Presentation: Bypassing Encryption by Attacking the Cryptosystem Perimeter
In today’s world, everyone relies on cryptography to protect important data. When you purchase your morning coffee, something encrypts your credit cards before sending it off for processing. When you log into your work laptop and sign on to the network, the operating system uses cryptography to protect your password. When you log into your bank website, your browser encrypts the traffic sent over the internet. System administrators have long known that tools that use encryption (such as SSH) are much safer than tools that do not (such as telnet).
Cryptographic attacks are often very difficult and require a large amount of time and resources. Fortunately for attackers, the safety that cryptography provides can lull users into a false sense of security. The power of modern cryptography protects clear text data by turning it into unreadable cipher text. Unfortunately for defenders, weaknesses at the perimeter of the cryptosystems used to protect data can often lead to compromise.
This talk will demonstrate various attacks against the perimeter of cryptosystems. By the end of the talk you will see how malicious actors can steal credit cards by using malware on POS systems, steal passwords from applications by dumping system memory, backdoor cryptography tools, and use vulnerabilities in cryptography software to escalate privileges on a compromised system. This talk will also discuss ways that individuals and organizations can protect against these types of attacks. You do not need to be technically proficient to follow along with this talk. However, if you are a total nerd, do not worry; there will be plenty of demos chock-full of source code and low-level system concepts to keep your mind entertained.
Speaker: Trenton Ivey has had the desire to understand how things work since early childhood. Hacking, programming, reverse engineering, and electronics quickly became some of his favorite topics of interest. Today, Trenton is a Principal Consultant on the Dell SecureWorks Red Team. As a seasoned penetration tester, Trenton is able to knowledgeably discuss the tactics and techniques that actually work in real world environments.