Analysis and Use of RSA Keypair Generation Bias

Total Page:16

File Type:pdf, Size:1020Kb

Analysis and Use of RSA Keypair Generation Bias Analysis and use of RSA keypair generation bias Learning from the discovery, disclosure, and mitigation of vulnerable RSA key generation on smartcards Marek Sýs [email protected] Centre for Research on Cryptography and Security, Masaryk University Joint work with: Petr Švenda, Matúš Nemec, Dušan Klinec, Vasilios Mavroudis, Andrea Cerulli, Dan Cvrček, George Danesis, Peter Sekan, Rudolf Kvašnovský, David Formánek, David Komárek and Vashek Matyáš Credits: Petr Švenda https://crocs.fi.muni.cz @CRoCS_MUNI About lab • Masaryk University, Brno • Smartcards analysis from 2002 • Cryptographic smartcards are pervasive (SIM, EMV, eID, tokens…) • Yet smartcard industry is very closed – NDA just to see detailed specifications, proprietary APIs, no design details… • Security certifications performed by testing labs (FIPS, CC) – But details are not public • Idea in 2014: Infer details using keys similarity to open-source libraries 2 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://roca.crocs.fi.muni.cz RSA primer – what does it mean and why should I care? • RSA is widely used public-key cryptosystem (1977) • Used for digital signatures (mail, software distribution, contracts…) • Used for key exchange (HTTPS/TLS, PGP…) • Private part: random primes P and Q, private exponent d • Public part: modulus N,public exponent e (often 65,537) P x Q = N • Factorization attack: compute primes P and Q from the knowledge of N • Problem: How to generate a large prime (1024- or 2048-bit length)? 3 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI 60+ million fresh RSA keypairs 22 sw. libraries 16 smart cards Distribution of primes (MSB) Large factors of p-1 / p+1 Bit stream statistics Number of factors and more… 7 implementation choices observable in public keys (biased bits of public modulus, “mask”) 4 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Input key Precomputed matrix -----BEGIN CERTIFICATE----- MIIG9zCCBd+gAwIBAgIIJOR2wFUwc20wDQYJKoZI hvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzAR BgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHE dvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhc NMTYwNzA2MDgxNzQzWhcNMTYwOTI4MDgwMzA wk2zlQSqmqHS14NRoQD9zPk/rEp4miQ9aVgC6k7i bLukl4cGi5myPc0kCQr8kNUBhH25DS6HpekTmO1s 9q81KbtS2E7+4Q/57xgdghBLiaTEv7O7+gskLQ/qJa TouwiDPM6SHIVU6X2Ca1lNKg2wbx8h2Q63SDIwFJ 52HsNAClKp4ADvjvvImYoWVitcLlhpXogOAzbLz3HIs 6Jk= Classification -----END CERTIFICATE----- 111001010 44% ‘s group 11% ‘s group 9% ‘s group … 5 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Try at https://rsa.sekan.eu 6 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Impact (of the possibility) of public key classification • Information leakage vulnerability 7 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Impact (of the possibility) of public key classification • Information leakage vulnerability • Statistics: current library usage trends RSA key classification (USENIXSec’16, ACSAC’17) 8 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://crocs.fi.muni.cz/papers/acsac2017 Internet-wide TLS IPv4 scan public exponent e (often 65,537), 9 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Impact (of the possibility) of public key classification • Information leakage vulnerability • Statistics: current library usage trends RSA key classification (USENIXSec’16, ACSAC’17) EE eID injected keys • Audit: identify source libs in target organization (Arnis Paršovs, 05/2018) 10 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI EE eID injected keys (Arnis Paršovs, 05/2018) Problem reported from Estonia (17.5.2018) • Estonian eIDs generate private key always on chip (by design) – Some keys found to be injected from outside • Found by observed discrepancy in RSA public key properties (MSB) – Expected: MSB {144,145,…,167} – Observed: outside Not generated on chip https://geenius.ee/uudis/id-kaartide-tootja-rikkus-tahtsaimat-turvapohimotet-12-500-tulebMSB-inimestel value -valja-vahetada/ 11 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Impact (of the possibility) of public key classification • Information leakage vulnerability • Statistics: current library usage trends RSA key classification (USENIXSec’16, ACSAC’17) EE eID injected keys • Audit: identify source libs in target organization (Arnis Paršovs, 05/2018) Source of factorable TLS • Forensics: source lib/device of weak keys keys (I. Mironov, 2012) • Quick search for other keys from vulnerable library ROCA vulnerability (ACM CCS’17) 12 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI ROCA vulnerability 13 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://roca.crocs.fi.muni.cz But we were unaware on another issue that time Primeexpected = random a PrimeInfineon = k * M + 65537 mod M 14 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Prime generation slow ! - primality tests (modular exponentiation) Algorithms 1. Random sampling – generate & test, generate & test, … – Many iterations – random number has typically small divisors – 50% that 2 is divisor, 33% that 3 is divisor … 2. Incremental search – generate & test, increment & test, increment… – skip numbers with small prime factors – similar methods Joye & Pailier algorithm , “Fast Prime” algorithm (Infineon) 15 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Structure of Infineon primes 푝푟푖푚푒 = 푘. 푀 + 65537푎 푚표푑 푀, 푀 = 2 ∗ 3 ∗ 5 ∗ 7 … . • Entropy loss in prime: Infineon 푘 푎 Determined by 푎 Random Random bits Consequences: • Strong fingerprint of RSA keys • Practical factorization of RSA keys is possible 16 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Detection of vulnerable keys • Based on public modulus 푁 1. Vulnerable if 푐 exists: 푁 ≡ 65537풄 푚표푑 푀 푐푖 2. Equivalent to 푐 exist for all 푝 | 푀: 푁 ≡ 65537 푚표푑 푝 – small 푝⇒ very fast - microseconds • Errors: – False negatives - all Infineon primes have the specific form – False positives - negligible probability (푃푟 < 2−150 ) 17 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Coppersmith’s attack as a black box 1. Modulus 푁 푁 2. Unknown factors 푝, 푞 푝 - unknown * 푞 - unknown 푝 3. Partial knowledge of prime ℎℎ 푝푙표푤 * 푞 - unknown (at least ½ of bits of 풑) coppersmith 4. Apply Coppersmith’s algorithm 푝ℎℎ 18 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI Naïve algorithm (RSA -2048) • 푝 = 푘. 푀 + 65537푎 푚표푑 푀 256 bits • Guess 푎 푎 푘. 푀 + 65537푎 푚표푑 푀 54 bits 970 bits = size of 푀 • compute 푘 using Coppersmith’s alg. (requires ½ of known bits – much more than that – large 푀) • Infeasible – large 푎 19 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI How to make attack practical ? Idea: ½ known (= size of 푀) bits of 풑 is sufficient - smaller 푀′ ⇒ smaller (or equal) 푎′ - 푝 of the same form ⇒ 푀′|푀 푎 푝 = 푘 . 푀 + 65537푎 푚표푑 푀 of size 푀 ½ 푎′ 푝 = 푘′. 푀′ + 65537푎′ 푚표푑 푀′ of size 푀′ 20 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI ROCA in general 21 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://roca.crocs.fi.muni.cz Algorithmic flaw in Infineon’s RSALib (CVE-2017-15361) • All keys generated by vulnerable Infineon library are affected • Practical factorization of common lengths 512/1024/2048b (+ others) – Randomly selected 512 and 1024b keys factorized (Masaryk University) – Randomly selected 2048b (Estonian RIA, April 2018, “several thousands euro”) • All public keys have unique “fingerprint” (easy to scan for) – Tool for detection, https://github.com/crocs-muni/roca/ • Tool for factorization (made public by Lange&Bernstein, 5th Nov) – Random 2048b key: 6442450944000000 vCPU years Attack is perfectly parallelizable – Infineon 2048b key: 140 vCPU years 1000 cores => 1000x speedup 22 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://roca.crocs.fi.muni.cz Estimated energy-only cost (2017) 3936b Prime = k * M + 65537a mod M 3072b 4096b 2048b, ~$1000 1024b, ~$2 512b, ~¢1 23 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://roca.crocs.fi.muni.cz What is the cost of an attack on RSA 2048b (year after)? • Our paper (2017): $20,000 average price on Amazon AWS – Estimate: energy-only price is likely around $1000 • Lange, Bernstein (2017) – 25% faster attack (LLL chaining) – Found in 3 days and without an access to our paper! • Estonian RIA (04/2018): “several thousand euros” energy price • Our work (WAC 2018): algorithmic improvement, 2x faster • Implementation speedups by graphic cards, FPGA… – Not (publicly) tested (typical speed-up factor 3-10x) 24 CA/Browser forum, Bratislava, 20.02.2020 https://crocs.fi.muni.cz @CRoCS_MUNI https://roca.crocs.fi.muni.cz Responsible disclosure I. • (NIST responsible disclosure guidelines followed) • End of January 2017: Proof of Concept attack (1024b keys factorized) • Feb 1st: Infineon notified (email to contact at crypto group) • Mid May: First Infineon’s customers contact us back for verification • Jun 20th: Incident report ID 163484, Austria eHealth certs revoked – eIDAS regulation and Article 19 – Countries around Europe should have been notified – BUT: unspecific third party failure, concrete vendor named (but not Infineon) 25 CA/Browser forum, Bratislava, 20.02.2020
Recommended publications
  • User Controlled Hardware Security Anchors: Evaluation and Designs Dr David Oswald, Prof Mark Ryan, Prof Flavio Garcia the University of Birmingham
    User Controlled Hardware Security Anchors: Evaluation and Designs Dr David Oswald, Prof Mark Ryan, Prof Flavio Garcia The University of Birmingham Industry partners: HP Labs, Yubico Why Hardware Security Anchors? 2 Why Hardware Security Anchors? 3 User Controlled Hardware Security Anchors: Evaluation and Designs (1) . WP1: Evaluate the security of available security anchors and Trusted Execution Environments (more later) . WP2: Establishing secure channels between TEE and the user through … – Auxiliary devices – Platform features for secure I/O 4 User Controlled Hardware Security Anchors: Evaluation and Designs (2) . WP3: Enhancing user authentication – Basis: FIDO(2) and U2F – Addressing enrollment and revocation – Authentication policies (e.g. location, …) – Formal modelling and verification . WP4: Demonstrators – TEE implementation – Smartphone app – Authentication token 5 Evaluating the state of TEE security An overview Trusted Execution Environments in a nutshell . Main technologies at present: – Trusted Platform Module (separate chip or firmware) – Intel Software Guard eXtensions (microcode w/ HW) – AMD Platform Security Processor (separate core) – ARM TrustZone (software w/ HW support) – Apple Secure Enclave Processor (separate core, same die) . All provide some form of running code or crypto operations in isolation . Most require cooperation with the silicon/device manufacturer (to different extent) 7 Relevant attack vectors . “Classical” vulnerabilities, e.g. buffer overflows . Microarchitecture (e.g. cache timing, Spectre and
    [Show full text]
  • Vulnerability of RSA Algorithm
    Vulnerability of RSA Algorithm Aleksandra V. Markelova Information Security Department Bauman Moscow State Technical University Moscow, Russia [email protected] Abstract—This paper is dedicated to ROCA-vulnerability that Google, HP, Lenovo and Fujitsu released updates for their was detected by scientists from Masaryk University, Czech. Their software products susceptible to this attack. investigation offers low-cost algorithm of factorization of RSA module for special type of keys generated by some widely used Recall that the public key of the RSA algorithm is a pair cryptographic library. They proposed a practical factorization (n, e), where n is the product of two large primes and gcd(e, method for various key lengths including 1024 and 2048 bits. (n))=1. Private key is number d such that ed=1(mod (n)). This attack requires no additional information except for the Some implementations also store prime divisors of n as part of value of the public key and does not depend on a weak or a faulty the private key. random number generator. We examine the possibility of modification of type of keys to embed the trapdoor with universal Thus, RSA requires two large random primes p and q, that protection into key generator. In some cases we can design can be obtained by generating a random candidate number Secretly Embedded Trapdoor with Universal Protection in the (usually with half of the bits of n) and then testing it for generator of RSA key. This problem is serious and relevant for primality. If the candidate is found to be composite, the all closed (so-called black-box) implementations of cryptographic process is repeated with a different candidate.
    [Show full text]
  • 2018 Research Projects for CS727
    2018 Research Projects for CS727 Each of you will chose a topic for your research project from the list below. Alternatively you can propose a topic of your choice, as long as it relates to the aims of the course and the lecturers approve your choice. Email the lecturers on or before Thursday March 22nd with your top 3 choices of project (subject line in email: "CS727 Rresearch Project"). The lecturers will allocate the projects and tell you on or before Thursday March 29. Projects comprise: • A report of 10 pages max (any format will do). 16 marks. • An oral presentation (15 mins + 10 min questions/discussions) to be done in the second part of the semester. 7 marks. • One example question on your project that could be used in the final exam. There is no particular template or style for the project or presentation. Projects will be due on Friday of week 11 (May 25th). Presentations will take place on weeks 8-12. There will be no lectures on weeks 6 and 7. During those weeks you should work on your projects and presentations, and get feedback from the lecturers on your projects and presentations. Students should attend all the talks, if possible. We will keep a record of attendance. The topics in the talks are part of the course material and can be examined in the final exam. Student talks will not be recorded, and student project reports will not be given to the other students. Audience members will complete a review form for each presentation. Each member of the class will be allocated a topic for them to aske a question after the talk.
    [Show full text]
  • Digital Identity Management
    Digital Identity Management An AIT White Paper These days people wish to move both freely and safely; to cross borders swiftly with secure access controls without hindrances; to make transactions payments or access governmental services through quick and convenient proof of identity. We are addressing here the major issues the security discipline and processes. All the above come with new regulations initiated by the European Commission as the new GDPR (General Data Protection Rules). Introduction Identity Management (IDM) is the organisational key process for identifying, authenticating and authorising individuals or groups of people to access applications, systems or networks by associating user’s rights and restrictions with established identities. The managed identities can also refer to software processes that need access to organisational systems. Authentication It is widely agreed that the first step of action for verifying the identity of a user or process is through the control access and proof of identity (authentication). To establish this process three main categories (factors) are used: Figure 1. Three different authentication factors, source: AIT Something you know Knowledge factors are the most commonly used form of authentication. The user is required to prove knowledge of a secret to authenticate him. A “password” is a secret word or string of characters that is used for user authentication. Variations include both longer ones formed from multiple words (a passphrase) and the shorter, purely numeric, Personal Identification Number (PIN) commonly used for ATM access. Traditionally, passwords/PINs are expected to be memorised. Something you have Possession factors ("something only the user has") have been used for authentication for centuries, in the form of a key to a lock.
    [Show full text]
  • The State of IT Security in Germany 2018 the STATE of IT SECURITY in GERMANY 2018
    The State of IT Security in Germany 2018 THE STATE OF IT SECURITY IN GERMANY 2018 2 THE STATE OF IT SECURITY IN GERMANY 2018 | FOREWORD Foreword Our modern, high-tech society depends on the functio- In its 2018 report on the state of IT security in Germany, nal integrity of information technologies and commu- the BSI has presented a well-founded and comprehen- nication systems, effective infrastructure and a secure sive overview of the threats facing our country, our supply of energy. These systems are the foundation for people and our economy in cyberspace. Above all, how- technical progress and economic development in our ever, it illustrates the successful and indispensable efforts country. the BSI undertakes on our behalf. Germany, its residents, businesses and governmental agencies remain in the As such systems grow more complex and all the areas crosshairs of those looking to carry out cyberattacks. of our information society become more interconnect- Taking on these challenges and devising rapid, efficient ed, however, the risks posed by disruptions and attacks responses to the latest dangers in cyberspace remains from within Germany or abroad are increasing as well. the central task of the BSI and its employees. Threats in cyberspace are highly dynamic, and cyber attacks are becoming more adaptive and professional. Both IT systems and the methods used to attack them are constantly evolving at a rapid pace. The Federal Government takes seriously its responsibili- ty to ensure security also in cyberspace by maintaining a framework of IT security laws, pursuing a cybersecurity strategy and strengthening the relevant agencies.
    [Show full text]
  • A Visual Analytics Approach to Network Intrusion Detection and Reverse Engineering
    Eventpad : a visual analytics approach to network intrusion detection and reverse engineering Citation for published version (APA): Cappers, B. C. M., van Wijk, J. J., & Etalle, S. (2018). Eventpad : a visual analytics approach to network intrusion detection and reverse engineering. In European Cyper Security Perspectives 2018 (pp. 62-65). KPN. https://overons.kpn/content/downloads/news/European-Cyber-Security-Perspectives-2018.pdf Document status and date: Published: 23/04/2018 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal.
