Dymanic Cryptographic Trapdoors presented at CanSecWest 2011

by Eric Filiol (ESIEA Laval CVO Lab ),

Tags: Security

Summary : Cryptographic algorithm are evaluated/certified (Common criteria) in a static environment. Most of the times only the cryptographic strength is checked against known cryptanalysis. As far as implementation is concerned, only limited analyses are performed mainly to check whether software flaws are present or key entropy reduction (at encryption system setup) occurs. But it is possible to modify the cryptosystem and its environment on-the-fly and in in such a way it is possible to break it operationnally. Moreover this modification is non permanent and can remain undetected. We are presenting in this talk the different techniques we have explored, implemented and tested. *They all rely on sophisticated, undetectable malware.*