A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a Black Hat conference talk that delves into RSA signature forgery vulnerabilities persisting a decade after Bleichenbacher's 2006 attack. Learn about the researchers' use of dynamic symbolic execution to analyze signature verification logic across various implementations, resulting in 6 new CVEs. Discover the systematic approach used to uncover these flaws, including the release of a toolchain and relevant artifacts. Gain insights into why such vulnerabilities continue to exist and how to prevent similar mistakes in the future. Follow the presentation's structure, covering topics from textbook RSA signatures to PKCS#1 v1.5 Signature Scheme, Bleichenbacher's low exponent attack, and specific case studies involving Openswan and strongSwan implementations.
Syllabus
Intro
Textbook RSA signature
Beyond textbook RSA
PKCS#1 v1.5 Signature Scheme
Bleichenbacher's low exponent attack
A little brain teaser
Why was the attack possible?
To find these attacks
Automatically generate concolic test cases
Testing with Symbolic Execution
Implementations Tested
Leniency in Openswan 2.6.50
New unit test in Openswan
Leniency in strongSwan 5.6.3
strongSwan Security Update
Lessons Learned
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube