THE KEY RECOVERY ATTACKS CRYPTOGRAPHY IMPLEMENTATIONS AGAINST COMMERCIAL WHITE BOX SANGHWAN AHN(H2SPICE), LINE CORPORATION
|
|
- Hillary Copeland
- 6 years ago
- Views:
Transcription
1 THE KEY RECOVERY ATTACKS AGAINST COMMERCIAL WHITE BOX CRYPTOGRAPHY IMPLEMENTATIONS SANGHWAN AHN(H2SPICE), LINE CORPORATION
2 AGENDA Introduction WHITE-BOX CRYPTOGRAPHY White-box Cryptanalysis Conclusion
3 INTRODUCTION
4 CRYPTO SYSTEM IN THE SOFTWARE
5 WHITE-BOX THREAT MODEL Binary is completely visible to an attacker Attacker has full access to the cryptography algorithm Attacker has full control over its execution environment Unlimited amount of queries
6 SECURE ELEMENT Trusted execution environment(tee) ARM Trustzone, Intel SGX, AMD Memory Encryption It s almost safe, but not many supported devices (mostly latest devices) White-box cryptography(wbc) All academic WBC solutions have been broken No attack has been observed to date on commercial WBC
7 WHITE-BOX CRYPTOGRAPHY
8 WHITE-BOX AES IMPLEMENTATION Key PlainText PlainText SubBytes ShiftRows WBC MixColumns AddRoundKey CipherText CipherText
9 KEY PARTIAL EVALUATION Key Input x Sbox ( x key ) Tbox
10 unsigned int Tboxes[9][16][256] = { /*First Round, K[0] is 0x6c*/ { 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xcf45458a, 0x10f9f9e9, 0x , 0x817f7ffe, 0xc , 0xd74d4d9a, 0x , 0x , 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0x , 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x , 0xad92923f, 0xbc9d9d21, 0x , 0x04f5f5f1, 0xf35151a2, 0xfea3a35d, 0xc , 0x8a8f8f05, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x , 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 0x , 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xf55353a6, 0x68d1d1b9, 0x , 0x2cededc1, 0x937171e2, 0x73d8d8ab, 0x , 0x3f15152a, 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 0x26ebebcd, 0x e, 0xcdb2b27f, 0x9f7575ea, 0x e, 0x , 0x9b80801b, 0x3de2e2df, 0x , 0xa , 0x0f05050a, 0xb59a9a2f, 0x0c040408, 0x52c7c795, 0x , 0x5ec3c39d, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x , 0x , 0xa96767ce, 0x7d2b2b56, 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 0x49cece87, 0xff5555aa, 0x , 0x7adfdfa5, 0xb69b9b2d, 0x221e1e3c, 0x , 0x20e9e9c9, 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa , 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x , 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, 0xc , 0xb , 0x772d2d5a, 0x110f0f1e, 0xdabfbf65, 0x31e6e6d7, 0xc , 0xb86868d0, 0x8f8c8c03, 0xf8a1a159, 0x , 0x170d0d1a, 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x , 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0xd , 0x , 0x01f6f6f7, 0x120e0e1c, 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 0xa , 0xa , 0x37e4e4d3, 0x8b7979f2, 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x3be0e0db, 0x , 0x4e3a3a74, 0x1e0a0a14, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x , 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0x32e7e7d5, 0x43c8c88b, 0x e, 0xb76d6dda, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 0xe15f5fbe, 0xa , 0xcc444488, 0x e, 0x4ccdcd81, 0x140c0c18, 0x , 0x2fececc3, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 0x , 0x7e2a2a54, 0xab90903b, 0x b, 0xa06060c0, 0x , 0xd14f4f9e, 0x7fdcdca3 },...
