2 Day Pre-Conference Training: Application Cryptanalysis with Bletchley presented at AppSec USA 2013

by Timothy Morgan,

Summary : Abstract:
Use of cryptography permeates todays computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications. Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed. Each lecture session will be followed by lab exercises where students will utilize the Bletchley toolkit and other open source tools to attack vulnerable applications.
Outline for two-day version:
Day 1
1. Crypto refresher
A. Pseudorandom number generators
B. Block ciphers and their modes
C. Hashes and (H)MACs
2. Attacks on nonces
A. Statistical/structural analysis
B. Attacking weak seeds
C. Attacking weak algorithms
D. Examples of past flaws in real-world applications
3. Exercise: Weak nonces
A. Fun with Stompy
B. Attacking a linear congruential generator (LCG)
4. Attacks on encrypted tokens
A. Determining block size / mode
B. Basics of block swapping
C. Attacks on ECB and CBC modes
D. Algorithm Reuse
5. Exercise: Block swapping
A. Analyzing encoded blobs
B. Identifying algorithm reuse
C. Forging tokens
6. Padding oracle attacks
A. Theory
B. Real-world examples
7. Exercise: Asking the oracle
Day 2
8. Hash length-extension attacks (3/4 hr)
A. Naive Hash-based MAC construction
B. The popular M-D hash method
C. Construction of an attack
9. Exercise: A simple HLE attack (1.5 hrs)
A. Identifying hashed elements
B. Constructing a message
10. Attacking unprotected stream ciphers (1 1/4 hr)
A. Refresher on synchronous ciphers and modes (OFB/CTR)
B. Identifying stream ciphers
C. Static IV decryption
D. Looking for decryption oracles
11. Exercise: Bit flipping for success (2 hrs)
A. Building a bit probe script
B. Modifying ciphertexts
12. Open lab time (1-2 hrs)
A. Bonus exercise: breaking a password generator; or
B. Finish implementations from previous exercises