and
play

and Elie Bursztein with the help of Marc Stevens (CWI), Pierre - PowerPoint PPT Presentation

Aug 20, 2022 •423 likes •962 views

and Elie Bursztein with the help of Marc Stevens (CWI), Pierre Karpman (INRIA), Ange Albertini, Yarik Markov, Alex Petit-Bianco Digest uniqueness 3171 AC03 B186 File 1 One-way function 42A9 1C4E 3CBE 2 File 2 Attacking hash functions

  1. and Elie Bursztein with the help of Marc Stevens (CWI), Pierre Karpman (INRIA), Ange Albertini, Yarik Markov, Alex Petit-Bianco

  2. Digest uniqueness 3171 AC03 B186 File 1 One-way function 42A9 1C4E 3CBE 2 File 2

  4. Attacking hash functions Finding a SHA-1 collision Post-collision world

  5. https://shattered.io

  7. Attacker file 1 Attacker file 2 3713ACE30E7ABBA https://shattered.io

  8. Unknown file Attacker file 42ACE13F0E93BAD https://shattered.io

  9. Known file Attacker file BAD37ACE308E93D https://shattered.io

  10. https://shattered.io

  11. Bruteforce is impractical Cryptanalysis to the rescue

  12. File File File 1st block 2nd block last block IV Hash SHA1compress() SHA1compress() SHA1compress() R.C Merkle - Secrecy, authentication, and public key systems (1979)

  13. ? + Message block F F F Chain value

  14. ? + Message Messages differential path block F F F Equation system Chain value

  15. File 1 (block 1) ? File 2 (block 1) Near collision Near collision != != Collision Collision File 1 (block m) = File 2 (block m)

  16. https://shattered.io

  17. Collision blocks Fixed prefix (P) Arbitrary suffix (S) (C1) Collision blocks Fixed prefix (P) Arbitrary suffix (S) (C2) P==P and C1!=C2 and S==S

  18. Specially crafted Specially crafted prefix prefix Collision blocks (C1) Collision blocks (C2) Partial Suffix displayed (S) Partial Suffix displayed (S) File 1 File 2

  19. Collision blocks Fixed prefix (P1) Arbitrary suffix (S) (C1) Collision blocks Fixed prefix (P2) Arbitrary suffix (S) (C2) P1!=P2 and C1!=C2 and S==S

  20. https://shattered.io

  21. MD5 SSL certificate forgery

  22. Victim certificate Rogue signing certificate Serial number Serial number Validity period Validity period Real cert Rogue cert domain name (* wildcard) RSA public key X509 extensions CA=TRUE RSA public key Netscape Comment X509 extension X509 extensions CA=FALSE Signature Signature

  24. Collision resistance Preimage resistance Security Fixed prefix Chosen attack Security claim Best attack Claim 2 64 2 1 MD4 2 64 2 16 2 39 MD5 2 80 2 63 2 77 SHA-1

  26. 2. Compute 3. Develop 1. Craft file 4. Compute near-collision full collision prefix collision blocks attack 2015 2015 - 2016 2016 2017

  27. PDF header PDF header JPEG header JPEG header JPEG comment JPEG comment length length length length 2 collision comment in comment Image 1 Image 2 File 1 File 2

  28. Work in small batches ~1h Refactor code to be stateless Factory paradigm not map-reduce

  29. Determine Craft non Find DV attack linear additional selection success path conditions conditions Write Compute Find Fix attack collision speed-ups solvability code

  30. Final collision check (CPU) Work step by step Collision blocks (C1) Always try to work at the highest step Collision blocks (C1) Parallelized: One thread / one solution Base solution (CPU)

  34. https://github.com/nneonneo/sha1collider https://shattered.io

  35. PDF header JPEG start JPEG comment Fixed Comment length = 0x173 Comment length = 0x17F Collision block JPEG comment Visual Desync Variable Image parsed Image as comment

  42. https://shattered.io

  43. Transition plan slowly in the making

  44. Leverage how collisions are created Only requires one file to detect collision Trivial Negligible false positives differences required for feasible attacks

