Crypto Attacks and Defenses

May 12, 13th

Course Description

This training familiarizes developers and security professionals of any level with modern cryptography concepts and best practices. It covers basic notions, including randomness generation, authenticated encryption, and elliptic curves, as well as applications like TLS 1.3, password security protocols, libraries and APIs, and software side-channel attacks. Finally, our training offers an overview of advanced topics including post-quantum cryptography.

We have given cryptography trainings since 2013, and over the years have kept improving our content and format for an optimal learning experience. We strive to make cryptography more approachable and less abstract than in typical teaching material.

The class is:

  • Practice-oriented: Lectures present real-world failures and by analyze how they could have been avoided, and exercise sessions consist of a mix of made-up problems and examples of real vulnerabilities found in widely deployed systems.
  • New and unique: We are closely involved in the latest developments in cryptography, and regularly integrate new content into our trainings to follow the latest innovations and applications. Each training session therefore includes fresh and updated content.
  • Interactive: We encourage participants to ask questions about the topics presented or even other topics, which usually leads to interesting discussions.

Previous versions of this training were given at events including Black Hat Europe, Troopers, and in private sessions for organizations including Google and Facebook.

Outline

DAY 1 morning

  • Randomness (40min)
    • Randomness notion and applications in cryptography
    • How to safely generate randomness on Linux, Windows, and macOS
    • Examples of real bugs caused by randomness failures
  • Break (15min)
  • Symmetric cryptography (50min)
    • Hash functions: how (not) to use them, which one to choose?
    • Ciphers: AES or not AES? What are the good modes of operations?
    • Authenticated encryption, or how to encrypt and authenticate at once
  • Break (15min)
  • Public-key cryptography (50min)
    • Fundamental differences with symmetric crypto
    • Elliptic curves and ECDH key agreement, ECDSA signatures
    • Which curves to use? Curve25519 or NIST curves?
    • Security concerns: unsafe curves, timing attacks, randomness
    • Performance concern, why using ECC vs RSA

DAY 1 afternoon

  • Hands-on exercise session (~3h)
  • Post-quantum cryptography (40min)
    • Quantum computing basics, myths, and reality
    • Real risk for public-key and symmetric cryptography
    • Classes of post-quantum cryptography, focus on hash-based signatures

DAY 2 morning

  • Cryptography libraries and APIs (40min)
    • Overview of existing libraries (OpenSSL, Sodium, BouncyCastle, NSS, etc.)
    • Difference between low-level libraries and “crypto boxes”
    • How to choose a library? In terms of security, performance, license, etc.
    • Recommendations of safe design approaches
  • Attacking and defending crypto software (40min)
    • Notion of side-channel and info leak in cryptography
    • Example of timing and cache-timing attacks
    • Examples of oracle attacks on symmetric and asymmetric crypto
    • Example of bugs caused by programmer error or compiler behavior
  • Transport Layer Security (TLS) (30min)
    • History and design goals of CSS
    • TLS’ security features and limitations
    • TLS 1.3 and its benefits compared to earlier version
    • Securing your client and server TLS configuration

DAY 2 afternoon

  • Hands-on exercise session (~3h)
  • Passwords (40min)
    • How to protect hashed password databases
    • Password-based key derivation and hash algorithms
    • Password-based authentication (SRP, OPAQUE)

The exercise sessions will include the following challenges, and potentially others created specifically for the event based on recent vulnerabilities:

  • Find bugs in weak pseudo-random generators, and fix them
  • Decrypt messages encrypted using RSA without the private key
  • Break a bad implementation of AES-based encryption
  • Implementing the logic of elliptic curve-crypto schemes (DH, DSA, ElGamal)
  • Exploit CBC padding oracles to decrypt messages without the AES key
  • Break the authenticated encryption in the open smart grid protocol
  • Cryptanalyze hash functions to find colliding messages
  • Recover ECDSA private keys by exploiting a flawed randomness generator

Audience

This training is suitable to any security professional or security-minded developer who has at least some basic understanding of cryptography. You should know the difference between public-key cryptography and secret-key cryptography, but you don’t need to know the maths behind. We expect participants to be familiar with basic programming concepts, and it’s recommended to be familiar with C and Python syntax, since many exercises are in one of these languages.

Trainers

Both trainers hold PhDs in cryptography and have in combination more than 20 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications. The trainers are also experienced speakers, regularly presenting at leading industry and research conferences all around the world.Both trainers hold PhDs in cryptography and have in combination more than 20 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications. The trainers are also experienced speakers, regularly presenting at leading industry and research conferences all around the world.

Bio

JP Aumasson Cryptographer, Teserakt

Jean-Philippe (JP) Aumasson is the founder and managing director of Teserakt, a Swiss-based company specialised in IoT security and offering an end-to-end encryption solution. He is an expert in cryptography and the author of the reference book Serious Cryptography (No Starch Press, 2017). He designed the widely used cryptographic algorithms BLAKE2 and SipHash, which he developed after a PhD from EPFL (Switzerland, 2009). He regularly speaks at leading security conferences about topics such as applied cryptography, quantum computing, or blockchain security. JP also holds advisory roles in Kudelski Security and Taurus Group.

Philipp Jovanovic Post-Doctoral Researcher, EPFL DEDIS Lab

Philipp Jovanovic is a post-doctoral researcher at EPFL’s Decentralized and Distributed Systems (DEDIS) Lab, Switzerland. In 2015, he obtained his PhD in cryptography from the University of Passau, Germany and in 2020 he will join the Information Security Research Group (ISRG) at the University College London (UCL) as an Associate Professor. Philipp has worked on a broad set of topics in cryptography, security, privacy, and systems design, including encryption algorithms like NORX and OPP/MRO, and distributed security protocols like ByzCoin, RandHound, OmniLedger or drand. Philipp's research is regularly published at top-tier academic crypto/security venues and you can find him frequently speaking at conferences around the globe.

Return to training sessions