Home
Search results “Opportunities in whitebox cryptography”
Understanding the execution flow of the binary - White Box Unboxing 1/4 - RHme3 Qualifier
 
15:10
We start to reverse engineer a crypto binary with Hopper. Challenge: https://github.com/Riscure/Rhme-2017/tree/master/prequalifications/White%20Box%20Unboxing -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 11729 LiveOverflow
[CB17] Key recovery attacks against commercial white-box cryptography implementations
 
50:15
White-box cryptography aims to protect cryptographic primitives and keys in software implementations even when the adversary has a full control to the execution environment and an access to the implementation of the cryptographic algorithm. It combines mathematical transformation with obfuscation techniques so it’s not just obfuscation on a data and a code level but actually algorithmic obfuscation. ​ In the white-box implementation, cryptographic keys are mathematically transformed so that never revealed in a plain form, even during execution of cryptographic algorithms. With such security in the place, it becomes extremely difficult for attackers to locate, modify, and extract the cryptographic keys. Although all current academic white-box implementations have been practically broken by various attacks including table-decomposition, power analysis attack, and fault injection attacks, There are no published reports of successful attacks against commercial white-box implementations to date. When I have assessed Commercial white box implementations to check if they were vulnerable to previous attacks, I found out that previous attacks failed to retrieve a secret key protected with the commercial white-box implementation. Consequently, I modified side channel attacks to be available in academic literature and succeeded in retrieving a secret key protected with the commercial white-box cryptography implementation. This is the first report that succeeded to recover secret key protected with commercial white-box implementation to the best of my knowledge in this industry. In this talk, I would like to share how to recover the key protected with commercial white-box implementation and present security guides on applying white-box cryptography to services more securely. Sanghwan Ahn I am a senior security engineer currently working in the security department at LINE corp and mostly engaged in security assessment, security architecture design and development. I like to analyze the program and find vulnerabilities in it also, am interested in technology related to security. In recent years, I have been interested in white-box cryptography doing various researches such as implementation, cryptanalysis.
Unboxing The White-Box: Practical Attacks Against Obfuscated Ciphers
 
56:50
by Eloi Sanfelix & Job de Haas & Cristofaro Mune White-Box Cryptography (WBC) aims to provide software implementations of cryptographic algorithms that are resistant against an attacker with full access to the internals. Therefore, the key must remain secure even if the attacker is able to inspect and modify the execution of the cryptographic algorithm. This is often referred to as "security in the White-Box context." In a vanilla implementation of a cryptographic algorithm, access to intermediate results directly leads to extraction of the key. To achieve security in the white-box context, data encoding schemes and strong obfuscation are typically applied. This type of implementation is commonly seen in DRM systems, and is currently gaining momentum in the mobile payment market. Assessing the security of WBC implementations is a challenge both for evaluators and for WBC designers, as it often requires a powerful mix of reverse engineering and applied cryptanalysis skills. In this presentation, we show how attacks typically used to attack hardware cryptosystems can be ported to the white-box settings. We will introduce generic yet practical attacks on WBC implementations of the TDES and AES ciphers. Additionally, we will analyze the requirements for each attack and discuss potential countermeasures. We have applied these attacks to recover cryptographic keys from commercial as well as academic implementations. During the presentation, we will demonstrate several attacks on open source WBC implementations using custom tools. If you are tasked with evaluating the attack resistance of a WBC-based solution, this presentation will provide a better understanding of what White-Box Cryptography is and how to evaluate its robustness against different key extraction attacks. If you are a WBC designer, you will obtain a better understanding of what the most common weak points of such schemes are. Our results highlight the importance of evaluating WBC implementations with respect to these generic attacks in order to provide correct judgment about their level of security.
Views: 2426 Black Hat
Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough
 
55:28
Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. After an introduction to the concept of white-box cryptography, I will introduce a new approach to assess the security of white-box implementations which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly available (non-commercial) white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations. This work received the best paper award at the Conference on Cryptographic Hardware and Embedded Systems (CHES) 2016 and is joint work with Charles Hubain, Wil Michiels, and Philippe Teuwen.
Views: 688 Microsoft Research
How to Reveal the Secrets of an Obscure White-Box Implementation | Junwei Wang | RWC 2018
 
