 |
||||||||||
|
Condado Plaza Hilton, San Juan, Puerto Rico, USA
December 3-4, 2018
Collocated with
ACSAC
2018
Training Sessions
The first day of the SSPREW offers the following training sessions:
Breaking Obfuscated Programs with Symbolic Execution
Presenter: Sebastian Banescu, Technical University of MunichThis tutorial will cover why it is important that an obfuscated program be resilient against symbolic execution attacks. One or two free obfuscation tools such as Tigress and OLLVM will be used to obfuscate C programs. The tutorial will show how naively employing obfuscation transformations can lead to programs which are easy to break using symbolic execution tools such as KLEE, angr or Triton. Finally, the talk will cover how to carefully choose the right obfuscation transformations to significantly raise the bar against symbolic execution.
Docker image download: https://hub.docker.com/r/banescusebi/obfuscation-symex/
Side-Channel Attacks on Embedded Systems
Presenter: Damien Couroussé, CEA LIST, Grenoble, FranceSide-Channel Attacks and Fault Injection Attacks are the two sides of the same threat, where the attacker exploits a physical access to the target device. Those attacks are very powerful because they break the standard assumptions about the security of cryptographic primitives: by exploiting the (very) partial knowlegde of the implementation of a secured component, it is possible to 'break' the security of this component. In the world of physical attacks, the security assumptions provided by traditional cryptanalysis need to be reconsidered. E.g. the stream cipher AES, otherwise considered secure, needs to be protected against such attacks.
In this tutorial, we will introduce the working principle of side-channel attacks. We will show how it is possible to recover a secret cipher key using Correlation Power Analysis. We will then introduce the principles of the main countermeasures against side-channel attacks; we will observe their impact on the effectiveness of side-channel attacks, and their limits.
Tool Download: https://github.com/cogito-cea/mylittlepwny
Tutorial download-1: https://we.tl/t-vK9yCnbbct
Tutorial download-2: https://we.tl/t-jBYESPGvFt