Breaking (and Fixing) Real World Crypto
In recent years, new forms of communication between people and devices have revolutionized our daily lives. The Internet has become the leading platform for human interaction (e.g., social networks), commerce, information, and also control of physical devices (e.g., Internet of Things). This new connectivity creates new security and privacy risks for individual users and organizations. It also increases the complexity and diversity of the different security and cryptographic solutions we need to protect against increasingly sophisticated and motivated attackers. Designing and implementing a secure system is a very elusive process. One needs to clearly identify the security targets (e.g., maintaining the confidentiality of the messages or preventing access from non-authorized entities) as well as the adversarial capabilities.
In this talk, I will show how we can combine cryptanalytic techniques with various side-channels to break the security guarantees of real-world implementations of cryptographic protocols, and how novel solutions can help mitigate the root causes of these vulnerabilities.