DeepSec 2015 Workshop: Crypto Attacks – Juraj Somorovsky & Tibor Jager

Fvcelsiuetwq lcv xlt hsyhv xd kexh yw pdp, tlkli? Well, yes and no. ITEzISqbI1ABITAhITAhLZzQFsQ6JnkhMTMhpNK5F5rF9dctkiExMyEv9Fh1ITMzIaX2VCJpEQc= , and that’s where it often goes wrong. Your cryptographic defence can be attacked just as any other barrier you can come up with. Attackers never sleep, you know. Crypto attacks are often facilitated by a simple psychological bias: Since cryptographic algorithms are so complicated (for me), no one can easily figure out how to break them. But this may be true for ASN.1 or Chinese (with apologies to all native speakers, it is meant as a metaphor). The fertile growth of CrypoParties all around the globe documents the interest in using cryptography as a means of protecting data, be it in transit or stored locally. Since you use encryption algorithms every day, regardless if you know about them or not, it’s time to deal with the knowledge about crypto. Dr. Juraj Somorovsky and Dr. Tibor Jager have prepared a two-day training all about crypto for you:

In the recent years, we saw an increasing deployment of cryptography. Cryptography is currently used in various scenarios, ranging from secure messaging or emails, to web services and JavaScript applications. This also forces many developers to implement new crypto applications and dive into this topic.

In our workshop, we give an overview of the most important cryptographic attacks. To our knowledge, this is the best (and funniest) way to learn proper crypto implementation, and how not to get a target of famous attacks.

The course is dedicated to developers and penetration testers, who are already familiar with basic cryptographic concepts (you should be familiar with modular exponentiation or basic principles behind RSA).

If you can’t decipher the two encrypted snippets in the introduction, then this workshop is for you. You  might want to watch the videos of the Stanford Cryptography Course found online. The lecture videos can be found on YouTube, and are freely available. We recommend Juraj’s and Tibor’s workshop to anyone working with and using cryptography – software engineers, sysadmins, project managers, IT architects, and – yes – managers. If you work for a financial institution, we strongly advise taking this training! We have our reasons for the latter recommendation, and we won’t talk about it publicly. At least not for now.

Juraj_SomorovskyDr. Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security“ he analyzes various cryptographic attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications and in countless frameworks and applications. He presented his work at many scientific and industry conferences, including Usenix Security or OWASP Germany. Currently, he works as a Postdoc at the Ruhr University Bochum, and as a security specialist for his co-founded company 3curity GmbH.

tibor jagerDr. Tibor Jager is an academic cryptographer, doing research in applied and theoretical cryptography. His work focuses on practical cryptographic constructions, attacks and countermeasures, and the design and formal analysis of cryptographic protocols. He teaches computer networks and IT-security at Ruhr University Bochum. Together with Juraj Somorovsky, he found and reported flaws in cryptographic standards and libraries, including W3C’s XML Encryption.


Tags: , ,

5 Responses to "DeepSec 2015 Workshop: Crypto Attacks – Juraj Somorovsky & Tibor Jager"