Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
Offered By: TheIACR via YouTube
Course Description
Overview
Explore a presentation from WAC 2020 examining cache attacks on CTR_DRBG, a standardized pseudorandom number generator. Delve into the design flaws of CTR_DRBG, including key rotation issues and lack of entropy. Investigate the feasibility of side-channel attacks on this generator and their implications for TLS handshakes. Analyze attack scenarios targeting TLS 1.2 RSA key exchange with client authentication, and examine state recovery techniques. Study the differential structure of AES internal states and learn about experimental setups for interrupting SGX execution. Gain insights into the complexities of cryptographic implementations and the importance of robust security measures in standardized designs.
Syllabus
Intro
Lesson Learned (the hard way)
Standardized Designs
CTR_DRBG: Design
CTR_DRBG: Generate Function
Key Rotation Flaw
Problem 1: Key Not Rotated Often Enough
Problem 2: Lack of Entropy
Is a side-channel attack on CTR_DRBG realistic?
FIPS Requirements
Finding long PRG outputs in TLS handshake
Attack Scenario
Attacking TLS 1.2 RSA key exchange with client auth
Results: State Recovery
Attack Complexity
AES Internal State
Examining the Differential Structure
Differential Attack
Towards a realistic attack
Interrupting SGX Execution
First Attempt
Experimental Setup
Lessons
Taught by
TheIACR
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network