Friday, June 24, 2011

University of Maryland: Cyber Security Center..

Dear Cyber Security Center,
If you need new Faculty Security Researchers, please listen to your job's page, it seems to be asking for me :D :D.

This is only one of some (.... maybe several is the correct word .... :) vulnerabilities found on their web-site. It has been two months since I sent a warning email to the center .... no response.. It's time to a personal post ;).

Keeping traveling .....

Monday, June 20, 2011

Perfect eavesdropping on a quantum cryptography system

Quantum cryptography involves encoding messages using a key that is rendered secret by a quantum-mechanical principle – that the act of measuring affects the system being measured. In one popular scheme, the sender "Alice" sends a key in the form of a series of polarized single photons to the receiver "Bob". Alice polarizes each photon at random using either a horizontal–vertical polarizer or a polarizer with two diagonal axes. Bob detects each photon by also randomly selecting one of the two different polarizers.

If Bob happens to pick the same polarizer as Alice, then he will definitely measure the correct polarization of a given photon. Otherwise, as the uncertainty principle dictates, there is a 50% chance he will get it wrong. Once he has made all the measurements, Bob asks Alice over an open channel which polarizers she used for each photon and he only keeps the results for those measurements where he happened to pick the correct polarizer, and this series of results becomes the secret key.

While in principle unbreakable, quantum cryptography is known to have weaknesses in practice.

Another great reading !

Reading: Android memory Analysis

I know, it's been a while since my last post. This is teaching time for me and I have very few time for my blog and my personal stuff. Later (July and August) will be my "traveling time" (some working travels and a vacation one) that might reduce my POSTing frequency (or might not ;).

Beside that, today I want to suggest an interesting reading from Digital Forensics Solutions called: "Memory Analysis of the Dalvik (Android) Virtual machine"

These slides are pretty easy to read and reach of bibliography, where you can find tools and white papers for additional informations. Have a nice reading !

Wednesday, June 8, 2011

eGOV 2011

Google Analytics says I have 84 followers from The Netherlands...

To everybody who's living near Delft, The Netherlands. I am going to present a paper titled: "Exploring Information Security Issues in Public Sector Inter-Organizational Collaboration" during eGov 2011. I'll be in town from August 27 to September 2. If someone interested on security want to have a beer together while discussing about security stuff I'll be happy in meeting you. Just drop a comment or write me an email.

Sunday, June 5, 2011

Social Reverse Engineering

Hi Folks,
after some days off (holidays!) I am back with an amazing news (at least to me) which proves on one hand how powerful is reverse engineer and on the other hand how spread is this techniques. That reverse engineering was a super powerful tool on the hands of security folks is pretty obvious, BUT that an entire widely protected protocol could be reversed and then made it public shows the real spirit of reverse; making it much more powerful than what I though. In fact often companies and agencies ask for reverse, but they will never release the results (IDA dbs..for example). The reverse engineering's results are such as only one (or few) reverser could analyze them. Once the reverse becomes public it acquires much more power than ever. This is a totally new approach which fortunately starts to become popular... I would like to call it "social reverse engineering" (SRE).

The reverse engineering is becoming popular and popular, thanks to the always improved tools (like IDA Graphic View), and thanks to people who spend hours in writing blogs and/or in teaching students on how to perform it.

Combining these two factors: (a) the need to share reverse results and (b) the ability of more people to understand and to follow on the reverse engineering that has been done, becomes easy the way for the SRE.

So, we said that reverse is becoming a spread and powerful technique: the so called "Social Reverse Engineering" ... but is that good or bad ? It really depends ... as always is. But generally speaking (at least to me) it could be a great way to control closed source code, denying backdoors and/or spywares, "sometimes" hidden into executables.

Skype-Open-Source, as far as I know, is the greatest example of this starting event of sharing reverse eng. Right now, something like 8,000 downloads have been done, many of them are now working on the Skype-Open-Source results. I don't know any dedicated social media (as facebook or tweeter), any SRE web site, but I am pretty sure they will land pretty soon. And when they will, please let me know I'd like to be one of the first users ;)

Wednesday, June 1, 2011

TRESOR: Secure Encryption Out of RAM !

Well, probably everybody knows that USENIX conferences are one of the best security conferences where you can present your research, TRESOR is only one of the great paper presented this year. Built mainly from University of Erlangen-Nuremberg, Germany it ensures that all encryption states as well as the secret key and any part of it are only stored in processor registers throughout the operational time of the system, thereby substantially increasing its security. Their solution takes advantage of Intel’s new AES-NI instruction
set and exploits the x86 debug registers in a non-standard way, namely as cryptographic key storage. TRESOR is compatible with all modern Linux distributions, and its performance is on a par with that of standard AES implementations. I totally suggest this reading which better explains how it works.

TRESOR is resistant against cold boot attacks and other attacks on main memory. If you don't remember these kind of attacks, I suggest those readings (yet USENIX): "Lest We Remember: Cold Boot Attacks on Encryption Keys", "Introduction to Cold Boot Attack" and those experimental guidelines from Princeton University... and yes, of course the attack code (From Princeton University too)

Running TRESOR on a 64-bit CPU that supports AES-NI, there is no performance penalty compared to a generic implementation of AES and the supported key sizes are 128, 192 and 256 bits (full AES).

Running TRESOR on a plain old 32-bit CPU, supporting at least SSE2, is possible as well. But you get a performance penalty of about factor six compared to generic AES and the only supported key length is 128 bits. Thus, we recommend to use TRESOR in combination with one of Intel's new Core-i processors supporting AES-NI (e.g., Core-i5 or Core-i7).

Here the Download Page.
Here the configuration and utilization page.

As they honestly pointed out, Loop-Amnesia is a similar project.