25:25
Technical talks from the Real World Crypto conference series.
Views: 658 Real World Crypto
10 - Demonstration of ASPIRE White-Box Cryptography Tools
 
07:14
In this movie, we present and demonstrate the white-box cryptography protection technique and tool to protect cryptographic keys. The technique was contributed by Nagravision, the tool support was co-implemented by Nagravision and Fondazione Bruno Kessler. The ASPIRE project has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 609734.
Vanishree Rao, PhD, Senior Cryptographer Intertrust Technologies  #blockchainwomen
 
02:49
Vanishree is passionate about identifying security pain points and designing, developing, and deploying security/cryptography solutions. At Intertrust Technologies currently her main focus areas are blockchain technologies, white box cryptography and digital rights management. Prior to Intertrust, she was a Research Scientist at Xerox PARC, where she worked on various government-funded as well as industry-need driven security projects. She obtained her PhD in Theoretical Cryptography from UCLA. Her advisor was Professor Amit Sahai, a world-renowned Cryptographer. She has worked on various areas in cryptography, including, zero-knowledge proofs, multi-party computation protocols, key exchange protocols and program obfuscation. For further info check out https://www.fintechsv.com
Differential Computation Analysis  Hiding your White Box Designs is Not Enough
 
21:01
Joppe W. Bos and Charles Hubain and Wil Michiels and Philippe Teuwen, CHES 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27856
Views: 421 TheIACR
Vanishree Rao PhD Senior Cryptographer Intertrust Technologies #cryptosecurity
 
03:51
Vanishree Rao PhD Senior Cryptographer Intertrust Technologies. She is passionate about identifying security pain points and designing, developing, and deploying security/cryptography solutions. At Intertrust Technologies currently her main focus areas are blockchain technologies, white box cryptography and digital rights management. Prior to Intertrust, she was a Research Scientist at Xerox PARC, where she worked on various government-funded as well as industry-need driven security projects. She obtained her PhD in Theoretical Cryptography from UCLA. Her advisor was Professor Amit Sahai, a world-renowned Cryptographer. She has worked on various areas in cryptography, including, zero-knowledge proofs, multi-party computation protocols, key exchange protocols and program obfuscation. For further info check out https://www.fintechsv.com
Area41 2018: Pascal Junod: Looking Into The White Box
 
48:41
Area41 security conference 2018: Pascal Junod: Looking Into The White Box
Views: 98 defconswitzerland
White-box 암호의 Trend 및 Use Cases : IDG Security World 2017
 
26:01
2017년 8월 30일, 서울 서초구 엘타워에서 개최된 IDG 주관 행사인 Security World 2017에서 삼성SDS의 조지훈 보안연구랩 랩장이 'White-box 암호의 Trend 및 Use Cases'를 주제로 발표를 진행했습니다.
Views: 209 SAMSUNG SDS
Easy to protect, difficult to hack. Learn how with Inside Secure Code Protection.
 
01:28
Inside Secure Code Protection & Whitebox is now integrated with the Qt framework IDE. Protecting your device secrets and your customers’ private data is now easier than ever. Join us and watch how quickly you can generate Whitebox keys to secure your device’s local storage. Whitebox technology also allows you to hide keys and certificates used for secure communications between devices and their cloud services. There’s no excuse not to protect your device from hackers.
Views: 136 InsideSecure
[WHIBOX 2016] Towards secure whitebox cryptography - Andrey Bogdanov
 
43:08
Whitebox cryptography aims to provide security for cryptographic algorithms in an untrusted environment where the adversary has full access to their implementation. This setting poses a fundamental challenge to security designers. Indeed, most whitebox solutions published to date have been practically broken. This talk will be three-fold. First, we will show new attacks on existing whitebox schemes which use techniques from symmetric-key cryptanalysis such as integral, differential and linear attacks. Second, we will give our novel approach to guaranteeing key extraction and decomposition security of whitebox encryption by essentially reducing it to the classical security of block ciphers such as AES in the standard black box setting. Next, we will present several families of whitebox schemes together with rigorous security analysis, detailed implementation study, and real-world applications.
Views: 339 ECRYPT
Whitebox Security - What We Do
 
