The 1st TCE Summer Course on Computer Security
An Introduction to the Design and Analysis of Authenticated Key Exchange Protocols
Prof. Hugo Krawczyk (IBM Research)
Authenticated key-exchange (AKE) protocols are cryptographic mechanisms by which two parties that communicate over an adversarially-controlled network can generate a shared secret key and be assured that no one other than the intended partner to the communication learns that key. AKE protocols are an essential component of secure communications as they enable the use of efficient symmetric-key techniques (encryption and authentication) to protect bulk communication over insecure channels (e.g., the Internet). In particular, AKE protocols are the most important class of cryptographic protocols in use today with TLS, IPsec and SSH being examples of prime applications whose security fully depends on the underlying AKE protocol.
While the functionality and security requirements of AKE protocols are intuitive and simple, the design of such protocols has proven highly non-trivial with numerous examples of broken protocols. The very formalization of security for these protocols has been challenging and is still an active area of research. In his short course we will cover basic principles of design and analysis of AKE protocols with examples from real-world applications, including IPsec's Key Exchange (IKE) and TLS handshake, and of more advanced protocols. The intention is to use AKE protocols as a window into the challenging world of crypto-protocol design and analysis. While the subject is highly technical, we will try to emphasize more the principles than the mathematical details (yet, a basic knowledge of cryptography will be assumed).
Buffer Overflows and Memory Safety /
Memory Vulnerabilities in Browsers
Prof. Hovav Shacham (UCSD)
Practical Homomorphic Encryption suitable for cryptographic application over the integers mod N
Aviad Kipnis (NDS)
The last couple of years there has been a growing interest in the study of Homomorphic Encryption schemes. Roughly speaking, these schemes enable computation over encrypted data. The existing schemes presented in the literature are fantastic theoretical breakthrough, however their computational complexity makes them inapplicable for practical applications. In this talk I will present an efficient Homomorphic encryption scheme suitable for cryptographic applications over the integers mod N, and present several applications that utilize the scheme.
How to Become a Botnet Operator in 7 Easy Steps
Etay Maor (RSA)
How to become a botnet operator in 7 easy steps – it is no secret that Trojans are proliferating. We often hear and read about the likes of Zeus, Spyeye, Nimkey and other Trojans and their capabilities. Sometimes an article may disclose some screenshots or describe what a Trojan is capable of – but does the operation really look like from the fraudster’s perspective?
In this session we will experience this in first hand! The session includes a unique look into the Trojan mastermind’s space – we will have a full live Spyeye backend server running! We will go through all the steps it takes to deploy a botnet – from purchasing a Trojan to configuring, distributing and managing the flow of credentials. We will experience both the victim’s point of view as well as have a live demo of the back end management console of the Trojan.
During the second part of the session we will take a closer look at different techniques Trojans use to steal data but also to evade detection and analysis. We will have a closer look at the fraudster’s underground and discussion forums, services offered and sold as well as discuss defensive measures and techniques.
Staring at the Beast – Monitoring and Analyzing Hacker Activity
Amichai Shulman (Imperva)
For many year, security professionals were mostly concerned with technical vulnerability research. This type of research provides visibility into the theoretical ways attacker can use to exploit system. Recently we are seeing a shift of efforts into hacker intelligence research. This research is aimed at providing visibility into the actual modus operandi of attackers that would allow both long term and short term solution optimization. The session describes our activities in this area for the past 3 years showing both high level statistical data as well as examples of individual incidents.
Network and application security – Attacks and trends
Tomer Teller (Check Point)
In this technical talk we will discuss the current threat landscape in-depth.
We will review new industry trends and old techniques that still works.
Topics that will be covered:
Network Attacks and Trends
Man-In-The-Middle and Hijacking Attacks
Denial Of Service (DoS) Attacks
Targeted Malware & Analysis
How does targeted malware bypass security products
Static and Dynamic Analysis
The “Protoleak” project introduced in RSA Conference 2012 (https://ae.rsaconference.com/US12/published/rsaus12/sessions/SPO1-303/SPO1-303.pdf)
Side channel leakage and the myth of confinement
Eran Tromer (TAU)
We usually think about the functionality of computer programs in terms of their explicit inputs and outputs, and carefully manage these to ensure confidentiality and integrity. The underlying platform is entrusted to enforce this abstraction with suitable confinement mechanisms, such as memory protection and virtual machines. However, in the real world, low-level implementation details create subtle interactions between the program or device and its environment, leading to side channels — inadvertent and unexpected information leakage. Such leakage range from physical effects such as electromagnetic radiation to machine architecture effects such as resouce contention between virtual machines.
This talk will survey various forms of side channels, and how they can be exploited for gleaning secrets from otherwise-secure systems. The discussion will emphasize side channels that can be observed and exploited in software, and could thus be deployed ubiquitously and undetectably.
Secretly Monopolizing the CPU Without Superuser Privileges
Dr. Dan Tsafrir (CS, Technion)
We describe a “cheat” attack, allowing an ordinary process to hijack any desirable percentage of the CPU cycles without requiring superuser/administrator privileges. Moreover, the nature of the attack is such that, at least in some systems, listing the active processes will erroneously show the cheating process as not using any CPU resources: the “missing” cycles would either be attributed to some other process or not be reported at all (if the machine is otherwise idle). Thus, certain malicious operations generally believed to have required overcoming the hardships of obtaining root access and installing a rootkit, can actually be launched by non-privileged users in a straightforward manner, thereby making the job of a malicious adversary that much easier. We show that most major general-purpose operating systems are vulnerable to the cheat attack, due to a combination of how they account for CPU usage and how they use this information to prioritize competing processes. Furthermore, recent scheduler changes attempting to better support interactive workloads increase the vulnerability to the attack, and naive steps taken by certain systems to reduce the danger are easily circumvented. We show that the attack can nevertheless be defeated, and we demonstreate this by implementing a patch for Linux that eliminates the problem with negligible overhead.