does open source cryptographic software work correctly
play

Does open-source cryptographic software work correctly? Daniel J. - PowerPoint PPT Presentation

Apr 17, 2023 •215 likes •670 views

Does open-source cryptographic software work correctly? Daniel J. Bernstein CVE-2018-0733, an OpenSSL bug Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit

  1. Does open-source cryptographic software work correctly? Daniel J. Bernstein

  2. CVE-2018-0733, an OpenSSL bug “Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte.” Bug introduced May 2016. Does open-source cryptographic software work correctly? Daniel J. Bernstein

  3. CVE-2018-0733, an OpenSSL bug “Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte.” Bug introduced May 2016. How severe is this? “This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme.” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  4. CVE-2018-0733, an OpenSSL bug “Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte.” Bug introduced May 2016. How severe is this? “This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme.” — Yes, 2 16 is “lower than” 2 128 . Does open-source cryptographic software work correctly? Daniel J. Bernstein

  5. CVE-2017-3738, another OpenSSL bug Don’t care about PA-RISC? How about Intel? “There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.” Bug introduced July 2013. Does open-source cryptographic software work correctly? Daniel J. Bernstein

  6. CVE-2017-3738, another OpenSSL bug Don’t care about PA-RISC? How about Intel? “There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.” Bug introduced July 2013. “Attacks against DH1024 are considered just feasible” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  7. CVE-2017-3738, another OpenSSL bug Don’t care about PA-RISC? How about Intel? “There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.” Bug introduced July 2013. “Attacks against DH1024 are considered just feasible” — How long? How much hardware? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  8. CVE-2017-3738, continued “Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  9. CVE-2017-3738, continued “Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.” — Really? How much public scrutiny has the actual computation received from cryptanalysts? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  10. CVE-2017-3738, continued “Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.” — Really? How much public scrutiny has the actual computation received from cryptanalysts? What this looks like to me: “We have analyzed our new cryptosystem and concluded that attacks are not likely.” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  11. CVE-2017-3738, continued “Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.” — Really? How much public scrutiny has the actual computation received from cryptanalysts? What this looks like to me: “We have analyzed our new cryptosystem and concluded that attacks are not likely.” — Don’t we require public review? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  12. Part of the CVE-2017-3738 patch @@ -1093,7 +1093,9 @@ vmovdqu -8+32*2-128($ap),$TEMP2 mov $r1, %rax + vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct imull $n0, %eax + vpaddq $ACC9,$ACC4,$ACC4 # correct and \$0x1fffffff, %eax imulq 16-128($ap),%rbx @@ -1329,15 +1331,12 @@ Does open-source cryptographic software work correctly? Daniel J. Bernstein

  13. Is open-source software bug-free? Eric S. Raymond, 1999: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone. Or, less formally, ‘Given enough eyeballs, all bugs are shallow.’ ” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  14. Is open-source software bug-free? Eric S. Raymond, 1999: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone. Or, less formally, ‘Given enough eyeballs, all bugs are shallow.’ ” — “Beta-tester”: Ultimately, the unhappy user? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  15. Is open-source software bug-free? Eric S. Raymond, 1999: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone. Or, less formally, ‘Given enough eyeballs, all bugs are shallow.’ ” — “Beta-tester”: Ultimately, the unhappy user? — “Almost every problem”: That’s not “all bugs”! Don’t we care about the exceptions? Rare bugs can be devastating, especially for security! Does open-source cryptographic software work correctly? Daniel J. Bernstein

  16. More reasons for skepticism — How do we know how many exceptions there are? How many people are looking for unobvious bugs? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  17. More reasons for skepticism — How do we know how many exceptions there are? How many people are looking for unobvious bugs? — How can there be enough people looking for bugs when most developers prefer writing new code? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  18. More reasons for skepticism — How do we know how many exceptions there are? How many people are looking for unobvious bugs? — How can there be enough people looking for bugs when most developers prefer writing new code? — ESR advocates a development methodology that releases a constant flood of new bugs. Doesn’t this make his “law” automatically true? Is this the correctness metric that users want? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  19. So we should use closed source? “Closed source stops attackers from finding bugs.” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  20. So we should use closed source? “Closed source stops attackers from finding bugs.” — What’s the evidence for this? How long does it take for an attacker to extract, disassemble, decompile the code? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  21. So we should use closed source? “Closed source stops attackers from finding bugs.” — What’s the evidence for this? How long does it take for an attacker to extract, disassemble, decompile the code? “Closed source scares away some lazy academics, so we have fewer bug announcements to deal with.” Does open-source cryptographic software work correctly? Daniel J. Bernstein

