Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cryptographic bugs in RF encryption

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Nazar Nazar
December 05, 2022
Programming
0
31

Cryptographic bugs in RF encryption

Review of cryptographic vulnerabilities in a tiny system with encrypted radio-frequency communication.

Avatar for Nazar

Nazar

December 05, 2022
Tweet

Other Decks in Programming

See All in Programming
AI巻き込み型コードレビューのススメ
Avatar for Nealle nealle
2
430
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
Avatar for Masahiro Nishimi masahiro_nishimi
5
480
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
Avatar for r-kagaya rkaga
6
4.6k
今こそ知るべき耐量子計算機暗号(PQC)入門 / PQC: What You Need to Know Now
Avatar for mackey0225 mackey0225
3
380
CSC307 Lecture 08
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
670
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
Avatar for Yoichiro Kubo heimusu
7
2.8k
登壇資料を作る時に意識していること #登壇資料_findy
Avatar for konifar konifar
4
1.4k
24時間止められないシステムを守る-医療ITにおけるランサムウェア対策の実際
Avatar for kouki.miura koukimiura
1
110
ノイジーネイバー問題を解決する 公平なキューイング
Avatar for Shoichi Ochi occhi
0
110
Basic Architectures
Avatar for Denys Poltorak denyspoltorak
0
680
Lambda のコードストレージ容量に気をつけましょう
Avatar for tatsuki-yamada tattwan718
0
140
CSC307 Lecture 10
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
660

Featured

See All Featured
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
281
24k
How to make the Groovebox
Avatar for あそなす asonas
2
1.9k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
190
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.4k
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.3k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
Avatar for Aleyda Solis aleyda
1
1.8k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.5k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
74
11k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
160
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
230
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.9k

Transcript

  1. Cryptographic bugs in RF Encryption Nazar Serhiichuk What could possibly

    go wrong?

  2. Introduction Small system, ridiculous number of cryptographic bugs. Very popular,

    recommended by official vendor, +200 forks on GitHub

  3. Predictable IV in CBC 01 Security requirements?

  4. None
  5. None

  6. —Someone Famous “In the CBC mode, the IV should be

    unpredictable but not secret, and differ from message to message. But bro, just use AES-GCM.”

  7. CBC Padding Oracle attack 02 “I have a couple of

    questions…” Cool padding bro
  8. None

  9. PKCS#7

  10. None

  11. Whoa! Let’s look at the demo!

  12. —Your friend “Always use authenticated encryption. AEAD is the best

    choice.”

  13. CTR with fixed nonce 03 XOR here and there…

  14. None
  15. None

  16. Whoa! Another demo!

  17. —Interested people “In AES-CTR AND AES-GCM NONCE MUST BE UNIQUE.

    Though it can predictable.”

  18. Integrity protection Man vs Universe and Man vs Adversary 04

  19. ERROR CORRECTION CODE • Military grade 96, 128-bit • Requires

    secret key • Detects any change • Too small (16, 32 bits) • Easy to compute • Malleable MAC CRC-16 MESSAGE AUTHENTICATION CODE

  20. You are kidding me! Demo!

  21. Replay attacks 05 Reusing and Recycling…

  22. Even if data is encrypted, it still can be used

    to trigger some processing again. In a nutshell

  23. Attention! DEMO AHEAD!

  24. Summary - Forging fake packets - Recovering keys and secrets

    - DoS - And a lot more…

  25. Use integrity protection 01 Say no to oracle and malleability

    attacks! Understand security requirements 02 Make CTR and GCM nonce unique, CBC IV unpredictable Use AEAD 03 AES-GCM or ChaCha-Poly1305 are your friends Build accurate threat model 04 And even better, hire someone who can Educate developers 05 Even Google has bad examples

  26. Want more details? https://www.cossacklabs.com/blog/cryptographic-failures-in-rf-encryption/

  27. CREDITS: This presentation template was created by Slidesgo, and includes

    icons by Flaticon, and infographics & images by Freepik Thanks! Do you have any questions? [email protected] https://www.linkedin.com/in/nazar-serhiichuk-17086821b