24C3 - 1.01

24th Chaos Communication Congress
Volldampf voraus!

Victor Muñoz
Day Day 1 (2007-12-27)
Room Saal 2
Start time 17:15
Duration 01:00
ID 2324
Event type lecture
Track Hacking
Language en

AES: side-channel attacks for the masses

AES (Rijndael) has been proven very secure and resistant to cryptanalysis, there are not known weakness on AES yet. But there are practical ways to break weak security systems that rely on AES.

In this lecture we will see how easy it could be to retrieve AES keys attacking the implementations. When you have physical access to the box that tries to hide a key you can easily spot it, such kind of security could be just named obfuscation but is widely used in DRM technologies like AACS. This is just a demonstration that using a strong security algorithm like AES is not of much sense when give the key somehow obfuscate to the attacker. Remember that the security chain is as strong as the weakest of their components.