Description
HB+ is a well-know authentication scheme purposely designed to be lightweight. However, HB+ is vulnerable to a key-recovery, man-in-the-middle (MiM) attack dubbed GRS. To this end, at WiSec2015, the HB+DB protocol added a distance-bounding dimension to HB+, which was experimentally shown to counteract the GRS attack.In this talk, we will exhibit however a number of security flaws in the HB+DB protocol. Some attacks are authentication-driven, others relate to distance-bounding. What is more, we will show that a small refinement on the GRS-strategy still leads to key-recovery in HB+DB, un-deterred by its distance-bounding dimension. We will also propose a new distance-bounding protocol called BLOG, which is based on HB+DB but which is provably secure, enjoys better (asymptotical) security and is more lightweight.
Infos pratiques
Prochains exposés
-
Hardware-Software Co-Designs for Microarchitectural Security
Orateur : Lesly-Ann Daniel - EURECOM
Microarchitectural optimizations, such as caches and speculative out-of-order execution, are essential for achieving high performance. However, these same mechanisms also open the door to attacks that can undermine software-enforced security policies. The current gold standard for defending against such attacks is the constant-time programming discipline, which prohibits secret-dependent control[…]-
SoSysec
-
Hardware/software co-design
-
Micro-architectural vulnerabilities
-
-
Should I trust or should I go? A deep dive into the (not so reliable) web PKI trust model
Orateur : Romain Laborde - University of Toulouse
The padlock shown in the URL bar of our favorite web browser indicates that we are connected using a secure HTTPS connection and providing some sense of security. Unfortunately, the reality is slightly more complex. The trust model of the underlying Web PKI is invalid, making TLS a colossus with feet of clay. In this talk, we will dive into the trust model of the web PKI ecosystem to understand[…]-
SoSysec
-
Protocols
-
Network
-