11 TABLE BASED AES IMPLEMENTATION ShiftRows T-Box AddRoundKey SubByte XOR Table MixColumns
12 EXAMPLE Reference :
13 ENCODING A * A -1 = I(identity matrix) IN A 0 A 0-1 A 2 A 2-1 A n-1-1 T 0 T 1 T 2 T n A 1 A 1-1 A 3 A n Obfuscated T 0` Obfuscated T 1` Obfuscated T 2` Obfuscated T n` A n -1 OUT
14 ENCODING A * A -1 = I(identity matrix) IN A 0 A 0-1 A 2 A 2-1 A n-1-1 Cancelled Cancelled Cancelled T 0 T 1 T 2 T n A 1 A 1-1 A 3 A n Cancelled A n -1 Cancelled OUT
15 NETWORK OF LOOK-UP TABLES
16 COMPARISON OF AES AND WB-AES Cryptographic key is not visible Cryptographic operations are obfuscated, randomized Key PlainText PlainText SubBytes ShiftRows WBC MixColumns AddRoundKey CipherText CipherText
17 WHITE-BOX CRYPTANALYSIS Academic WBC Implementations Karroumi's white-box AES implementation OpenWhiteBox Challenges in CTF Commercial WBC Implementations Simple cipher for performance Complex cipher for security
18 COMMERCIAL WHITE-BOX PRODUCTS Secret Key 4A 32 4D C E 6B 32 4D 4A 30 WB Engine It's very difficult to recover protected key to plain secret key Protected Key 49 D8 AD DC 2B AE 89 D1 EE 67 D0 5F CB F3 5C D B4 93 F1 63 D8 51 DC 58 BB DA E0 9A 60 0B 11 6E B9 53 0E 66 F AC 80 7D F7 DA 02 DF AE B4 5F 9E 7F C3 95 5B D6 7A 81 4E 75 7D CE A 5E D DA E0 2D 2B AE D8
19 POWER ANALYSIS Recode intermediate computation result And then compare it and subkey guessed PlainText Determine to point intermediate computation values and capture them Sbox ( x gkn ) 0.1 subkey guess Analysis trace1 trace2 trace3 trace4 trace5 trace CipherText
20 POWER ANALYSIS ON THE HARDWARE Typical example of a (hardware) power trace of an unprotected AES-128 implementation (one can observe the ten rounds) Reference : Joppe W. Bos et al. - Differential Computation Analysis: Hiding your White-Box Designs is Not Enough
21 POWER ANALYSIS ON THE HARDWARE Typical example of a (hardware) power trace of an unprotected AES-128 implementation (one can observe the ten rounds) Reference : Joppe W. Bos et al. - Differential Computation Analysis: Hiding your White-Box Designs is Not Enough
22 POWER ANALYSIS ON THE SOFTWARE Typical example of a portion of a serialized software trace of stack writes in an WBAES-128, with only two possible values: 0 or 1 Reference : Joppe W. Bos et al. - Differential Computation Analysis: Hiding your White-Box Designs is Not Enough
23 CORRELATION POWER ANALYSIS(CPA) The correlation between the sensitive data and the power consumption for the 256 key guesses for a single byte Reference : W. Hnath, J. Pettengill, Differential Power Analysis Side-Channel Attacks in Cryptography, Major Qualifying Project, Worcester Polytechnic Institute, April 2010
24 CORRELATION POWER ANALYSIS(CPA) The correlation between the sensitive data and the power consumption for the 256 key guesses for 16 byte Reference : W. Hnath, J. Pettengill, Differential Power Analysis Side-Channel Attacks in Cryptography, Major Qualifying Project, Worcester Polytechnic Institute, April 2010
25 Reference : Kevin Meritt, Differential Power Analysis attacks on AES CRYPTOGRAPHIC PRIMITIVE Typical example of a (hardware) power trace of an unprotected AES-128 implementation (one can observe the ten rounds)
