preview-image for Logo

Statistical Modelling of Timing Sidechannels

2. Dezember, 2021 #cryptography #embedded security #attacks

In this blog post we present a Bayesian statistical model to detect cryptographic timing attacks. This model is one of the results of a customer hardware assessment performed by the SCHUTZWERK GmbH. The assessment was performed in a gray box context, i.e., we were able to interact with the encryption hardware, but were not given any internal implementation details.

preview-image for BSidesMEsh21-logo-high.jpg


17. Juni, 2021 #news #sponsor #cryptography

SCHUTZ­WERK ist die­ses Jahr nicht nur Elb­si­des-Spon­sor, son­dern wird am 22. Juni 2021 um 16:10 Uhr auch einen Talk hal­ten. Das Thema un­se­res Kol­le­gen Dr. Hen­ning Kopp wird „Pad­ding Ora­cle At­tacks - The cri­ti­cal bug in your ho­me-bre­wed cryp­to pro­to­col“ sein.

preview-image for Logo

Attacking a random number generator

12. Oktober, 2020 #cryptography #attacks

In software dealing with security, randomness is often necessary to generate keys or tokens for resetting passwords or identifying sessions. There, randomness is required to be unpredictable for an attacker. However, sometimes developers do not use cryptographically secure pseudo random number generators (CSPRNG) in this scenario. Instead they utilize faster pseudorandom number generators (PRNG). Consequently, the question arises how hard it is to attack a common (not cryptographically secure) random number generator.

Kostenfreies Erstgespräch