02:29
Whitebox Security helps organizations identify and protect sensitive data against internal and external threats. Its comprehensive solutions protect structured, unstructured, and semistructured data across the data center and the cloud. Leveraging crowd-power, Whitebox ensures quick deployment, implementation, and long-term maintenance with minimal training. It lets organizations maintain complete secure data governance, tracking, understanding, and analyzing who, what, when, where, and how their information is being accessed while remaining in compliance with regulatory requirements, including Sarbanes-Oxley, HIPAA, PCI, ISO 27001/2, ISO 27799, among other regulations.
Views: 683 Whitebox Security
Software Side-Channel attack on AES - White Box Unboxing 4/4 - RHme3 Qualifier
 
07:49
Solving the AES whitebox crypto challenge without even touching crypto or AES. The tools: https://github.com/SideChannelMarvels Challenge: https://github.com/Riscure/Rhme-2017/tree/master/prequalifications/White%20Box%20Unboxing -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 7580 LiveOverflow
Cryptographic Key Protection
 
02:36
Watch the short video to learn: - How cryptographic keys are being used in a variety of applications - Techniques hackers are leveraging to steal keys - Arxan’s unique approach to key protection (that is available through Arxan – and IBM as well) https://www.arxan.com/technology/cryptographic-key-protection/
Views: 551 Arxan Technologies
Cryptography and Verification with Cryptol
 
56:49
Austin Seipp C◦mp◦se :: Conference http://www.composeconference.org/ February 5, 2016 Cryptographic primitives exist all through-out the modern software stack, yet their construction and composition is often delicate and error prone. Furthermore, specifications are often far removed from real implementations, and written in high level prose or pseudo-code - while we tend to implement such software in low-level, bug-prone programming languages. Cryptol is a domain-specific language, inspired by Haskell, designed for the construction and verification of cryptographic software. Cryptol programs often serve as ‘executable specifications’ of some design, yielding easy to understand programs that serve as excellent references. Furthermore, through a novel use of SAT-based verification tools, Cryptol can allow you to verify real world software conforms to the specification in an easy, automated fashion. This talk focuses on the relevant aspects of writing and using the Cryptol toolkit, including verification on real world cryptographic functions written in C and Java, along with some notes on its implementation.
Views: 1232 Compose Conference
White-box Cryptomania, Pascal Paillier
 
34:27
Invited talk by Pascal Paillier, presented at Asiacrypt 2017.
Views: 268 TheIACR
On Recovering Affine Encodings in White Box Implementations
 
20:39
Paper by Patrick Derbez, Pierre-Alain Fouque, Baptiste Lambin, Brice Minaud, presented at CHES 2018. See https://doi.org/10.13154/tches.v2018.i3.121-149
Views: 79 TheIACR
17 - Demonstration of Renewable White-Box Cryptography Tool Support
 
07:15
In this video, we present and demonstrate some of the functionality that ASPIRE has developed for deploying renewable white-box cryptography. With this protection, cryptographic primitives can be operated on keys without giving man-at-the-end attackers the opportunity to steal the keys. Moreover, by delivering the code and data implementing the primitives (and embedding the keys) at run-time, new keys can be delivered at any point in time. Automated scripts enable a server to generate and deliver those keys on demand. The ASPIRE project has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 609734.
Development and Implementation of HMAC in the Frame of the White-Box Cryptography Model
 
13:01
Any use of this material without the express consent of Positive Technologies is prohibited.
Разработка и реализация схемы хеширования HMAC в рамках модели White-box cryptography
 
13:01
Любое использование данного материала без прямого разрешения АО «Позитив Текнолоджиз» запрещено.
Bruce Schneier: Building Cryptographic Systems
 