26 SOFTWARE EXECUTION TRACE WITH DBI [.code execution] start_addr end_addr : c1b7 : c1d0 instruction info c1b7: mov eax, dword ptr [ebp + 8] c1ba: add dword ptr [ebx + 0x550], c1c1: mov edx, dword ptr [eax + 0x228] c1c7: mov edi, dword ptr [eax + 0x224] c1cd: mov dword ptr [ebp - 0x44], edx c1d0: jmp 0x400b3c1 [.mem read] code_addr : c1b7 mem_addr : beef7470 size : 4 data : 805b0204 [.mem read] code_addr : c1b7 mem_addr : beef7470 size : 4 data : 805b0204 [.mem read] code_addr : c1ba mem_addr : size : 4 data : 2f [.mem write] code_addr : c1ba mem_addr : size : 4 data : [.mem write] code_addr : c1c1 mem_addr : da8 size : 4 data : 347b0608 [.mem write] code_addr : c1c7 mem_addr : da4 size : 4 data :
27 VISUALIZED MAP OF OPEN-SOURCE WBAES-128 Time Memory Address Write Read Execution
28 VISUALIZED MAP OF OPEN-SOURCE WBAES-128 Time Memory Address Write Read Execution
29 WBAES-128 KEY RECOVERY WITH CPA rank 1 rank 2 rank 3 rank 4 rank 5 rank 6 rank 7 rank 8 rank 9 rank 10 key 1 0x2b ( ) 0x07 ( ) 0xc1 ( ) 0xee ( ) 0x08 (1.697) 0x0c ( ) 0x72 ( ) 0x2c ( ) 0x81 ( ) 0x0a ( ) key 2 0x7e ( ) 0x93 ( ) 0x06 ( ) 0x02 ( ) 0xa8 ( ) 0x54 ( ) 0x62 ( ) 0xb6 ( ) 0xe9 ( ) 0x86 ( ) key 3 0x15 ( ) 0xc8 ( ) 0xe4 ( ) 0x20 ( ) 0x92 ( ) 0x74 ( ) 0x1e ( ) 0x89 ( ) 0x43 ( ) 0xd6 ( ) key 4 0x16 ( ) 0xb5 ( ) 0x8f ( ) 0xbb ( ) 0x45 ( ) 0xe9 ( ) 0xcf ( ) 0xc2 ( ) 0x38 ( ) 0x6c ( ) key 5 0x28 ( ) 0x7d ( ) 0x5a ( ) 0xc9 ( ) 0x8e ( ) 0xfb (1.6714) 0xf3 ( ) 0x5b (1.6599) 0xaa ( ) 0x67 ( ) key 6 0xae (2.5603) 0x69 ( ) 0x8a ( ) 0xf5 ( ) 0xc4 ( ) 0xfe ( ) 0xa0 ( ) 0xe5 ( ) 0x98 (1.6579) 0xb8 ( ) key 7 0xd2 ( ) 0xb4 ( ) 0x5f ( ) 0xe0 ( ) 0xa1 ( ) 0x5a ( ) 0x8b ( ) 0x0b ( ) 0xcd ( ) 0x68 ( ) key 8 0xa6 ( ) 0x4b ( ) 0x9d ( ) 0x2d ( ) 0x01 (1.6456) 0x0d ( ) 0xbf ( ) 0xea ( ) 0xe7 ( ) 0x3e ( ) key 9 0xab (2.4717) 0x1d (1.7161) 0xc9 ( ) 0xe5 ( ) 0x7c ( ) 0x77 ( ) 0x2f ( ) 0xc4 ( ) 0xa1 ( ) 0x60 ( ) key 10 0xf7 ( ) 0xb8 ( ) 0xa4 ( ) 0x76 ( ) 0xc4 ( ) 0x17 ( ) 0xea ( ) 0xbe ( ) 0x8b (3.3548) 0x97 ( ) key 11 0x15 ( ) 0x16 ( ) 0xb6 ( ) 0x69 ( ) 0xbe ( ) 0x7b ( ) 0x41 (1.6857) 0x2f ( ) 0x91 ( ) 0x22 ( ) key 12 0x88 (2.8446) 0x3c ( ) 0xe4 ( ) 0x52 ( ) 0x79 ( ) 0x08 ( ) 0xb9 ( ) 0x40 ( ) 0x42 ( ) 0xb5 ( ) key 13 0x09 ( ) 0x96 ( ) 0xf2 ( ) 0xb4 ( ) 0x0d ( ) 0x6d ( ) 0x3f ( ) 0xaf ( ) 0x78 ( ) 0xe6 ( ) key 14 0xcf (2.3232) 0x19 ( ) 0x9a ( ) 0x3d ( ) 0x03 ( ) 0xe2 ( ) 0x07 ( ) 0xd2 ( ) 0x6f ( ) 0xca ( ) key 15 0x4f ( ) 0xd7 ( ) 0xce ( ) 0xad ( ) 0x45 ( ) 0x0e ( ) 0x62 ( ) 0x76 ( ) 0xc0 ( ) 0x48 ( ) key 16 0x3c ( ) 0x97 ( ) 0xa7 ( ) 0x5d ( ) 0x02 ( ) 0xea ( ) 0x07 ( ) 0x7e ( ) 0xe6 (1.6479) 0x29 ( )
30 VISUALIZED MAP OF SIMPLE-CIPHER Time Memory Address Write Read Execution
31 VISUALIZED MAP OF SIMPLE-CIPHER Time Memory Address the round pattern not found
32 TAINT ANALYSIS Object A Object B
33 TAINT ANALYSIS - PLAINTEXT TRACE Cryptographic primitive
34 TAINT ANALYSIS FOR SIMPLE-CIPHER 0x : (in /lib/i386-linux-gnu/libc-2.21.so) 0x42B34AE: (in /lib/i386-linux-gnu/libc-2.21.so) 0x42B34B3: (in /lib/i386-linux-gnu/libc-2.21.so) 0x42B34B8: (in /lib/i386-linux-gnu/libc-2.21.so) 0x42B34BD: (in /lib/i386-linux-gnu/libc-2.21.so) 0x8181ABA: (in Commercial-SimpleWB-AES) 0x8181AC4: (in Commercial-SimpleWB-AES) 0x8181ACC: (in Commercial-SimpleWB-AES) 0x8181AD0: (in Commercial-SimpleWB-AES) 0x8181AE0: (in Commercial-SimpleWB-AES) 0x8181AE4: (in Commercial-SimpleWB-AES) 0x8181AEE: (in Commercial-SimpleWB-AES) 0x8181AF2: (in Commercial-SimpleWB-AES) 0x8181B04: (in Commercial-SimpleWB-AES) 0x8181B08: (in Commercial-SimpleWB-AES) 0x8181B10: (in Commercial-SimpleWB-AES) 0x8181B14: (in Commercial-SimpleWB-AES) 0x8181B24: (in Commercial-SimpleWB-AES) 0x8181B28: (in Commercial-SimpleWB-AES) 0x8181B32: (in Commercial-SimpleWB-AES) Cryptographic primitive