    [Show full text]
  • As Devastating As KRACK: New Vulnerability Undermines RSA Encryption Keys a New Security Flaw Has Placed the Security of RSA Encryption in Jeopardy
    As devastating as KRACK: New vulnerability undermines RSA encryption keys A new security flaw has placed the security of RSA encryption in jeopardy. By Charlie Osborne for Zero Day | October 17, 2017 -- 08:57 GMT (09:57 BST) | Topic: Security http://www.zdnet.com/article/as-devastating-as-krack-new-vulnerability-undermines- rsa-encryption-keys/ 3 88 344 (Image: File Photo) Flawed chipsets used by PCs to generate RSA encryption keys have a vulnerability that has weakened the security of stored passwords, encrypted disks, documents, and more. MORE SECURITY NEWS Android security: Google cracks down on apps that want to use accessibility services Resilience to phishing attacks is failing to improve Google: Our hunt for hackers reveals phishing is far deadlier than data breaches Equifax spends $87.5 million on data breach, more expenses on deck This week, researchers from the Centre for Research on Cryptography and Security at Masaryk University, Czech Republic; Enigma Bridge Ltd, Cambridge, UK; and Ca' Foscari University of Venice, Italy, revealed the flaw in cryptographic smartcards, security tokens, chipsets and secure hardware manufactured by German semiconductor firm Infineon Technologies. The ROCA vulnerability, CVE-2017-15361, relates to the Trusted Platform Module (TPM) used to cryptographically sign and protect computer systems and services. The bug was discovered within the implementation of RSA keypair generation in a cryptographic library used by Infineon TPM products, allowing what is called a "practical factorization attack." This attack type permits a threat actor to use a target's public key to generate a private key with some time and power. The attack is possible for common key lengths, including 1024 and 2048 bits.
    [Show full text]
  • Learning Correct Cryptography by Example — Seth James Nielson Christopher K
    Practical Cryptography in Python Learning Correct Cryptography by Example — Seth James Nielson Christopher K. Monson Practical Cryptography in Python Learning Correct Cryptography by Example Seth James Nielson Christopher K. Monson Practical Cryptography in Python: Learning Correct Cryptography by Example Seth James Nielson Christopher K. Monson Austin, TX, USA Hampstead, MD, USA ISBN-13 (pbk): 978-1-4842-4899-7 ISBN-13 (electronic): 978-1-4842-4900-0 https://doi.org/10.1007/978-1-4842-4900-0 Copyright © 2019 by Seth James Nielson, Christopher K. Monson This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.
    [Show full text]
  • ANSSI : Guide De Sélection D'algorithmes Cryptographiques
    . GUIDE DE SÉLECTION D'ALGORITHMES CRYPTOGRAPHIQUES GUIDE ANSSI ANSSI-PA-079 8/3/2021 PUBLIC VISÉ : Développeur Administrateur RSSI DSI Utilisateur . Informations Attention Ce document rédigé par l’ANSSI présente un « Guide de sélection d’algorithmes crypto- graphiques ». Il est téléchargeable sur le site www.ssi.gouv.fr. Il constitue une production originale de l’ANSSI. Il est à ce titre placé sous le régime de la « Licence ouverte » publiée par la mission Etalab (www.etalab.gouv.fr). Il est par conséquent diffusable sans restriction. Ces recommandations sont livrées en l’état et adaptées aux menaces au jour de leur publi- cation. Au regard de la diversité des systèmes d’information, l’ANSSI ne peut garantir que ces informations puissent être reprises sans adaptation sur les systèmes d’information cibles. Dans tous les cas, la pertinence de l’implémentation des éléments proposés par l’ANSSI doit être soumise, au préalable, à la validation de l’administrateur du système et/ou des personnes .en charge de la sécurité des systèmes d’information. Évolutions du document : VERSION DATE NATURE DES MODIFICATIONS 1.0 8/3/2021 Version initiale GUIDE DE SÉLECTION D'ALGORITHMES CRYPTOGRAPHIQUES – 1 . Table des matières 1 Introduction 4 1.1 Objectif ............................................ 4 1.2 Classification des mécanismes cryptographiques ..................... 5 1.2.1 Primitives et constructions .............................. 5 1.2.2 Mécanismes symétriques et asymétriques ..................... 6 1.3 Structure de ce guide ..................................... 6 1.4 Autres documents de référence ............................... 7 2 Vade-mecum de cryptographie 8 2.1 Emploi de la cryptographie ................................. 8 2.1.1 Mécanismes symétriques ............................... 8 2.1.2 Mécanismes asymétriques .............................