  22. So we should use closed source? “Closed source stops attackers from finding bugs.” — What’s the evidence for this? How long does it take for an attacker to extract, disassemble, decompile the code? “Closed source scares away some lazy academics, so we have fewer bug announcements to deal with.” — Sounds plausible, but is the delay worthwhile? e.g. Infineon deployed RSALib very widely before 2017 Nemec–Sys–Svenda–Klinec–Matyas “ROCA”. Does open-source cryptographic software work correctly? Daniel J. Bernstein

  23. Closed source, continued “Closed source makes money, allowing investment in serious code review, producing bug-free code.” — What’s the evidence that this process works? Does open-source cryptographic software work correctly? Daniel J. Bernstein

  24. Closed source, continued “Closed source makes money, allowing investment in serious code review, producing bug-free code.” — What’s the evidence that this process works? This isn’t a talk recommending closed source. Does open-source cryptographic software work correctly? Daniel J. Bernstein

  25. Closed source, continued “Closed source makes money, allowing investment in serious code review, producing bug-free code.” — What’s the evidence that this process works? This isn’t a talk recommending closed source. I’m focusing on open source in this talk because • I spend most of my time with open source and • the only paths that I see towards real security need everything published to build confidence. Does open-source cryptographic software work correctly? Daniel J. Bernstein

  26. Cryptography is notoriously hard to review Mathematical complications lead to subtle bugs. Does open-source cryptographic software work correctly? Daniel J. Bernstein

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Does cryptographic software work correctly? 1. The scale of the problem Daniel J. Bernstein

Does cryptographic software work correctly? 1. The scale of the problem Daniel J. Bernstein

Does cryptographic software work correctly? 1. The scale of the problem Daniel J. Bernstein University of Illinois at Chicago; Ruhr University Bochum CVE-2018-0733, an OpenSSL bug Because of an implementation bug the PA-RISC CRYPTO_memcmp

1.32k views • 106 slides
1 Distribution of work: new functionality Distribution of work: fixes 7 8 Who reports

1 Distribution of work: new functionality Distribution of work: fixes 7 8 Who reports

The case for open source software Open Source Software Why Open Source Software / Free The process, the outcome Software (OSS/FS)? Look at the Numbers! David A. Wheeler The heat, the light Revised as of September 30 2004

464 views • 9 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

Open Source Idea? SHARE and the Origins of Open The basic idea behind open source is very simple: When programmers can read, Source Software: 1953-1972 redistribute, and modify the source code for a piece of software, the software evolves.

530 views • 8 slides
Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Design principles for 5G Toward a new paradigm, All-IT Network architecture Unbundling Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD) Unbundled Function Blocks Open Source Hardware (OCP,

180 views • 15 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

462 views • 14 slides
Open source your daily work! What happens if your daily work is happening in the open?

Open source your daily work! What happens if your daily work is happening in the open?

Open source your daily work! What happens if your daily work is happening in the open? DrupalEurope Darmstadt Bastian Widmer - @dasrecht | @amazeeio We will talk about: open source, challenges, benefits, a bit of history a recap on our past

820 views • 55 slides
The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source Software Amazing times for Open Source Software! Commercial Success Fantastic Success of Open Source Based Businesses! RedHat Acquired by IBM

1.19k views • 52 slides
December 7, 2015 - January 25, 2016 What is open source? Computer software where the source

December 7, 2015 - January 25, 2016 What is open source? Computer software where the source

December 7, 2015 - January 25, 2016 What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes

423 views • 15 slides
Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview Open Source hardware (This is the smallest font) Business model Example circuit, concept -> production Make circuit boards with Open

806 views • 78 slides
Open Source software for libraries Presentation at ECCHRD meeting Budapest, 30-31 May 2011

Open Source software for libraries Presentation at ECCHRD meeting Budapest, 30-31 May 2011

Open Source software for libraries Presentation at ECCHRD meeting Budapest, 30-31 May 2011 Open-source software (OSS) is computer software of which the source code and certain rights are provided under a license that allows others to study,

186 views • 15 slides
Ut Utilizing lizing Free e Op Open n So Source ce So Software are and nd Op Open n