35 VISUALIZED MAP OF SIMPLE-CIPHER Time Memory Address Write Read Execution
36 CPA ON THE SIMPLE-CIPHER rank 1 rank 2 rank 3 rank 4 rank 5 rank 6 rank 7 rank 8 rank 9 rank 10 key 1 0x4a ( ) 0x6b( ) 0xbe( ) 0x1e( ) 0x2e( ) 0x35( ) 0x65( ) 0x92( ) 0x1d( ) 0x58( ) key 2 0x32 ( ) 0xd0( ) 0xe8( ) 0xcc( ) 0x78( ) 0xdf( ) 0x17( ) 0x64( ) 0x79( ) 0x8a( ) key 3 0x4d ( ) 0xcc( ) 0x23( ) 0x91( ) 0xb9( ) 0xb3( ) 0x4e(3.2596) 0xa2( ) 0x8f( ) 0x04( ) key 4 0x72 ( ) 0x38( ) 0xdf(3.3211) 0x2f( ) 0xae( ) 0xa1( ) 0xf8( ) 0xd3( ) 0x1b( ) 0x8b( ) key 5 0x39 (4.1895) 0xc4( ) 0xbb( ) 0x8b( ) 0x7c( ) 0x8e( ) 0x13( ) 0x69(3.299) 0x9e( ) 0x89( ) key 6 0x33 ( ) 0x2d( ) 0xa8( ) 0xb8( ) 0x72( ) 0x48( ) 0x96( ) 0x4d( ) 0x23( ) 0x9a( ) key 7 0x33 ( ) 0xda( ) 0xc8( ) 0x23( ) 0x5f( ) 0x17( ) 0xd3( ) 0xe6( ) 0x64( ) 0x85( ) key 8 0x6c ( ) 0x21( ) 0xba(3.3402) 0xb3( ) 0x65( ) 0xaf( ) 0x1f( ) 0x61( ) 0x44( ) 0xc6( ) key 9 0x61 ( ) 0x8d( ) 0x68( ) 0x5f( ) 0x1e( ) 0xeb( ) 0x96( ) 0x13( ) 0x0c( ) 0xc0( ) key 10 0x54 ( ) 0x42( ) 0xd6( ) 0x5d( ) 0x3f(3.3665) 0xbc( ) 0x3a( ) 0xed( ) 0x2d( ) 0x14(3.3029) key 11 0x4e ( ) 0x74( ) 0x39( ) 0xee( ) 0x52( ) 0x68( ) 0x7b( ) 0x1a( ) 0x30( ) 0x16( ) key 12 0x6b ( ) 0xab( ) 0x28( ) 0xbc( ) 0xc1( ) 0x02( ) 0x07( ) 0x13( ) 0x75( ) 0xc0( ) key 13 0x32 ( ) 0x15( ) 0x72( ) 0xe9( ) 0x88( ) 0x52( ) 0x95( ) 0x6c( ) 0x2d( ) 0xc7( ) key 14 0x4d (3.4734) 0x7d( ) 0xcd( ) 0x8e( ) 0x5f( ) 0x0b( ) 0x10( ) 0xee( ) 0x7b(3.2615) 0x1a( ) key 15 0x4a ( ) 0x0a( ) 0x89( ) 0xaf( ) 0xf0(3.2857) 0xf1( ) 0xcd( ) 0x48( ) 0xc8( ) 0x87( ) key 16 0x30 ( ) 0xc0( ) 0xce(3.3276) 0x2c( ) 0xe9( ) 0x7b( ) 0x8f( ) 0x4e( ) 0x1c( ) 0xd6( )
37 VISUALIZED MAP OF COMPLEX-CIPHER Time Memory Address Write Read Execution
38 PLAINTEXT TRACE ON THE COMPLEX-CIPHER Plaintext Ciphertext
39 REVERSE ENGINEERING FOR COMPLEX CIPHER
40
41 COMPLEX-CIPHER CONTROL FLOW Function A Plaintext Function B Repeats many times Ciphertext
42 WHITE-BOX TABLE IN COMPLEX-CIPHER
43 FAULT ANALYSIS Modify intermediate data Record changes to the output Compare incorrect result and correct result PlainText PlainText Modify intermediate computation value CipherText(wrong) Compare correct and incorrect result CipherText(correct)
44 DIFFERENTIAL FAULT ANALYSIS(DFA) After ShiftRow9 87 F2 4D 97 6E 4C 90 EC 46 E7 4A C3 A6 8C D8 95 Fault injected 1E 99 F2 4D 97 6E 4C 90 EC 46 E7 4A C3 A6 8C D8 95 After Mixcolumns 7B C 29 D4 70 9F 8A E4 3A 42 CF A5 A6 BC K9 AC FA D1 5C 66 D F E After AddRoundKey9 D7 59 8B 1B 5E 2E A1 C3 EC C 84 E7 D2 After SubBytes10 0E C 3D AF E CE 07 7D 2C EB 5F 94 B5 After ShiftRows10 0E C 3D AF E 58 7D 2C CE 07 B5 EB 5F 94 K10 D0 C9 E1 B6 14 EE 3F 63 F9 25 0C 0C A8 89 C8 A6 Input = 3243F6A8885A308D313198A2E Cipher Key = 2B7E151628AED2A6ABF CF4F3C Output= D02DC09FBDC A0B32 = Output with faults DE 02 D D 11 3B C2 0B 1D Output without fault D D 11 6A B 1D FB Reference : P. Dusart, G. Letourneux and O. Vivolo, Differential Fault Analysis on A.E.S., Cryptology eprint Archive of IACR, No. 010, 2003
