Social Network For CISO (Chief Information Security Officers)
Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.
Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9).
(Source: Black Hat Conference USA 2018)
Speaker: Jay Little
This presentation will introduce Ethereum smart contracts, explain how to reverse engineer binary-only contracts, describe common classes of vulnerabilities, and then show how to investigate attacks on contracts by demonstrating new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions using traces and heuristics.
Speaker: Aurélien Francillon, Giovanni Camurati, Marius Muench, Sebastian Poeplau, Tom Hayes
In this talk, we show that although isolation of digital and analog components is sufficient for those chips to work, it's often insufficient for them to be used securely. This leads to novel side-channel attacks that can break cryptography implemented in mixed-design chips over potentially large distances. This is crucial as the encryption of wireless communications is essential to widely used wireless technologies, such as WiFi or Bluetooth, in which mixed-design circuits are prevalent on consumer devices.
Speakers: Ethan Heilman, Neha Narula
This talk presents attacks on the cryptography used in the cryptocurrency IOTA, developed practical differential cryptanalysis attacks on IOTA's cryptographic hash function Curl-P, allowing us to quickly generate short colliding messages of the same length. Finally, this talk shows that in a chosen message setting we can forge signatures on valid IOTA payments. This talk presents and demonstrates a practical attack (achievable in a few minutes) whereby an attacker could forge a signature on an IOTA payment, and potentially use this forged signature to steal funds from another IOTA user.
>>Go to Presentation
Speaker: Christian Dresen, Jens Müller
OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today's viewpoint this is surprising as both standards rely on outdated cryptographic primitives that were responsible for vulnerabilities in major cryptographic standards. The belief in email security is likely based on the fact that email is non-interactive and thus an attacker cannot directly exploit vulnerability types present in TLS, SSH, or IPsec. We show that this assumption is wrong.
Speaker: Baris Ege, Guilherme Perin,Jasper van Woudenberg
In this talk, We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation and show a live demo of the attack in action. These experiments show that where previously side channel analysis had a large dependency on the skills of the human, first steps are being developed that bring down the attacker skill required for such attacks. This talk is targeted at a technical audience that is interested in latest developments on the intersection of deep learning, side channel analysis and security.
Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.