Tag: Talks (page 1 of 2)

Das zehnte Türchen der #35C3 Memory Lane: Portable Power!

35c3-kalender 10

Das zehnte Türchen.

Wem die elliptischen Kurven von gestern nicht kompliziert genug waren: Hier haben wir die nächste Eskalationsstufe in der nach oben offenen Nerd-Skala. Es geht um Game Boys von Nintendo. Das allgegenwärtige Spielgerät der 1990er-Jahre, das 1991 schon als „Elektronik-Droge“ betitelt wurde, erfreut sich auch heute noch einer treuen Anhängerschar, nicht zuletzt wegen des schmissigen Slogans:

„Now you’re playing with power; PORTABLE POWER!“

Der unvergleichliche Michael Steil stellt im Jahr 2016 in seinem Vortrag „The ultimate Game Boy talk“ mit liebevoller Detailtiefe die verschiedenen Komponenten und Features des Game Boys vor und zeigt, was das kleine 8-Bit-Spielgerät mit seinen vier Klangstimmen und vier Grauschattierungen (oder eher: vier bad shades of green) alles kann.

35c3-kalender 10, michael steil

Michael Steil auf dem #33C3.

Steil zieht seine dichtgepackten Folien (200+, wirklich!) durch, als gäbe es kein Morgen! Wie Nintendo seine Plattformhegemonie durch Logos pflegte und wie man unendliche Weiten in ein begrenztes Pixelraster bringen kann, können alle Interessierten und Lernwilligen hier ansehen:

Das siebte Türchen der #35C3 Memory Lane: Pneumatic Memories

35c3-kalender 7

Das siebte Türchen.

Ein Kernanliegen des Chaos Communication Congress ist es, Uneingeweihten Denkmuster und Lebensgefühl von Hackern nahezubringen. Was es bedeutet, wenn zwei Schwaben aus der Luftdrucktechnik ihre Nerd-Gene einfach nicht zu verleugnen schaffen, konnten wir auf dem 27C3 bewundern.

Wer sagt, dass für Digitaltechnik dringend moderner Hipster-Kram wie Lötzinn oder Halbleiter verbaut werden muss, kann im Vortrag „Logikschaltungen ohne Elektronik“ lernen, wie durch solide Pneumatik die Grundbausteine der technischen Informatik konstruiert werden, um schließlich ganze mit frischer Luft betriebene Flipflops auf bis zu zwanzig Meter langen Schaltplänen zu komplexen Industrieschaltanlagen oder – nach ähnlichem Prinzip in Fluidik – zu hydraulischen Computern zusammenzustecken.

35c3-kalender 8, äpex und xif

Äpex und xif beim #27C3.

Äpex und xif verstecken ihre Liebe zu den nicht-elektronischen Ansätzen der Problemlösungen nicht und weisen mit einer potentiellen Käufergruppe für rein pneumatische Computer sogar praktische Relevanz bis heute nach.

Das vierte Türchen der #35C3 Memory Lane: Mysteriöse Quanten

35c3-kalender 4

Das vierte Türchen.

„Die Quanten sind doch eine hoffnungslose Schweinerei!“, soll Niels Bohr einst an Albert Einstein geschrieben haben. Schweinerei hin oder her, die Quantenphysik ist auf jeden Fall ein faszinierendes Themenfeld, weil sie unser Wissen darüber, wie die Welt funktioniert, grundlegend in Frage stellt. Quantencomputer und Quantenkryptographie sind auf dem Chaos Communication Congress immer wieder gern gesehene Anlässe für eine glorreiche Gehirnverdrehung. Wer sich jemals damit auseinandersetzen wollte oder musste, wird wissen, wie wunderbar erleichternd es ist, wenn ein fähiger Erklärbär dabei hilft.

Einen gut verständlichen Einstieg ins Thema gab Stephanie Wehner auf dem 22C3. In Quantum Entanglement lässt sie Alice und Bob auf unterschiedliche Planeten fliegen, über Quanten miteinander kommunizieren und macht so Grundprinzipien der Quantenmechanik verständlich.

35c3-kalender 4, wehner

Stephanie Wehner beim #22C3.

Vorträge wie dieser sind eine tolle Wissensgrundlage für Congress-Neulinge und alle, die ihren Horizont erweitern möchten. Deshalb wird es auf dem 35C3 erstmals einen Foundations-Track geben, der ausschließlich aus Einsteigervorträgen besteht. Wir sind sehr gespannt!

Ihr wollt das Wissen rund um die mysteriösen Quanten vertiefen? Dann hat media.ccc.de genau das Richtige!

Das zweite Türchen der #35C3 Memory Lane: „Hier supportet der Boss noch selbst“

35c3-kalender 2

Das zweite Türchen.

Nach jedem Congress gibt es üblicherweise eine Reihe von Geräten, die wir weniger gerne nutzen als vorher. Auch auf dem 31C3 in Hamburg wurden in bester Congress-Tradition einige Technologien ordentlich auseinandergenommen und ihre Schwachstellen offengelegt. Manche sorgten dabei für Gelächter und Kopfschütteln.