Ut Utilizing lizing Free e Op Open n So Source ce So Software are and nd Op Open n

Ut Utilizing lizing Free e Op Open n So Source ce So Software are and nd Op Open n Data a in the Crop rop Su Suitability ability Anal alysis sis of Adlai dlai for or Cl Climat mate e Ch Change nge Adap daptation ation

670 views • 15 slides
U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com

U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com

U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com Agenda Dream Team Creating U:Kit a smart device that is open source software and open source hardware. and created with/for

173 views • 16 slides
Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal

Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal

Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal , Bu Lake, Alan Ehret, and Michel Kinsy Adaptive & Secure Computing Systems Lab Department of Electrical & Computer Engineering Boston

964 views • 48 slides
Investigating the Effectiveness of Greedy Algorithm on Open Source Software Systems for

Investigating the Effectiveness of Greedy Algorithm on Open Source Software Systems for

Research Motivation and Aim Related Work Solution Approach Dataset and Results Conclusion References Investigating the Effectiveness of Greedy Algorithm on Open Source Software Systems for Determining Refactoring Sequence Sandhya Tarwani 1

920 views • 48 slides
The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at Chicago, Eindhoven University of Technology Post-quantum cryptography: Cryptography designed under the assumption that the attacker (not the user!) has

1.29k views • 94 slides
Meta Analysis Isabel Canette Principal Mathematician and Statistician StataCorp LLC 2020

Meta Analysis Isabel Canette Principal Mathematician and Statistician StataCorp LLC 2020

Performing Meta Analysis with Stata Meta Analysis Isabel Canette Principal Mathematician and Statistician StataCorp LLC 2020 Portugal Stata Conference Porto, January 25 2020 Isabel Canette (StataCorp) 1 / 42 Performing Meta Analysis with

528 views • 42 slides
Lecture 10: Heckscher-Ohlin Empirics (I) 14.581 14.581 Spring 2013 Spring

Lecture 10: Heckscher-Ohlin Empirics (I) 14.581 14.581 Spring 2013 Spring

14.581 International Trade Lecture 10: Heckscher-Ohlin Empirics (I) 14.581 14.581 Spring 2013 Spring 2013 14.581 RV and HO Empirics (I) Spring 2013 1 / 55 Plan of Todays Lecture Empirical work on Ricardo-Viner model: 1

888 views • 56 slides
The first 10 years of Curve25519 Daniel J. Bernstein University of Illinois at Chicago &

The first 10 years of Curve25519 Daniel J. Bernstein University of Illinois at Chicago &

1 The first 10 years of Curve25519 Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven 2005.05.19: Seminar talk; design+software close to done. 2005.09.15: Software online. 2005.09.20: Invited talk

869 views • 73 slides
Matrix Methods for the Bernstein Form and Their Application in Global Optimization June, 10

Matrix Methods for the Bernstein Form and Their Application in Global Optimization June, 10

Matrix Methods for the Bernstein Form and Their Application in Global Optimization June, 10 Jihad Titi J urgen Garloff University of Konstanz Department of Mathematics and Statistics and University of Applied Sciences / HTWG Konstanz

685 views • 30 slides
Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design principles Introduction to Computer Security Software engineering for security Defensive programming 2 (combined lecture) Announcements intermission

632 views • 9 slides
Fast method for testing the smoothness of polynomials Jean-Franc ois Biasse Mike Jacobson

Fast method for testing the smoothness of polynomials Jean-Franc ois Biasse Mike Jacobson

page.1 Fast method for testing the smoothness of polynomials Jean-Franc ois Biasse Mike Jacobson University of Calgary October 2013 Biasse-Jacobson (U of C) Fast smoothness test October 2013 1 / 24 page.2 Presentation of the problem

1.02k views • 89 slides
signSGD Jeremy Bernstein Yu-Xiang Wang Caltech UCSB/Amazon Compressed optimisation for

signSGD Jeremy Bernstein Yu-Xiang Wang Caltech UCSB/Amazon Compressed optimisation for

signSGD Jeremy Bernstein Yu-Xiang Wang Caltech UCSB/Amazon Compressed optimisation for non-convex problems Kamyar Azizzadenesheli Anima Anandkumar UCI Caltech/Amazon Snap gradient components to 1 Reduces signSGD

456 views • 22 slides

More recommend