  45. Github.com JGit

  46. Git 2.12.2 (Mar 2017)

  49. ~4.45%

  50. MD 2 128 MD 2 128 2 128 Sponge 2 128 2 256 HAIFA

  51. SHA-1 is dead Counter-cryptanalysis Hash diversity long live to as a means of as a safeguard for SHA-256 & SHA-3 detection the years to come

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mike Bianco Projects 3-4 person groups preferred Deliverables: Poster, Report & main

Mike Bianco Projects 3-4 person groups preferred Deliverables: Poster, Report & main

Announcements Class is 170. Matlab Grader homework, 1 and 2 (of less than 9) homeworks Due 22 April tonight, Binary graded. 167, 165,164 has done the homework. ( If you have not done HW talk to me/TA! ) Homework 3 due 5 May Homework 4 (SVM +DL)

691 views • 40 slides
Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut

Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut

Introduction Black hole entropy in MB model Black hole entropy in PGT Entropy of conformally flat black holes Conclusion Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut za fiziku, Beograd

331 views • 31 slides
Healthwatch Bucks Update Recent reports Staying Safe, Staying Home:telecare services in

Healthwatch Bucks Update Recent reports Staying Safe, Staying Home:telecare services in

Healthwatch Bucks Update Recent reports Staying Safe, Staying Home:telecare services in Buckinghamshire a survey to find out what people thought of the telecare equipment and services available in Bucks Stoke Mandeville hospital

305 views • 3 slides
Variational approach to data assimilation: optimization aspects and adjoint method Eric Blayo

Variational approach to data assimilation: optimization aspects and adjoint method Eric Blayo

Variational approach to data assimilation: optimization aspects and adjoint method Eric Blayo University Grenoble Alpes and INRIA A Objectives introduce data assimilation as an optimization problem discuss the different forms of the

1.18k views • 102 slides
Network Inference Ezequiel Bianco Martinez Dr. Murilo Baptista Complex Systems Complex Systems

Network Inference Ezequiel Bianco Martinez Dr. Murilo Baptista Complex Systems Complex Systems

Network Inference Ezequiel Bianco Martinez Dr. Murilo Baptista Complex Systems Complex Systems NETWORKS Networks Robustness Prevent cascades Synchronizability Coherence Cost vs . Efficiency Improve transport

975 views • 31 slides
ATT&CKing the Castle Chip Greene Conrad Layne Introductions Chip Greene Conrad Layne

ATT&CKing the Castle Chip Greene Conrad Layne Introductions Chip Greene Conrad Layne

ATT&CKing the Castle Chip Greene Conrad Layne Introductions Chip Greene Conrad Layne Director, Cyber Security GE CIRT ICS SecOps, Operational Readiness Senior Cyber Intelligence Analyst, Veterans Network Lead ATT&CK Czar MS

599 views • 38 slides
Scientific Programming Lecture A05 - Designing programs Andrea Passerini Universit degli Studi

Scientific Programming Lecture A05 - Designing programs Andrea Passerini Universit degli Studi

Scientific Programming Lecture A05 - Designing programs Andrea Passerini Universit degli Studi di Trento 2019/10/22 Acknowledgments: Alberto Montresor, Stefano Teso This work is licensed under a Creative Commons Attribution-ShareAlike 4.0

554 views • 36 slides
Scientific Programming: Part B Lecture 2 Luca Bianco - Academic Year 2019-20

Scientific Programming: Part B Lecture 2 Luca Bianco - Academic Year 2019-20

Scientific Programming: Part B Lecture 2 Luca Bianco - Academic Year 2019-20 luca.bianco@fmach.it [credits: thanks to Prof. Alberto Montresor] Introduction Complexity The complexity of an algorithm can be defined as a function mapping the

884 views • 45 slides
New opportunities in optical testing given by photochromic materials Giorgio Pariani, Martino

New opportunities in optical testing given by photochromic materials Giorgio Pariani, Martino