35c3-kalender 1, kriesel

David Kriesel beim #31C3.

Der Informatiker und begnadete Geschichtenerzähler David Kriesel fügte mit seinem Vortrag „Traue keinem Scan, den du nicht selbst gefälscht hast“ der langen Liste von Hacks und Bugs einen weiteren, eher unerwarteten Punkt hinzu: Xerox-Kopiergeräte, die ein Eigenleben entwickeln und ganze Zeichenfolgen aus den Originaldokumenten in den Kopien verändern, und das offensichtlich über Jahre hinweg.

Kriesels akkurate Darstellung der technischen Probleme und der Reaktionen der Betroffenen machte seinen Vortrag zum meistgesehenen und in unserem Feedback-System bestbewerteten des 31C3 – mittlerweile ein zeitloser Klassiker. Wir lernen auf vergnügliche Weise: Selbst gut abgehangene Technologien sind nicht vor Fehlern gefeit, und noch dazu wiegen diese dann besonders schwer.

Aber was macht man, wenn man einen so gravierenden Fehler im System entdeckt hat, die Herstellerfirma jedoch einfach nicht reagiert? Genüsslich vollzieht Kriesel in seinem mit einer Prise Verschwörungstheorie gewürzten Vortrag die unterschiedlichen Eskalationsstufen nach, liefert unterhaltsame Schlagzeilen aus der Berichterstattung und erklärt nebenbei noch gängige Bildkomprimierungsverfahren.


Neben verschiedenen Videoformaten sind auch Audiodateien des Vortrags verfügbar.

Fahrplan Sneak

The final 30c3 schedule is going to be late, we know… however, please stay tuned, as it’s still work in progress, and we can promise the Fahrplan will be awesome!

We’d like to tell you about some of the security highlights at 30c3. There are three major groups of interest this year:

  1. Cryptography
  2. Hardware & Embedded Device Security
  3. Software & Protocol Reverse Engineering

First, let’s start with a cryptography highlight: Nadia Heninger, Tanja Lange and Daniel J. Bernstein will be presenting “This Year in Crypto”. They will cover stuff that was broken before and continues to be broken again and again. The talk will also cover the coming Cryptopocalyps, backdoors in cryptographic implementations and the authors’ worries and concerns in regard to crypto in general. It’s worth mentioning that they initially recommended that their talk should be part of the Art & Beauty Track, since crypto is beautiful (and finessing crypto is an art).

Another cryptographic highlight this year is a lecture by Dmitry Khovratovich who’s going to talk about White-Box Cryptography. He’s going to explain the differences between White-Box & Public-Key Cryptography and obfuscation. This will include an overview of the white-box crypto concept along with the most common applications and proposed designs.

The Hardware & Embedded Security track will also feature several noteworthy lectures this year. Due to the outstanding quality of the submissions, it’s difficult to mention just a handful of talks. However, we’d like to highlight the following ones:

Console Hacking 2013 – It’s the year of the Wii U. This talk will cover improvements made in the architecture over previous console generations. Still, its security system was completely bypassed, and the authors will show how the Wii U was broken in less than 31 days. You’ll be able to reproduce all of the presented attacks at home – if you bring basic knowledge of embedded systems and CPU architectures.

Staying on the topic of Embedded Security and Embedded Privacy, Martin Herfurt will be presenting his research on Hybrid broadband broadcast TV (HbbTV). This is the new de-facto standard, which is currently being rolled out around the world. This new standard raises several security and privacy concerns. Martin will cover the emerging standard and how to deal with those security & privacy concerns.

Dr. Peter Laackmann will be covering the last 25 years of smartcard hacking (in German). This will be a rather entertaining talk with many crazy IC analysis techniques that you don’t want to miss – even if you’re not that much into technical details of chip-card hacking (or German).

As already mentioned, there is a substantial number of excellent hardware-security related talks this year. To keep the blog post short, here are just a few more that deserve to be mentioned:

  • Ralf P. Weinmann will talk about Hexagon Challenges: Baseband Exploitation in 2013,
  • Dmitry Nedospasov will be presenting his approaches on physical attacks of ICs’ backsides,
  • Adrian Dabrowski is going to introduce you to the RFID Treehouse of Horror, and how to hack city-wide access control systems.

Though it’s difficult to categorize the remaining submissions, they include Software and Protocol Reverse Engineering as well as any remaining software security related topics.

Jan Schejbal and his colleagues reverse engineered one of the implementations of the CHIASMUS cipher, designed by the BSI (Bundesamt für Sicherheit in der Informationstechnik). This work will not only reveal insights on the non-public CHIASMUS-cipher, but also uncover serious implementation issues in the “official” GSTOOL. The implementation issues allow an attacker to crack files that have been encrypted with GSTOOL with very little effort.

Also worth mentioning: Collin Mulliner’s “Dynamic Dalvik instrumentation of Android Applications and the Android framework” as well as Andreas “Bogk’s Bug Class Genocide”. Ilja van Sprundel will try to debunk the greatness of a well known open-source project: the X11 or X.org code.