45 DIFFERENTIAL FAULT ANALYSIS(DFA) After ShiftRow9 87 F2 4D 97 6E 4C 90 EC 46 E7 4A C3 A6 8C D8 95 Fault injected 1E 99 F2 4D 97 6E 4C 90 EC 46 E7 4A C3 A6 8C D8 95 After Mixcolumns 7B C 29 D4 70 9F 8A E4 3A 42 CF A5 A6 BC K9 AC FA D1 5C 66 D F E After AddRoundKey9 D7 59 8B 1B 5E 2E A1 C3 EC C 84 E7 D2 After SubBytes10 0E C 3D AF E CE 07 7D 2C EB 5F 94 B5 After ShiftRows10 0E C 3D AF E 58 7D 2C CE 07 B5 EB 5F 94 K10 D0 C9 E1 B6 14 EE 3F 63 F9 25 0C 0C A8 89 C8 A6 Input = 3243F6A8885A308D313198A2E Cipher Key = 2B7E151628AED2A6ABF CF4F3C Output= D02DC09FBDC A0B32 = Output with faults DE 02 D D 11 3B C2 0B 1D Output without fault D D 11 6A B 1D FB = Error E Reference : P. Dusart, G. Letourneux and O. Vivolo, Differential Fault Analysis on A.E.S., Cryptology eprint Archive of IACR, No. 010, 2003
46 DIFFERENTIAL FAULT ANALYSIS(DFA) After ShiftRow9 87 F2 4D 97 6E 4C 90 EC 46 E7 4A C3 A6 8C D8 95 Fault injected 1E 99 F2 4D 97 6E 4C 90 EC 46 E7 4A C3 A6 8C D8 95 After Mixcolumns 7B C 29 D4 70 9F 8A E4 3A 42 CF A5 A6 BC K9 AC FA D1 5C 66 D F E After AddRoundKey9 D7 59 8B 1B 5E 2E A1 C3 EC C 84 E7 D2 After SubBytes10 0E C 3D AF E CE 07 7D 2C EB 5F 94 B5 After ShiftRows10 0E C 3D AF E 58 7D 2C CE 07 B5 EB 5F 94 K10 D0 C9 E1 B6 14 EE 3F 63 F9 25 0C 0C A8 89 C8 A6 Input = 3243F6A8885A308D313198A2E Cipher Key = 2B7E151628AED2A6ABF CF4F3C Output= D02DC09FBDC A0B32 = Output with faults DE 02 D D 11 3B C2 0B 1D Output without fault D D 11 6A B 1D FB E Error Reference : P. Dusart, G. Letourneux and O. Vivolo, Differential Fault Analysis on A.E.S., Cryptology eprint Archive of IACR, No. 010, 2003
47 WHITE-BOX TABLE IN COMPLEX-CIPHER
48 WHITE-BOX TABLE IN COMPLEX-CIPHER
49 WHITE-BOX TABLE IN COMPLEX-CIPHER 1byte flip;0xbd!0x34
50 FAULTY CIPHERTEXT testtesttesttest 6CB721A5633DFD7F94A normal cipher-text testtesttesttest FF1E4C03844DD800CE9CF34C6B7EEAE8 faulty cipher-text
51 DFA ON COMPLEX-CIPHER Plaintext(in hex) Correct ciphertext 0x x6CB721A5633DFD7F94A Good faulty ciphertexts Final round key 0x8EB721A5633DFDB794A61E x6CD921A5113DFD7F94A x6CB740A563C5FD7F8BA A8 0x6CB DA97F94A447453D other 625 good faulty ciphertext 0x5CB2FAF4F3FB94543BFA87DFE92660FC
52 DFA ON COMPLEX-CIPHER Final round key Round 9 key Round 8 key Round 7 key Round 6 key Round 5 key Round 4 key Round 3 key Round 2 key Round 1 key Secret key 0x5CB2FAF4F3FB94543BFA87DFE92660FC 0xEC26DC41AF496EA0C801138BD2DCE723 0x36991EE3436FB2E167487D2B1ADDF4A8 0x9C3EF21C75F6AC022427CFCA7D xEB64C9D7E9C85E1E51D163C859B x305BC5E702AC97C9B8193DD xFAF69E0032F7522EBAB5AA1FB07A1857 0x78C1CC67C801CC2E8842F8310ACFB248 0x21177A74B0C F828D4A79 0xA8E D77A3DF C2CE7E66 0x4A324D C61544E6B324D4A30
53 CONCLUSION
54 THE WAY TO USE WBC SAFER IN APPS Be sure to keep basic rules No single key for everything No hardcoded key(protected key) No static IV External encoding Asymmetric crypto algorithm based on WBC RSA, Elliptic curves, Diffie Hellman Tamper resistant embedded integrity checksums Cryptographic key device binding device identifier + user identifier + external identifier(e,g, pin, biometric)
55 EXTERNAL ENCODING Sender Input Encode the input First round White-box Decode the input Final round Encode the output Decode the output Output Receiver
56 CRYPTOGRAPHIC KEY DEVICE BINDING Device identifier User identifier External identifier(e,g, pin, biometric)