11:20
Security guru Bruce Schneier talks with Charles Severance about security from the perspectives of both the National Security Agency and the National Institute of Standards and Technology. From Computer's April 2016 issue: www.computer.org/csdl/mags/co/2016/04/index.html. Subscribe to the Computing Conversations podcast on iTunes at https://itunes.apple.com/us/podcast/computing-conversations/id731495760.
Views: 2052 ieeeComputerSociety
Towards Practical Whitebox cryptography  Optimizing Efficiency and Space Hardness
 
28:35
Andrey Bogdanov and Takanori Isobe and Elmar Tischhauser. Talk at Asiacrypt 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27893
Views: 264 TheIACR
Efficient and Provable White Box Primitives
 
22:44
Pierre-Alain Fouque and Pierre Karpman and Paul Kirchner and Brice Minaud. Talk at Asiacrypt 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27872
Views: 206 TheIACR
TL;DR it's AES... - White Box Unboxing 2/4 - RHme3 Qualifier
 
19:08
Long story short, we reverse more and more of the binary and with some hints we realize, it's AES afterall. Challenge: https://github.com/Riscure/Rhme-2017/tree/master/prequalifications/White%20Box%20Unboxing -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 7643 LiveOverflow
Cryptography challenges in the IoT world
 
27:17
Sebastian Cogno (Swisscom) about Cryptography challenges in the IoT world. Recorded at the Software Circus Meetup Zürich - March 1, 2016. Sponsored by Container Solutions Switzerland - http://container-solutions.com
Views: 373 Software Circus
Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
 
27:34
Commented walkthrough of the security CTF Internetwache 2016. Crypto challenges. -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #CTF #Cryptography
Views: 12687 LiveOverflow
[WHIBOX 2016] Practical white-box topics: design and attacks I - Joppe Bos
 
32:03
In this first part of practical white-box topics presentation I will discuss the approach used in practice to convert standardized symmetric cryptographic primitives (AES and DES) into white-box implementations. Next, I will present a new way to perform security assessment on such white-box implementations. I will show how our open source plugins to widely available dynamic binary instrumentation frameworks can create software execution traces which contain information about the memory addresses being accessed during execution. Such software traces can be used in a differential computation analysis (DCA) attack to extract the secret embedded key by identifying secret-key dependent correlations. Finally, I will briefly discuss some ideas to counter such attacks.
Views: 179 ECRYPT
SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)
 
06:58
The first challenge I solved for the embedded hardware CTF by riscure. It implements a Secure Filesystem which prevents you from readeing files without knowing the correct token for a file. Load the challenge on your own board: https://github.com/Riscure/Rhme-2016 -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #CTF #Cryptography
Views: 15511 LiveOverflow
Kimchicon 2017 Session - Practical attacks on the white-box cryptography
 