See you at 30c3!

30c3 Security team

Workshops – and all other events besides the main talks

tldr:
Congress is made by you! Please add your workshop. A “workshop” is just something, that happens at a special time and place, but not in one of the big halls.

As you may have read in the blogpost on assemblies this congress will be even more community driven than it used to be. One step towards this is allowing you to hold your own sessions on whatever topic you think is important. We kindly ask you to prepare “workshops”.

That does not mean, that it has to be something with hands-on and making – sure it could be! But workshops can also be a gathering of a project group or discussing a special topic. They can be contests or games, activies outside of the building or even small talks, a follow-up-discussion on one of the “big talks” or any other topic that happened rencently – or something completely different that you think deserves a place at the congress!

This year we will generate one big schedule of all those events, so that you can see everything that happens on one page. This is done using the semantic features of the wiki – so it is very important that you use the forms properly when you add your workshop.

For workshops we will have four fixed places, and maybe some more dynamic space at your assembly. The rooms are:
* workshop 12, with 60 square meters
* workshop 13, with 78 square meters
* workshop 14, with 60 square meters
* and the speaker’s corner, that is an open space close to hall 1 and the main foyer.

Please refer also to the wikipage to find more details on how to add your workshop.

Invite all the Speakers!

You know someone who could tell us interesting things at the congress? You recently read an article and thought “It would be great to hear that person speak at the congress”? But you are not sure if he/she/it knows about it? Then just tell them!

There are many ways to do that, the easiest one would be sending an email like this:

“Hey [name], I like your [article /talk/project/something] and I would love to see you at the 29th Chaos Communication Congress. You can find the Call for Participation here: [link]. If you need any help with the submission form I would be happy to assist you. Be aware that the submission deadline is September 30th!”

Of course it would be much nicer if you wrote some more:
You could write some words about the congress: you can use the Wikipedia entry or the older congress pages for copypasta. It will be even nicer if you find your own words. You can also point out that a lot of great people have spoken at the last editions of Chaos Communication Congress, and this would be a good opportunity to be listed on the same page with those people ;)

Please make sure that the speaker does not get the impression that you are from the content team or that you are issuing an official invitation.

You could also write to 29-content@cccv.de and suggest a speaker. Tell us something about him/her and how great it would be to have them! Give us links to talks he/she held and just everything we should know to invite him/her.

Let’s build a great congress together!

Camp Schedule Published

Almost a week ago we published the Camp Fahrplan (schedule). Follow this link for more information.

Crypto Talk at 27C3: FrozenCache – Mitigating cold-boot attacks for Full-Disk-Encryption software, Day 3, 23:00, Saal 2

Cold BootsAs a general attack against encryption software on a computer, the cold boot attack was presented at 25C3. To encrypt data on a PC, many programs store the encryption key in RAM. The key is usually derived from a password or loaded from the hard disk where it is protected by a password too. The key resists as least as long as the encryption operation take in RAM. For many applications like Full-Disk-Encryption or Email Signatures, it is convenient to keep the key permanently in RAM, once it has been loaded, so that the user doesn’t need to enter his password again and again.

To protect the key from unauthorized access, computers are locked when the legitimate user is away or the computer has been switched to power-saving-mode. To gain access again, the user needs to type a password or needs to identify himself using a fingerprint reader or any other kind of biometric authorization device. Of course, the key is still in RAM for the whole time.

Here, the cold boot attack kicks in. At 25C3, it has been shown that RAM chips (DRAMs) can be easily removed from a running PC, Server or Laptop Computer, and their content can be extracted afterward. Even if the device has just been turned off, the content of the RAM fades only slowly away, depending on the exact type of RAM and its temperature. Even if some bits are recovered incorrectly, the correct encryption key can still be found an corrected, because many cryptographic algorithms use a lot of redundancy in they keys (round-keys for AES for example).

One way to counter the attack could be to store the keys only in the computer cache, instead of RAM. In contrast to the RAM which is a separate device connected to the computers motherboard, the Cache resides on the CPU die, and cannot easily be extracted or read-out. However, caches are hard to control and one needs to make sure that keys are really frozen in the cache and are never written to the RAM:Frozen Cache

Cold boot attacks are a major risk for the protection that Full-Disk-Encryption solutions provide. FrozenCache is a general-purpose solution to this attack for x86 based systems that employs a special CPU cache mode known as “Cache-as-RAM”. Switching the CPU cache into a special mode forces data to held exclusively in the CPU cache and not to be written to the backing RAM locations, thus safeguarding data from being obtained from RAM by means of cold boot attacks.

Personally, I am interested in this talk, because it might be a good solution to use secure full-disk encryption software, without always having to shutdown your computer when you leave it unattended.

See the talk, Day 3, 23:00, Saal 2!

Autor: Erik Tews

Older posts

© 2018 CCC Event Blog

Theme by Anders NorenUp ↑