DeepSec 2019 Workshop: Attacks on the Diffie-Hellman Protocol – Denis Kolegov & Innokentii Sennovskii
This workshop is a hands-on task-based study of the Diffie-Hellman protocol and its modern extensions focusing on vulnerabilities and attacks. It is not a full day training, but it will be held during the conference. Everyone interested in applied cryptography and attacks connected to this topics should attend. Seats are limited!
Some of the topics that will be highlighted:
Diffie-Hellman key exchange
Elliptic-curve Diffie-Hellman
Variants of Diffie-Hellman protocol: Ephemeral, static, anonymous, authenticated Diffie-Hellman
X3DH, Noise and SIGMA protocols
Forward secrecy and post-compromise security
Small-subgroup attack
Pollard’s rho and lambda algorithms
Invalid curve attack
Curve twist attack
Protocol attacks (MitM, replay, KCI, UKS)
Labs:
Small subgroup attack against multiplicative group DH
Invalid curve attack against ECDH
Twist attack
KCI attack
Key Takeaways
Learn about Diffie-Hellman key exchange
Learn about applying Diffie-Hellman in modern protocols
Hands-on experience in implementation of the classic attacks
Target Audience
Anyone who has a strong interest in cryptography and prefers “learning by doing” approach.The workshop is suitable for software developers, penetration testers, reverse engineers, quality assurance engineers and students.No specific background or explicit knowledge of group theory or number theory is required.Attendees should be familiar with Python or Golang. Some experience with programming or hacking is recommended.
Skill Level
Beginner/Intermediate
What Students Should Bring
A laptop prepared with Python 3, Sage, Docker and Golang 1.12.
Innokentii Sennovskii has 5 years of information security experience primarily in the fields of reverse engineering and system programming. He is a senior computer forensics specialist at BiZone LLC and a visiting lecturer at Harbour.Space University for Technology and Design (Barcelona, Spain). His primary interests lie in the fields of cryptography, reverse engineering, and exploitation. He discovered a vulnerability in Intel CPUs (Meltdown Variant 3a, CVE-2018-3640). Innokentiy is a part of LCBC CTF team; before joining BiZone, he won first place as part of this team in CTFZone competition. This year he won Insomnihack CTF as a part of the LCBC team. He was also placed second in PHDays VI car hacking competition as well as the latest PHDays’ HackBattle competition.
Denis Kolegov is a principal security researcher at BiZone LLC and an associate professor of Computer Security at Tomsk State University. His research focuses on network security, web application security, cryptography engineering, and covert communications. He holds a PhD and an associate professor degree. Denis presented at various international security conferences including Power of Community, Area41, SecurityFest, Zero Nights, Positive Hack Days, InsomniHack, and SibeCrypt.