57 FUTURE WORKS White-box version of crypto libraries Retrieve a master key embedded white-box engine Since the vulnerabilities have already been fixed, I will focus on finding other vulnerability.
58 THANK YOU
Technical Specification. Third Party Control Protocol. AV Revolution
Technical Specification Third Party Control Protocol AV Revolution Document AM-TS-120308 Version 1.0 Page 1 of 31 DOCUMENT DETAILS Document Title: Technical Specification, Third Party Control Protocol,
More informationKeywords: CRC, CRC-7, cyclic redundancy check, industrial output, PLC, programmable logic controller, C code, CRC generation, microprocessor, switch
Keywords: CRC, CRC-7, cyclic redundancy check, industrial output, PLC, programmable logic controller, C code, CRC generation, microprocessor, switch APPLICATION NOTE 6002 CRC PROGRAMMING FOR THE MAX14900E
More informationChapter 2: Secret Key
Chapter 2: Secret Key Basics Block or Stream? Secret Key Methods Salting AES Key Entropy Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption Conclusion Encryption
More informationCTT MODBUS-RTU COMMUNICATION PROTOCOL TEMPERATURE MONITOR DEVICE
INSTRUCTION MANUAL IM149-U v0.92 CTT MODBUS-RTU COMMUNICATION PROTOCOL TEMPERATURE MONITOR DEVICE Firmware version: v3.0 or higher MODBUS PROTOCOL Modbus is a master-slave communication protocol able to
More informationimetos LoRa Data payload structure
imetos LoRa Data payload structure Pessl Instruments, GmbH Version 1.0, 06-2018 Content 1. SCOPE OF THIS DOCUMENT... 2 2. PARSING THE DATA FROM THE PAYLOAD VERSUS API DATA ACCESS... 3 3. IMETOS LORA FIRMWARE
More informationGNetPlus Communication Protocol
Basic Package (BINARY VERSION) Master Query Package (HOST) Field Header Address Query Function Data length DATA BYTES Error Check Desc SOH 0~255 0~255 0~255 CRC16_Low CRC16_Hi Size 1 BYTE 1 BYTE 1 BYTE
More informationSigned/Unsigned Integer Arithmetic in C. Vineel Kovvuri
Signed/Unsigned Integer Arithmetic in C Vineel Kovvuri http://vineelkovvuri.com Contents 1 Introduction 2 2 How signed-ness is represented in the hardware? 2 3 How signed-ness is interpreted in assembly?
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationMCW Application Notes 24 th February 2017
MCW Application Notes 24 th February 2017 www.motorcontrolwarehouse.co.uk Document number MCW-HEDY-001 Revision 0.1 Author Gareth Lloyd Product HEDY HD700 Title Summary HEDY HD700 Modbus Serial Communications
More informationvariable 1. Start of Packet - is used to provide synchronization when parsing packets. Always 0xFC
DreamScreen V2 WiFi UDP Protocol The DreamScreen-WiFi platform uses UDP unicasting and broadcasting over the WLAN to provide communication. Port 8888 is used for both sending and receiving. The DreamScreen
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 64
More informationRS232C Serial Interface for Pirani Diaphragm and Pirani Standard Gauges. Caution. binary 8 data bits 1 stop bit no parity bit no handshake
General Information The Serial Interface allows the communication of the digital Agilent Pirani Capacitance Diaphragm Gauges (PCG-750, PCG-752) and the digital Agilent Pirani Standard Gauges (PVG-550,
More informationMTR-4. C8 Command to MODBUS Bridge User Manual F-1, No. 631, Chung Der Road, Sec 1, Taichung Taiwan.
MTR-4 C8 Command to MODBUS Bridge User Manual 404 19F-1, No. 631, Chung Der Road, Sec 1, Taichung Taiwan. TEL:886-4-2238-0698 FAX:886-4-2238-0891 Web Site:http://www.monicon.com.tw E-mail: sales@monicon.com.tw
More informationDULCOMETER Multi-parameter Controller dialog DACa
Software manual DULCOMETER Multi-parameter Controller dialog DACa Modbus RTU EN Valid only in combination with the operating instructions for the Multi-parameter Controller dialog DACa. A2100 Please carefully
More informationvariable 1. Start of Packet - is used to provide synchronization when parsing packets. Always 0xFC
DreamScreen V2 WiFi UDP Protocol Rev 2 The DreamScreen-WiFi platform uses UDP unicasting and broadcasting over the WLAN to provide communication. Port 8888 is used for both sending and receiving. The DreamScreen
More informationTLS 1.2 Protocol Execution Transcript
Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since
More informationSIMCom_3G_CSD_Application Note_V1.00
SIMCom_3G_CSD_Application Note_V1.00 Document Title: SIMCom_3G_CSD_Application Note Version: 1.00 Date: Status: Document Control ID: Release SIMCom_3G_CSD_Application Note_V1.00 General Notes SIMCom offers
More information//
----------------------------------------------------------------------------------- Filename: FixedMath.h ----------------------------------------------------------------------------------- -----------------------------------------------------------------------------------
More informationRS232C / RS485C Serial Interface for Cold Cathode and Cold Cathode Pirani Gauges
Communication Protocol RS232C / RS485C Serial Interface for Cold Cathode and Cold Cathode Pirani Gauges MAG500, MAG504 MPG500, MPG504 tira83e1-a (2017-06) 1 General Information The Serial Interface allows
More informationDMTME Multimeters. Communication protocol. Technical specification V1.2 ABB
DMTME Multimeters Communication protocol ABB 1 Setting up DMTME serial communication.3 1.1 Serial network ID programming...3 1.2 RS-485 communication interface...3 1.3 Serial line connection...3 2 Communication
More informationTBS Unify Pro / SmartAudio
TBS Unify Pro / SmartAudio 02.12..2017 Revision 08 SmartAudio uses single wire half duplex communication based on UART. In Idle mode both host and VTX define the SmartAudio pin as input. If the host want
More informationEthernet to Digital I/O and Analog Input. (Model: IP-IO)
Ethernet to Digital I/O and Analog Input (Model: IP-IO) Feature: Operation voltage : DC 7V ~ 36V. Analog Interface: Interface : 3.3V levels compatibility. Resolution : 16-bits Σ-Δ A/D converters. Accuracy
More informationModbus Protocol Guide for ZP2 Series Control Panels
Modbus Protocol Guide for ZP2 Series Control Panels P/N 00-3243-505-2603-01 ISS 14DEC15 Copyright Trademarks and patents Manufacturer Version REV 01 Certification 2015 UTC Fire & Security. All rights reserved.
More informationDiagnostic Port Serial Interface for Capacitance Diaphragm Gauges
Communication Protocol Diagnostic Port Serial Interface for Capacitance Diaphragm Gauges CDG025D-X3 4-20 ma Current Loop Stripe CDG045Dhs Stripe CDG100Dhs tira84e1 (2017-05) 1 General Information The Diagnostic
More informationHighlights. FP51 (FPGA based 1T 8051 core)
Copyright 2017 PulseRain Technology, LLC. FP51 (FPGA based 1T 8051 core) 10555 Scripps Trl, San Diego, CA 92131 858-877-3485 858-408-9550 http://www.pulserain.com Highlights 1T 8051 Core Intel MCS-51 Compatible
More informationRS232C / RS485C Serial Interface for Pirani Capacitance Diaphragm and Pirani Standard Gauges
Communication Protocol RS232C / RS485C Serial Interface for Pirani Capacitance Diaphragm and Pirani Standard Gauges PCG550, PCG552, PCG554 PSG550, PSG552, PSG554 RS485C RS232C tira59e1-a (2017-04) 1 General
More informationRS-232 Control of the Advantage EQ281/8, EQ282/8 and Advantage SMS200
RS-232 Control of the Advantage EQ281/8, EQ282/8 and Advantage SMS200 Biamp Systems, 14130 N.W. Science Park, Portland, Oregon 97229 U.S.A. (503) 641-7287 an affiliate of Rauland-Borg Corp. Introduction
More informationAPPENDIX- A REFERENCE IMPLEMENTATION OF BSF-128 ===============================================================
APPENDICES A p p e n d i c e s P a g e 144 A p p e n d i c e s P a g e 145 APPENDIX- A REFERENCE IMPLEMENTATION OF BSF-128 =============================================================== REFERENCE IMPLEMENTATION
More informationHeat meter PolluStat M-bus communication protocol description
Heat meter PolluStat M-bus communication protocol description 1 1. General structure of protocol 1.1. General features of protocol Meter uses a M-bus protocol. Default baud rate: 2400 bps, Even, 1 Stop.
