Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Assessing and Exploiting BigNum Vulnerabilities

Black Hat via YouTube

Overview

Explore the intricacies of BigNum vulnerabilities in cryptography implementations during this 49-minute Black Hat conference talk. Delve into the implications of bugs in multi-precision integer arithmetic and their potential for exploitation in asymmetric cryptographic primitives. Learn about bug patterns, exploitation requirements, and strategies for automated bug hunting. Examine case studies including CVE-2014-3570 in OpenSSL, GMP 5 multiplication bugs, and issues in libgcrypt 1.6.0. Discuss challenges in symbolic execution, alternative property-based bug hunting methods, and fuzzing techniques. Gain insights into assessing and exploiting these vulnerabilities to enhance cryptographic security.

Syllabus

Intro
Outline
Motivation: break crypto, maybe?
Introduction to BigNum Arithmetic
Widely used implementations
Anatomy of CVE-2014-3570
OpenSSL's impact assessment (1/2)
Counterargument
GMP 5 mult bugs
The patch
Bug pattern: carry mispropagation
libgcrypt 1.6.0
Symbolic Execution Challenges
Galois' SAW
Alternative property-based bug hunting
Fuzzing
Conclusions
Bibliography

Taught by

Black Hat

Reviews

Start your review of Assessing and Exploiting BigNum Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.