54:08
Kimchicon 2017 Session - Practical attacks on the white-box cryptography and secure WBC implementation in your service 화이트박스 암호화는 일종의 난독화된 암호 알고리즘으로 디바이스의 모든 권한을 공격자가 가지고 있는 화이트박스 위협 모델에 대응하기 위해 고안되었습니다. 화이트박스 암호는 암호화에 사용되는 키를 보호하는데 초점이 맞춰져 있으며, 암호화키는 어떠한 경우에도 평문으로 노출되지 않습니다. 화이트박스 암호화는 하드웨어 의존적인 TEE(Trusted execution environment)와 달리 소프트웨어 기반으로 동작하므로, 디바이스/플랫폼에 대한 제한 없이 범용적으로 사용될 수 있는 장점이 있습니다. 학계에서 발표된 모든 화이트박스 암호화 알고리즘은 이미 깨졌지만 현재까지 상용화이트박스암호 솔루션에 대한 취약점은 보고되지 않았습니다. 보안 아키텍쳐를 설계하는 입장에서 단순히 공격 사례가 없었다는것으로 상용화이트 박스 암호 솔루션은 안전하다고 판단할 수 도 없었습니다. 게다가 어느정도의 보안 강도를 가지고 있는지 구체적으로 판단할 수 있는 자료와 어떻게 화이트박스를 구성하는것이 안전한지에 대한 가이드 라인도 없었습니다. 화이트박스 암호 알고리즘의 위협 모델(weak/strong stability)에 대해서 정확히 파악하지 않고 서비스에 적용했을 때, 여러가지 공격이 가능할 수 있기 때문에 위협 모델을 상세히 파악 하는것이 중요하다고 생각했고 화이트 박스 암호에 대한 조사를 시작했습니다. 이 발표에서 저는 화이트박스암호화 알고리즘을 깰 수 있는 현실적인 공격 방법들과 상용 화이트박스 암호 솔루션의 보안 강도/ 화이트박스 암호의 강점과 약점, 다양한 공격에 대항해서 암호키를 안전하게 보호할 수 있도록 시스템을 구성하는 방법에 대해서 이야기하려고합니다. Speaker : Sanghwan Awn - 라인의 시큐리티를 담당하고 있습니다. 주로 Application의 보안평가와 보안 아키텍쳐 설계 및 개발을 하고 있습니다. - 프로그램을 분석하고 취약점을 찾는것을 좋아합니다. 그리고 시큐리티와 관련된 기술에 관심이 많습니다. - 최근에는 화이트 박스 암호에 관심이 생겨, 화이트 박스 암호 구현, 분석, 공격 등의 여러가지 연구를 하고 있습니다.
Views: 254 KimchiCon
Jordi Ventanyol: Atacando implementaciones Whitebox Cryptography
 
03:04
Máster en Ciberseguridad: https://il3ciberseguridad.com/ En la presentación se introducirán los conceptos de Whitebox Cryptography a través de un ejemplo de implementación práctico del algoritmo simétrico AES. La charla se centrará luego en distintos tipos de ataques a dichas implementaciones Whitebox, especialmente en ataques de DFA (Differential Fault Analysis).
Breaking ECDSA (Elliptic Curve Cryptography) - rhme2 Secure Filesystem v1.92r1 (crypto 150)
 
08:19
We are going to recover a ECDSA private key from bad signatures. Same issue the Playstation 3 had that allowed it to be hacked. -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #CTF #Cryptography
Views: 32918 LiveOverflow
AppSecCali 2019 - Preventing Mobile App and API Abuse - Skip Hovsmith
 
52:35
Think a good user authentication solution is enough protection? Think again. Follow the ShipFast courier service’s evolving mobile app and API security approach as it beats back malicious ShipRaider. As ShipFast launches its mobile app with hidden API keys and OAuth2 user authorization, we'll start discussing the existing security threats and how to counter them. Along the way, TLS, certificate pinning, HMAC call signing, app hardening, white box crypto, app attestation and more will strengthen ShipFast's security posture, but ShipRaider will be working hard trying man in the middle attacks, app decompilation and debugging, exploit frameworks, and other reverse engineering techniques to keep exploiting ShipFast's API. This fast-paced overview of mobile attacks and counter-measures demonstrates the defense in-depth techniques required to protect your both your mobile apps and your API backends. You'll walk away with access to fully worked open source examples and some additional homework assignments if you want to go deeper. Skip Hovsmith Principal Engineer, CriticalBlue Skip Hovsmith is a Principal Engineer and VP Americas for CriticalBlue, working on securing API usage between mobile apps and backend services. Previously, Skip consulted with CriticalBlue customers on accelerating mobile and embedded software running on multicore and custom coprocessor. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
Views: 339 OWASP
Some failed attack ideas - White Box Unboxing 3/4 - RHme3 Qualifier
 
29:16
Exploring some of the notes and thoughts I had analyzing the whitebox crypto challenge. Challenge: https://github.com/Riscure/Rhme-2017/tree/master/prequalifications/White%20Box%20Unboxing -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 5852 LiveOverflow
Cryptography Tools
 
02:39
Cryptography Tools is an application that provides a range of encryption and decryption tools. It makes easy the encryption of text in any place and situation. It has a very useful floating tool mode. It is only about 2 MB. Suitable for learning, testing & applying. Features • Encryption • Hashing • Cipher • Symmetric • Encoding/Decoding • Tools Cryptographic functions Cipher : • Affine • Atbash • Baconian • Beaufort • Caesar • RailFence • ROT-13 • Scytale • Vigenere Base : • Base16 • Base32 • Base58 • Base64 • Base85 • Base91 Symmetric : • AES • DES • 3DES • RC4 Conversion : • Binary • Decimal • Hexadecimal • Octal Hash : • MD-2 • MD-5 • SHA-1 • SHA-3 • SHA-224 • SHA-256 • SHA-384 • SHA-512 • Keccak Encoding : • HTML Entities • URL Encoding • Morse Code Tools : • RSA Calculator • Reverse String Download : https://play.google.com/store/apps/details?id=id.web.luqman.dev.cryptographytools ----------------------------------------- https://luqman.web.id -----------------------------------------
Views: 103 Luqman Dev.
Property Developers Secrets Mastermind (PDSM) - White Box Property Solutions Ltd
 
05:11
Masterminding is a fantastic way to grow your business, no matter what you are doing. On the Property Developers Secrets Mastermind you will share your challenges with like minded people and overcome them together. Remember what other people are facing in the property journey might be what you will face in the future, so knowing how they overcame the challenge will help you grow faster.
IEEE Projects 2013 | White-Box Traceable Ciphertext-Policy Attribute-Based Encryption
 
13:08
IEEE Projects 2013 | White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures Including Packages ======================= * Base Paper * Complete Source Code * Complete Documentation * Complete Presentation Slides * Flow Diagram * Database File * Screenshots * Execution Procedure * Readme File * Addons * Video Tutorials * Supporting Softwares Specialization ======================= * 24/7 Support * Ticketing System * Voice Conference * Video On Demand * * Remote Connectivity * * Code Customization ** * Document Customization ** * Live Chat Support * Toll Free Support * Call Us:+91 967-778-1155 Visit Our Channel: http://www.youtube.com/clickmyproject Mail Us: [email protected]
Views: 97 ClickMy Project
"Homomorphic Encryption for Deep Learning: a Revolution..." by Pascal Paillier at COED Day
 
34:19
"Homomorphic Encryption for Deep Learning: a Revolution in the Making" by Pascal Paillier (CRX) Computation on Encrypted Data Industry Day (30th November 2018, Leuven)
How To Find Development Plots - 10 Expert Tips
 
24:56
Lloyd Girardi, Co-Founder of White Box Property Solutions and Jon McDermott of Town Planning Expert talk about their top 10 tips on finding property development opportunities.
How We Founded a Multi-Million Pound Property Development Company From Scratch
 
57:06
Want to hear how Andi Cooke & Lloyd Girardi started White Box Property Solutions together? In a short 4 years, at the time of recording, they have gone to create a multi-million portfolio from scratch, with none of their own money and little experience, along with growing families and busy schedules. We hope this informal chat inspires and encourages you to see how your next business partner can be closer than you think and see that developments can be done while raising a family and in a job. Here's what we cover: How Andi and Lloyd met How Lloyd created his first lighting business pre-White Box days How Andi's one-man band building business gave him the desire to change business model How they decided to join forces and begin their property investment business whilst Lloyd was still employed How the pair found their first development site via an auction Background and details on their first development site on St James Road, Northampton What education the pair undertook to learn how to look, find and development sites How the economic crash helped them buy the site The problems and obstacles in building the development Their experience in attending their first auction and how they won the site unconventionally How they got funding to buy the site within 30 days of sale agreed How they decreased the build time from 12 months in 7 months How they got 100% development finance The challenges after the site were built The benefits of keeping the houses to rent versus selling How they are building generational wealth...and how you can too Andi & Lloyd's #1 piece of advice: Our story is proof that even with no track record or money you can get into property development. We hope you enjoy this interview! Want to learn from us how to build developments the #whiteboxway? www.whiteboxps.com/educate
Candidate Indistinguishability Obfuscation and Functional Encryption for all circuits
 
