Automated Testing of Crypto Software Using Differential Fuzzing
Offered By: Black Hat via YouTube
Course Description
Overview
Learn about differential fuzzing, a novel approach to systematically test cryptographic software, in this 36-minute Black Hat conference talk. Explore how this method differs from general-purpose software fuzzing by focusing on logic bugs rather than memory corruption issues. Discover the principles behind testing hash functions, PRNGs, and encryption algorithms using this technique. Gain insights into the Crypto Differential Fuzzing (CDF) tool and its applications for testing various cryptographic primitives, including ECDSA and RSA encryption. Examine real-world findings, timing leak detection, and general observations from implementing this approach. Enhance your understanding of automated testing in cryptography and its potential to improve software security.
Syllabus
Intro
Roadmap
Testing crypto
Testing what?
Automated testing
Approach: differential fuzzing
New tool from old ideas
Principle for hash functions, PRNG
Principle for encryption
A new tool: CDF
CDF - Crypto Differential Fuzzing
So you want to test ECDSA
Generic ECDSA Interface in CDF
CDF interfaces
Simplest case keyed hash PRF, MAC
Example of ECDSA test
RSA encryption
Timing leaks detection
Issues found
Findings summary
General observations
Conclusions
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube