DC442031 January 2017
1st Talk
The Importance of Security for Safety in IoT
Speaker
Dr. Cédric Lévy-Bencheton, IOActive
Synopsis
With the rise of the Internet of Things, every object becomes connected to the Internet. These objects bring us added-value services in our daily life, by exchanging data on networks and computers. This becomes a real concern when manufacturer IoT-ify safety devices without thinking about their security.
In this talk, we try to raise awareness on what could be the consequences of insecure IoT safety devices. As an example, we present common vulnerabilities found in cars and propose solutions that should improve the safety of citizens through security. We extend the discussion to Critical Infrastructures and what current efforts exist in the community to make future IoT deployments more safe and secure.
Speaker Bio
Dr. Cédric Lévy-Bencheton is Managing Consultant at IOActive, the only security consultancy with a global presence and deep expertise in hardware, software, and wetware assessments. He promotes the need for security in every domain of our society, with a focus on the Internet of Things.
Previously, Dr. Cédric Lévy-Bencheton was expert in cyber security at ENISA, the European Union Agency for Network and Information Security, where he developed the area of Smart Infrastructures and the concept of security for Safety. Before that, he designed critical networks for public transports. He was also a researcher in telecommunications.
Dr. Cédric Lévy-Bencheton has obtained a Ph.D. in Telecommunications from University Lyon in 2011.
2nd Talk
Investigating the Origins of RSA Public Keys
(Best Paper Award @ USENIX Security 2016)
Speaker
Dan Cvrcek (@DanCvrcek)
Original paper by Petr Svenda et al (Masaryk University, Czech Republic), presented by Dan Cvrcek (including some practical results by Enigma Bridge)
Synopsis
Can bits of an RSA public key leak information about design and implementation choices such as the prime generation algorithm? We analysed over 60 million freshly generated key pairs from 22 open- and closed-source libraries and from 16 different smartcards,revealing significant leakage. The bias introduced by different choices is sufficiently large to classify a probable library or smartcard with high accuracy based only on the values of public keys.
Such a classification can be used to decrease the anonymity set of users of anonymous mailers or operators of linked Tor hidden services, to quickly detect keys from the same vulnerable library or to verify a claim of use of secure hardware by a remote party.
The talk will be based on Usenix Security 2016 paper and will also provide fresh details from our continuous analysis of more libraries and smartcards we perform after the conference itself.