01:03:08
In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C 0 and C 1 of similar size, the obfuscations of C 0 and C 1 should be computationally indistinguishable. In functional encryption, ciphertexts encrypt inputs x and keys are issued for circuits C . Using the key SK C to decrypt a ciphertext CT x =enc (x) , yields the value C(x) but does not reveal anything else about x . Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability obfuscation and functional encryption that supports all polynomial-size circuits. We accomplish this goal in three steps: We describe a candidate construction for indistinguishability obfuscation for NC 1 circuits. The security of this construction is based on a new algebraic hardness assumption. The candidate and assumption use a simplified variant of multilinear maps, which we call Multilinear Jigsaw Puzzles. We show how to use indistinguishability obfuscation for NC 1 together with Fully Homomorphic Encryption (with decryption in NC 1 ) to achieve indistinguishability obfuscation for all circuits. Finally, we show how to use indistinguishability obfuscation for circuits, public-key encryption, and non-interactive zero knowledge to achieve functional encryption for all circuits. The functional encryption scheme we construct also enjoys succinct ciphertexts, which enables several other applications. joint work with Sanjam Garg, Craig Gentry, Shai Halevi, Amit Sahai, Brent Waters
Views: 934 Microsoft Research
Crypto Tool
 
01:57
Views: 842 testingtbh
2018 EuroLLVM Developers’ Meeting: C. Hubain & C. Tessier “Implementing an LLVM based Dynamic ...”
 
40:22
http://llvm.org/devmtg/2018-04/ — Implementing an LLVM based Dynamic Binary Instrumentation framework - Charles Hubain, Quarkslab & Cédric Tessier, Quarkslab Slides: Coming soon — This talk will go over our efforts to implement a new open-source DBI framework based on LLVM. We have been using DBI frameworks in our work for a few years now: to gather coverage information for fuzzing, to break whitebox cryptography implementations used in DRM or to simply assist reverse engineering. However we were dissatisfied with the state of existing DBI frameworks: they were either not supporting mobile architectures, too focused on a very specific use cases or very hard to use. This prompted the idea of developing QBDI (https://qbdi.quarkslab.com), a new framework which has been in development for two years and a half. With QBDI we wanted to try a modern take on DBI framework design and build a tool crafted to support mobile architectures from the start, adopting a modular design enabling its integration with other tools and that was easy to use by abstracting all the low-level details from the users. During the talk, we will review the motivation behind the usage of a DBI. We will explain its core principle and the main implementation challenges we faced. We will share some lessons learned in the process and how it changed the way we think about dynamic instrumentation tools. — Videos Filmed & Edited by Bash Films: http://www.BashFilms.com
Views: 360 LLVM
Side Channel Timing Attack Demonstration
 
06:25
Demonstration of a timing-based side channel attack. This attack takes advantage of a known timing imbalance in the standard ANSI C memcmp function, in which it exits as soon as a compared byte does not match. This results in the function taking a longer time given the more bytes that match between the compared blocks of memory. As long as there's a measurable timing imbalance, a system can be exploited regardless of the particular compare process used. More hardware hacking projects and presentations can be found at http://www.grandideastudio.com/portfolio/security/ NOTE: I FAIL AT MATH! From 1:24-1:33 where I'm describing the maximum possible key press combinations for a 4-digit PIN with 4 choices each (4*4*4*4), I incorrectly state 1024 as the answer. That's not true. It's 256. Still, the timing attack is an extremely useful method to reduce the keyspace needed for a brute force attack.
Views: 4683 Joe Grand
White Box Property - A Reflection of the Bali Retreat 2017
 
05:51
In 2017, 10 delegates joined us in Bali for the Property Developers Retreat. We worked on their true values to help them achieve their ultimate goals and dreams. What some people didn't realise is their values were elsewhere than what they thought. In this video we reflect on the experience of the retreat. Maybe you can join us one year?
Supersingular isogeny based cryptography gets practical | Patrick Longa (Microsoft R.) | RWC 2018
 
15:40
Technical talks from the Real World Crypto conference series.
Views: 668 Real World Crypto