Bad Randomness: Protecting Against Cryptography's Perfect Crime

  Рет қаралды 1,292

Black Hat

Black Hat

25 күн бұрын

Crypto systems are the cornerstone of our digital security infrastructure, whether they are used to encrypt our data to protect their confidentiality or for signing to prove data authenticity.
However, most crypto systems have an Achilles heel: Their security relies on the proper randomness of their parameters' values, such as keys or nonces.
As a result, bad randomness is cryptography's perfect crime: Powerful enough to totally break crypto systems, yet highly stealthy. Unlike other malicious input based attack vectors, a bad randomness input is indistinguishable from a benign one, therefore making it impossible to protect against in real time and very hard to detect even in a post mortem analysis.
While the subject of bad randomness is not new in itself, it is often in the context of engineers' negligence or low cost IoT devices. In this talk, we will show how bad randomness was used in the wild to compromise highly targeted individuals and high value accounts.
One such example is the nation-state's APT Reductor malware, selectively fiddling with the victims' random generator (PRNG) to compromise TLS encryption. We will unearth for the first time how it could break TLS ECDHE "perfect forward secrecy" (PFS) to allow passive eavesdropping, thus making it more beneficial to attackers than the actual server TLS certificate(!). We will discuss why this capability remained undetected in previous analyses and share a new tool to demonstrate such passive decryption.
Another relevant example from a different field is our recently discovered Bitcoin's "dark forest" bots lurking for bad randomness in blockchains' signature keys, to steal millions of dollars of funds in seconds. We will explain and demonstrate this attack and share a tool to recreate it.
To solve this acute problem, we will suggest a novel architecture that allows crypto systems to minimize their blind trust in randomness. Where it is possible, it eliminates the need for additional randomness by relying on well-reputed past randomness. Where it is impossible, it applies secure Multi-Party Computation (MPC) to the protocol and its randomness. Distributing systems' randomness and removing single points of failure increases their resilience against bad randomness exploits.
By:
Tal Be'ery | Co-Founder, CTO, Zengo
Full Abstract & Presentation Materials:
www.blackhat.c...

Пікірлер
Breaking Managed Identity Barriers In Azure Services
43:57
Where People Go When They Want to Hack You
34:40
CyberNews
Рет қаралды 1,7 МЛН
Or is Harriet Quinn good? #cosplay#joker #Harriet Quinn
00:20
佐助与鸣人
Рет қаралды 50 МЛН
Fake watermelon by Secret Vlog
00:16
Secret Vlog
Рет қаралды 15 МЛН
Game of Cross Cache: Let's Win It in a More Effective Way!
33:57
Tech Talk: What is Public Key Infrastructure (PKI)?
9:22
IBM Technology
Рет қаралды 119 М.
I forced EVERYONE to use Linux
22:59
NetworkChuck
Рет қаралды 533 М.
3 Levels of WiFi Hacking
22:12
NetworkChuck
Рет қаралды 2 МЛН
A complete overview of SSL/TLS and its cryptographic system
37:26
TECH SCHOOL
Рет қаралды 131 М.
When a CIA Hacker Goes Rogue
23:09
TyFrom99
Рет қаралды 2,1 МЛН