#HITB2017AMS D1T2 – Side Channel Attacks Against iOS Crypto Libraries And More – Najwa Aaraj
Powered by iSpeech
Cryptographic primitives and protocols are typically treated as mathematical components that represent the following provable security property: theoretically secure with an established formal security proof. However, in real-world applications, provable security is more often than not weakened by the actual implementation and the properties of the device / system / Operating system on which cryptographic primitives and protocols are deployed – are often exploitable by a side-channel attacker.
Side-channel attacks represent a real threat to cryptographic implementations and as a by-product to the security of a secure system overall in almost all scenarios and use cases. The focus of this research is to study side channel attacks in the context of iOS Operating System, specifically drawing a difference between side channel attacks against user and system level applications using iOS provided crypto library(ies) and those using built-in and / or third party crypto libraries. While running our experiments, we use electromagnetic emanations from the processor as side-channel information and using clock as a trigger to discern Electromagnetic traces.
We then conduct Differential Power Analysis (DPA) against hardened cryptographic implementations in order to recover keys used for symmetric ciphers computations as well as schemes used for Key Exchange / Key Agreement. Electromagnetic emanations will also be used to derive information from stateful protocols execution, where elements of the EM traces Fast Fourier Transform have peak frequencies being observed.
===
Senior Vice President – Special Projects at DarkMatter LLC, with 12+ years experience in information and systems security. International Experience: USA, Middle East, Australia, Africa, Asia
Education
* Ph.D. with Highest Honors in Computer Engineering from Princeton University
* Masters Degree in Computer Engineering from Princeton University
* B.Eng. in Computer and Communication Engineering from American University of Beirut
Employment History
* Lead Senior Associate, Booz & Company, USA and Middle East
* Research Staff Member, NEC Labs-Princeton University, NJ, USA
* Research Staff Member, IBM T. J. Watson, NY, USA
* Research Staff Member, Intel Corporation, Oregon, USA
Cyber Security – Related Experience
Patents: Optimizing performance of integrity monitoring; Patent number: 8949797
Analysis and design of a hardware/software trusted platform module (TPM) for embedded systems
Energy and execution time analysis of a software-based trusted platform module (TPM)
INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment – A framework for defending embedded systems against software attacks
Dynamic Binary Instrumentation-Based Framework for Malware Defense
Hybrid Arch. for Efficient and Secure Face Authentication in Embedded Systems – Architectures for efficient face authentication in embedded systems
Neighbor stranger discrimination: a new defense mechanism against DDOS attacks
source
0 Responses to #HITB2017AMS D1T2 – Side Channel Attacks Against iOS Crypto Libraries And More – Najwa Aaraj