YoVDO

Pseudorandom Black Swans: Cache Attacks on CTR_DRBG

Offered By: TheIACR via YouTube

Tags

Side Channel Attacks Courses Cybersecurity Courses Cryptography Courses AES Courses Cache Attacks Courses

Course Description

Overview

Explore a presentation from WAC 2020 examining cache attacks on CTR_DRBG, a standardized pseudorandom number generator. Delve into the design flaws of CTR_DRBG, including key rotation issues and lack of entropy. Investigate the feasibility of side-channel attacks on this generator and their implications for TLS handshakes. Analyze attack scenarios targeting TLS 1.2 RSA key exchange with client authentication, and examine state recovery techniques. Study the differential structure of AES internal states and learn about experimental setups for interrupting SGX execution. Gain insights into the complexities of cryptographic implementations and the importance of robust security measures in standardized designs.

Syllabus

Intro
Lesson Learned (the hard way)
Standardized Designs
CTR_DRBG: Design
CTR_DRBG: Generate Function
Key Rotation Flaw
Problem 1: Key Not Rotated Often Enough
Problem 2: Lack of Entropy
Is a side-channel attack on CTR_DRBG realistic?
FIPS Requirements
Finding long PRG outputs in TLS handshake
Attack Scenario
Attacking TLS 1.2 RSA key exchange with client auth
Results: State Recovery
Attack Complexity
AES Internal State
Examining the Differential Structure
Differential Attack
Towards a realistic attack
Interrupting SGX Execution
First Attempt
Experimental Setup
Lessons


Taught by

TheIACR

Related Courses

Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
IEEE via YouTube
Flush, Gauss, and Reload - A Cache Attack on the BLISS Lattice-Based Signature Scheme
TheIACR via YouTube
Hardware Side Channels in Virtualized Environments
Hack In The Box Security Conference via YouTube
NetCAT - Practical Cache Attacks from the Network
IEEE via YouTube
Side-Channel Attacks on Microarchitecture - CHES 2024
TheIACR via YouTube