSA signature
Beyond textbook RSA
PKCS#1 v1.5 Signature Scheme
Bleichenbacher's low exponent attack
A little brain teaser
Why was the attack possible?
To find these attacks
Automatically generate concolic test cases
Testing with Symbolic Execution
Implementations Tested
Leniency in Openswan 2.6.50
New unit test in Openswan
Leniency in strongSwan 5.6.3
strongSwan Security Update
Lessons Learned
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network