New opportunities in optical testing given by photochromic materials Giorgio Pariani, Martino Quintavalla, Rossella Castagna, Letizia Colella, Chiara Bertarelli, Frederic Zamkotsian, Andrea Bianco Photochromic materials F Change of: F 3 -

832 views • 17 slides
BenchCouncil AIBench --- A Datacenter AI Benchmark Suite Wanling Gao, Fei Tang, Jianfeng Zhan

BenchCouncil AIBench --- A Datacenter AI Benchmark Suite Wanling Gao, Fei Tang, Jianfeng Zhan

BenchCouncil AIBench --- A Datacenter AI Benchmark Suite Wanling Gao, Fei Tang, Jianfeng Zhan http://www.benchcouncil.org/AIBench/index.html INSTITUTE O BenchCouncil OF C Bench19, Denver, Colorado, USA COMPUTING T TECHNOLOGY Why

1k views • 61 slides
Changing Network Detection Using Bro and Distributed Computing Concepts Mike Reeves @TOoSmOotH

Changing Network Detection Using Bro and Distributed Computing Concepts Mike Reeves @TOoSmOotH

Changing Network Detection Using Bro and Distributed Computing Concepts Mike Reeves @TOoSmOotH Who are you and why are you talking to me? 16 years in InfoSec, 19 years total IT Work at FireEye Huge Bro fan Lots of

665 views • 27 slides
Chart 1 U.S. Personal Saving Rate and Household Debt (consumer plus mortgage) as a % of

Chart 1 U.S. Personal Saving Rate and Household Debt (consumer plus mortgage) as a % of

Chart 1 U.S. Personal Saving Rate and Household Debt (consumer plus mortgage) as a % of Disposable Personal Income Last Points 4Q 2015- Saving Rate, 5.4%; HH Debt, 104.7% 16% 140% 130% 14% 120% 12% 110% 10% 100% 90% 8% 80% 6% 70%

769 views • 48 slides
STELLA: A Domain Specific Language for Stencil Computations Carlos Osuna, Center for Climate

STELLA: A Domain Specific Language for Stencil Computations Carlos Osuna, Center for Climate

STELLA: A Domain Specific Language for Stencil Computations Carlos Osuna, Center for Climate Systems Modeling, ETH Zurich Tobias Gysi, Department of Computer Science, ETH Zurich Oliver Fuhrer, Federal Office of Meteorology and Climatology,

609 views • 45 slides
Women on Boards in Italy Magda Bianco, Angela Ciavarella, Rossella Signoretti Banca dItalia,

Women on Boards in Italy Magda Bianco, Angela Ciavarella, Rossella Signoretti Banca dItalia,

Women on Boards in Italy Magda Bianco, Angela Ciavarella, Rossella Signoretti Banca dItalia, Consob Workshop on Diversity in Boards De Nederlandsche Bank Amsterdam, 19 December 2013 Outline 1. Literature and motivation 2. Women and the

475 views • 25 slides
On Model Checking Techniques for Randomized Distributed Systems Christel Baier Technische

On Model Checking Techniques for Randomized Distributed Systems Christel Baier Technische

On Model Checking Techniques for Randomized Distributed Systems Christel Baier Technische Universit at Dresden joint work with Nathalie Bertrand Frank Ciesinski Marcus Gr oer 1 / 161 Probability elsewhere int-01 randomized

1.65k views • 161 slides
JRA2 Task 24.7 Testing JRA Face to Face Meeting ESRF Ivan Andrian 2018.05.24 2 Data

JRA2 Task 24.7 Testing JRA Face to Face Meeting ESRF Ivan Andrian 2018.05.24 2 Data

JRA2 Task 24.7 Testing JRA Face to Face Meeting ESRF Ivan Andrian 2018.05.24 2 Data Storage for DaaS VM/Docker KVM Access Data Expose it i 2.5 600GB 15kRPM A 800GB HGST NVMe (1 SSD serves 5 OSDs) 6TB 7200RPM B SSD for

