Overview
Syllabus
Intro
Lesson Learned (the hard way)
Standardized Designs
CTR_DRBG: Design
CTR_DRBG: Generate Function
Key Rotation Flaw
Problem 1: Key Not Rotated Often Enough
Problem 2: Lack of Entropy
Is a side-channel attack on CTR_DRBG realistic?
FIPS Requirements
Finding long PRG outputs in TLS handshake
Attack Scenario
Attacking TLS 1.2 RSA key exchange with client auth
Results: State Recovery
Attack Complexity
AES Internal State
Examining the Differential Structure
Differential Attack
Towards a realistic attack
Interrupting SGX Execution
First Attempt
Experimental Setup
Lessons
Taught by
TheIACR