A Systematic Analysis of the Juniper Dual EC Incident

Delve into a comprehensive analysis of the Juniper Dual EC incident in this 28-minute conference talk presented at CCS 2016. Explore the background of SSH backdoors and the Dual EC cryptographic algorithm, understanding its functionality and vulnerabilities. Learn how attackers can exploit Dual EC and examine Juniper's specific implementation. Gain insights into decompiled output, key exchange processes, and nonce generation. Investigate multiple handshake key recovery techniques, single handshake key recovery and degradation, and proof of concept demonstrations. Trace the version history of affected systems and analyze the Dual EC output and state recovery. Uncover the intricacies of the Dual EC receding bug and its implications as a potential backdoor. Conclude with a Q&A session addressing audience inquiries on this critical cybersecurity incident.

Intro
Background
SSH backdoor
Dual EC
How Dual EC Works
How to Mount the Attack
How Juniper Used Dual EC
Questions
Decompiled Output
Phase 1 Key Exchange
Phase 2 Nonce
Multiple handshake key recovery
Not skews
Single handshake key recovery
Single handshake key degradation
Proof of concept
Version history
Dual EC output
Dual EC state recovery
Dual EC receding bug
Backdoor
Answers
QA