24C3 - 1.01

24th Chaos Communication Congress
Volldampf voraus!

Referenten
Victor Muñoz
Programm
Tag Tag 1 (2007-12-27)
Raum Saal 2
Beginn 17:15
Dauer 01:00
Info
ID 2324
Veranstaltungstyp lecture
Track Hacking
Sprache en
Feedback

AES: side-channel attacks for the masses

AES (Rijndael) has been proven very secure and resistant to cryptanalysis, there are not known weakness on AES yet. But there are practical ways to break weak security systems that rely on AES.

In this lecture we will see how easy it could be to retrieve AES keys attacking the implementations. When you have physical access to the box that tries to hide a key you can easily spot it, such kind of security could be just named obfuscation but is widely used in DRM technologies like AACS. This is just a demonstration that using a strong security algorithm like AES is not of much sense when give the key somehow obfuscate to the attacker. Remember that the security chain is as strong as the weakest of their components.

Archived page - Impressum/Datenschutz