    [Show full text]
  • KB4-12Waystodefeatmfa V.3.60
    Twelve Ways to Defeat Multi-Factor Authentication Roger Grimes Data-Driven Defense Evangelist, KnowBe4, Inc. [email protected] KnowBe4, Inc. • The world’s most popular integrated Security Awareness Training and Simulated Phishing platform • Based in Tampa Bay, Florida, founded in 2010 • CEO & employees are ex-antivirus, IT Security pros • 200% growth year over year • We help tens of thousands of organizations manage the problem of social engineering About Roger • 30-years plus in computer security • Expertise in host and network security, IdM, crypto, PKI, APT, honeypot, cloud security • PKI, smartcards, MFA, Biometrics, since 1998 • Consultant to world’s largest and smallest companies and militaries for decades • Previous worked for Foundstone, McAfee, Microsoft • Written 10 Books and over 1000 magazine articles • InfoWorld and CSO weekly security columnist since 2005 • FreQuently interviewed By magazines (e.g. Newsweek) and radio shows (e.g. NPR’s All Things Roger A. Grimes Considered) Data-Driven Defense Evangelist Certifications passed include: KnowBe4, Inc. • CPA • CISSP • CISM, CISA • MCSE: Security, MCP, MVP • CEH, TISCA, Security+, CHFI • yada, yada Roger’s Books RSA June 2018 Book of the Month Harvard Business Review 2019 Canon Cybersecurity Book Hall of Fame nominee What is a Data-Driven Defense Evangelist? Using data-driven, risk analytics, I want to help companies put: • The right defenses, • In the right places, • In the right amounts, • Against the right threats Today’s Presentation • Multi-Factor Authentication Intro • Hacking MFA • Defending Against MFA Attacks Multi-Factor Authentication Intro Introduction to Multi-Factor Authentication • Something You Know Factors • Password, PIN, Connect the Dots, etc. • Something You Have • USB token, smartcard, RFID transmitter, dongle, etc.
    [Show full text]
  • TALLINN UNIVERSITY of TECHNOLOGY School of Business and Governance Department of Law
    TALLINN UNIVERSITY OF TECHNOLOGY School of Business and Governance Department of Law Aliaksei Hrytsevich PRIVATE SECTOR LIABILITY IN CYBER-SECURING EUROPEAN ELECTIONS Bachelor’s thesis Programme HAJB08/14 - Law, specialisation European Union and International Law Supervisor: Agnes Kasper, PhD Tallinn 2019 I hereby declare that I have compiled the paper independently and all works, important standpoints and data by other authors has been properly referenced and the same paper has not been previously presented for grading. The document length is 9985 words from the introduction to the end of conclusion. Hrytsevich Aliaksei …………………………… (signature, date) Student code: 166251HAJB Student e-mail address: [email protected] Supervisor: Agnes Kasper, PhD: The paper conforms to requirements in force …………………………………………… (signature, date) Co-supervisor: The paper conforms to requirements in force …………………………………………… (signature, date) Chairman of the Defence Committee: Permitted to the defence ………………………………… (name, signature, date) TABLE OF CONTENTS ABSTRACT................................................................................................................................. 4 INTRODUCTION .......................................................................................................................5 1. THE IMPORTANCE OF PROTECTION OF FROM CYBER INTERFERENCE ................7 2. SOURCES AND MEANS OF CYBER INTERFERENCE INTO ELECTIONS................... 9 2.1. Sources of threats of cyber election ..................................................................................9
    [Show full text]
  • Annual Report Trust Services Security Incidents 2017
    Annual Report Trust Services Security Incidents 2017 OCTOBER 2018 www.enisa.europa.eu European Union Agency For Network And Information Security Annual Report Trust Services Security Incidents 2017 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For contacting the authors please use [email protected]. For media enquires about this paper, please use [email protected]. Acknowledgements For the completion of this report ENISA has worked closely with a group of experts from Supervisory Bodies from across Europe. Listing the organizations (in no particular order): ILNAS (LU), CERT LV(LV), Bundesnetzagentur (DE), MCA (MT), NKOM (NO), ANSSI (FR), Austrian Regulatory Authority for Broadcasting and Telecommunications RTR (AT), Ministry of Digital Affairs (PL), GNS (PT), Agency for Digitisation (DK), Radiocommunications Agency
    [Show full text]