255 views • 12 slides
New observable for CP asymmetry in charm decays Hsiang-nan Li ( ) Academia Sinica,

New observable for CP asymmetry in charm decays Hsiang-nan Li ( ) Academia Sinica,

New observable for CP asymmetry in charm decays Hsiang-nan Li ( ) Academia Sinica, Taipei Presented at HFCPV, Wuhan Oct. 27, 2017 In collaboration with D. Wang, F.S. Yu Direct CP violation Direct CP asymmetry established in kaon

375 views • 18 slides
Tensor Methods: A New Paradigm for Probabilistic Models and Feature Learning Anima Anandkumar

Tensor Methods: A New Paradigm for Probabilistic Models and Feature Learning Anima Anandkumar

Tensor Methods: A New Paradigm for Probabilistic Models and Feature Learning Anima Anandkumar U.C. Irvine Learning with Big Data Data vs. Information Data vs. Information Data vs. Information Missing observations, gross corruptions,

560 views • 38 slides
inference-making Cat Davies, Michelle McGillion, Danielle Matthews This session will 1. Review

inference-making Cat Davies, Michelle McGillion, Danielle Matthews This session will 1. Review

Book sharing to support inference-making Cat Davies, Michelle McGillion, Danielle Matthews This session will 1. Review the role of inferencing in language comprehension; 2. Summarise research on the development of inferencing, including

254 views • 14 slides
Scheduling Jobs with Unknown Duration in Clouds Siva Theja Maguluri, Student Member, IEEE, and R.

Scheduling Jobs with Unknown Duration in Clouds Siva Theja Maguluri, Student Member, IEEE, and R.

1 Scheduling Jobs with Unknown Duration in Clouds Siva Theja Maguluri, Student Member, IEEE, and R. Srikant, Fellow, IEEE, joint routing (or load balancing) and scheduling algorithm Abstract We consider a stochastic model of jobs arriving at a

353 views • 14 slides
Abelian, nilpotent and solvable quandles David Stanovsk y jointly with M. Bonatto, P. Jedli

Abelian, nilpotent and solvable quandles David Stanovsk y jointly with M. Bonatto, P. Jedli

Abelian, nilpotent and solvable quandles David Stanovsk y jointly with M. Bonatto, P. Jedli cka, A. Pilitowska, A. Zamojska-Dzienio Charles University, Prague, Czech Republic whose students are on strike today starting 12:00 Malta, March

714 views • 30 slides
4TH WORKSHOP ON RECONFIGURABLE COMPUTING FOR MACHINE LEARNING Organisers: Christos Bouganis,

4TH WORKSHOP ON RECONFIGURABLE COMPUTING FOR MACHINE LEARNING Organisers: Christos Bouganis,

4TH WORKSHOP ON RECONFIGURABLE COMPUTING FOR MACHINE LEARNING Organisers: Christos Bouganis, Imperial College London Theocharis Theocharides, University of Cyprus Christos Kyrkou, KIOS, University of Cyprus Nele Mentens, KU Leuven, Leuven

661 views • 4 slides
Topological Phases of Matter Out of Equilibrium Nigel Cooper T.C.M. Group, Cavendish Laboratory,

Topological Phases of Matter Out of Equilibrium Nigel Cooper T.C.M. Group, Cavendish Laboratory,

Topological Phases of Matter Out of Equilibrium Nigel Cooper T.C.M. Group, Cavendish Laboratory, University of Cambridge Solvay Workshop on Quantum Simulation ULB, Brussels, 18 February 2019 Max McGinley (Cambridge) Marcello Caio

350 views • 21 slides
Schema.org Update Guha Outline of talk The context How did we end up where we are with the

Schema.org Update Guha Outline of talk The context How did we end up where we are with the

Schema.org Update Guha Outline of talk The context How did we end up where we are with the Semantic Web Schema.org What it is, status of adoption Interesting examples & applications Schema.org principles, how does

591 views • 44 slides

More recommend