<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Crypto on Colin O'Flynn</title><link>https://colinoflynn.com/tag/crypto/</link><description>Recent content in Crypto on Colin O'Flynn</description><generator>Hugo</generator><language>en-ca</language><lastBuildDate>Sat, 18 Feb 2023 02:07:25 +0000</lastBuildDate><atom:link href="https://colinoflynn.com/tag/crypto/index.xml" rel="self" type="application/rss+xml"/><item><title>A Call for Time Travel Resistant Cryptography (TTRC)</title><link>https://colinoflynn.com/2019/09/a-call-for-time-travel-resistant-cryptography-ttrc/</link><pubDate>Thu, 19 Sep 2019 02:16:08 +0000</pubDate><guid>https://colinoflynn.com/2019/09/a-call-for-time-travel-resistant-cryptography-ttrc/</guid><description>&lt;p&gt;At CHES 2019 [rump session], I presented my revolutionary talk on Time Travel Resistant Cryptography (TTRC). This is a hugely important area of research that has been widely ignored in academic work, and it&amp;rsquo;s time to finally make this right.&lt;/p&gt;
&lt;p&gt;&lt;img src="https://colinoflynn.com/wp-content/uploads/2019/09/image-2-1024x573.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Why is this so critical? While Post Quantum Cryptography (PQC) gets NIST contests, and invested companies, nobody is considering TTRC. The general thought-process of PQC is that the existence of sufficiently powerful quantum computers is an open problem with no clear solution. BUT - if someone solves that problem (that is unclear is even physically possible to solve), it&amp;rsquo;s going to be hell on Earth for crypto implementations. Better safe than sorry.&lt;/p&gt;</description></item><item><title>Philips Hue, AES-CCM, and more!</title><link>https://colinoflynn.com/2016/11/philips-hue-aes-ccm-and-more/</link><pubDate>Thu, 03 Nov 2016 00:55:25 +0000</pubDate><guid>https://colinoflynn.com/2016/11/philips-hue-aes-ccm-and-more/</guid><description>&lt;p&gt;This is just a quick blog post to update you on some rather interesting research that will be coming out led by &lt;a href="http://eyalro.net"&gt;Eyal Ronen&lt;/a&gt;. At Black Hat USA 2016 I did some teardown of the Philips Hue system, and described the &lt;em&gt;possibility&lt;/em&gt; of a lightbulb worm.
Check this &lt;a href="http://iotworm.eyalro.net/"&gt;landing page which now has a draft PDF of what that became&lt;/a&gt;. This draft paper details how you can (1) recover the encryption keys used to encrypt the firmware updates, and thus encrypt/sign your own images, and (2) details a bug specific to a version of a range-checking protocol which allows reflashing of bulbs over longer distances. The end result is this basically solves all the roadblocks I had identified as stopping the lighbulb worm from actually happening [NB: the distance-check bug has been FIXED already in firmware updates which solves this specific spreading vector].
To me the most interesting part is a demonstration of side-channel power analysis being useful for breaking a &lt;em&gt;rather good encrypted bootloader&lt;/em&gt;. To be clear the Philips Hue does a great job of implementing a bootloader on an IoT device&amp;hellip; it&amp;rsquo;s one of the better I&amp;rsquo;ve seen, especially considering we are talking about a lightbulb. But it&amp;rsquo;s very very difficult to hide from side-channel power analysis and other &amp;ldquo;hands on&amp;rdquo; embedded hardware attacks, instead it&amp;rsquo;s better (but more expensive logistically) to push the solutions to the higher-level architecture. If each bulb had a unique encryption key (&lt;em&gt;maybe&lt;/em&gt; derived from the MAC address using an algorithm on a secure server if you don&amp;rsquo;t want to store all those keys) it would provide an excellent layer of defense.
I&amp;rsquo;m working on making a description of the AES-CCM attack, which will be posted to the &lt;a href="https://wiki.newae.com/AES-CCM_Attack"&gt;wiki page&lt;/a&gt;.&lt;strong&gt;Q: What does that mean to someone using Hue, is it safe?&lt;/strong&gt;
&lt;strong&gt;A:&lt;/strong&gt; Philips released a OTA update to fix the bug that allows spreading over longer distances (October 3rd update). This is a great example of a fast response by a company who takes this stuff seriously. Basically - if I was choosing a smart light platform, I&amp;rsquo;d probably use Hue (I have a few of them in my house too).
 
&lt;strong&gt;Q: What&amp;rsquo;s power analysis?&lt;/strong&gt;
**A:**This isn&amp;rsquo;t a FAQ type answer - but you can see an &lt;a href="https://www.youtube.com/watch?v=OlX-p4AGhWs"&gt;intro video&lt;/a&gt; I made. Basically we use tiny variations in power consumption of a device as it&amp;rsquo;s running to determine information about secrets held within the device.
 
&lt;strong&gt;Q: What if I want more information?&lt;/strong&gt;
**A:**Please contact Eyal for more details, if you want to discuss specific questions, etc. Note the Philips-specific details (such as scripts, keys, etc) will never be released, please don&amp;rsquo;t ask for them.
 
&lt;strong&gt;Q: Does a worm exist?&lt;/strong&gt;
&lt;strong&gt;A:&lt;/strong&gt; NO. It would be extremely reckless to make such a worm, as it would be VERY hard to contain the spread should you have a bunch of Hue devices around you. Instead that research paper demo&amp;rsquo;d all the pieces, but stopped short of putting them together (we wouldn&amp;rsquo;t want a criticality accident).&lt;/p&gt;</description></item><item><title>Side-Channel Power Analysis of AES Core in Project Vault</title><link>https://colinoflynn.com/2015/05/side-channel-power-analysis-of-aes-core-in-project-vault/</link><pubDate>Sun, 31 May 2015 17:13:37 +0000</pubDate><guid>https://colinoflynn.com/2015/05/side-channel-power-analysis-of-aes-core-in-project-vault/</guid><description>&lt;h1 id="what-is-project-vault"&gt;What is Project Vault&lt;/h1&gt;
&lt;p&gt;You can read a quick overview on &lt;a href="http://techcrunch.com/2015/05/29/googles-project-vault-is-a-secure-computing-environment-on-a-micro-sd-card-for-any-platform/"&gt;various news sites&lt;/a&gt;, but basically project vault gives you a cryptographic module that you have complete control over. This means *you* decide to trust the module - even to the point of being able to access to implementation details of the crypto cores.
Basically Project Vault is a solution to how you can avoid having unknown backdoors in your hardware. Rather than having to trust some vendor of security modules, you can make sure things are done correctly.&lt;/p&gt;</description></item></channel></rss>