More informationInput Channels: 4 differential or four single-ended. Address / Baud rate / range configurable by the user
DAM-Series User Manual Amazing Electronic (HK) Limited User s Manual Overview: DAM module is a new generation data acquisition and control system based on modular embedded systems. Adopting standard DIN35
More informationCSEE bit AES decryption. Shrivathsa Bhargav Larry Chen Abhinandan Majumdar Shiva Ramudit. Spring 2008 Project Design Document
CSEE 4840 128-bit AES decryption Shrivathsa Bhargav Larry Chen Abhinandan Majumdar Shiva Ramudit Spring 2008 Project Design Document CSEE 4840 Table of contents Abstract 1 1. Introduction 1 2. Hardware
More informationVerve IPAC Plug-in Wireless AC Module. Software Setup 3. DolphinView Software 3. Preparations 4 Transmit LINK Signals 4.
Verve IPAC Plug-in Wireless AC Module Wireless Linking & Configuration Guide Table of Contents IPAC Configuration Settings 2 Configuration Settings Reference Table 2 Software Setup 3 DolphinView Software
More informationA Specification for Rijndael, the AES Algorithm
A Specification for Rijndael, the AES Algorithm 1. Notation and Conventions 1.1 Rijndael Inputs and Outputs The input, output and cipher key for Rijndael are sequences containing 128, 160, 192, 224 or
More informationMahesh V. Tripunitara and Samuel S. Wagsta, Jr. COAST Laboratory. Purdue University. COAST TR-98/01.
The Compression Functions of SHA, MD, MD4 and MD5 are not Ane Mahesh V. Tripunitara and Samuel S. Wagsta, Jr. COAST Laboratory Purdue University West Lafayette, IN 47907-198 ftripunit,sswg@cs.purdue.edu
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationIntro (with some history) Issues ow, ow, ow, ow, ow, ow, ow, ow, Disclosure/Timeline CHIASMUS cipher
Intro (with some history) Issues ow, ow, ow, ow, ow, ow, ow, ow, Disclosure/Timeline CHIASMUS cipher We made this: Erik Tews, Julian Wälde, and me independent discovery by Felix Schuster ECB first discovered
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationControl Flow Integrity with ptrace()
Control Flow Integrity with ptrace() Sebastian Krahmer krahmer@suse.de May 18, 2006 Abstract Control Flow Integrity (CFI) is a new technology to ensure a certain execution flow of a program. One of its
More informationSecurity Analysis of Lightweight Authentication Protocol from WISTP ,2) P, Xiao FuP P, Chen Dan-weiP P, Wang Ru-chuanP
P P P Security Analysis of Lightweight Authentication Protocol from WISTP 23,2,3),2),2),2) Wang Shao-HuiP P, Xiao FuP P, hen Dan-weiP P, Wang Ru-chuanP P 2) ) P(ollege of omputer, Nanjing University of
More informationAquaCER with TTL OUTPUT
INSTRUCTION MANUAL AquaCER with TTL OUTPUT DESCRIPTION: The AquaCER TTL is a hydrostatic pressure transmitter, with a capacitive ceramic sensor, and can withstand very high burst pressures. The applied
More informationDifferential Computation Analysis Hiding your White-Box Designs is Not Enough
Differential Computation Analysis Hiding your White-Box Designs is Not Enough Joppe W. Bos Summer school on real-world crypto and privacy Šibenik, Croatia 1. NXP Semiconductors Operations in > 35 countries,
More informationon a 35 mm top-hat rail (in accordance with DIN EN TH35) Ambient temperature Operation: C Storage: C
Data sheet PCD1.B1020-A20 E-Line RIO 16DI, 4Rel Starting with FW 1.08.xx The L-Serie E-Line RIO modules are controlled via the RS-485 serial communication protocols S-Bus and Modbus for decentralised automation
More informationRequest for Comments: XXXX November Registration of a Georgian Character Set draft-giasher-geostd8-00.txt
Internet draft Gia Shervashidze Network Working Group Georgian Internet Avenue Request for Comments: XXXX November 2001 Registration of a Georgian Character Set draft-giasher-geostd8-00.txt Status of this
More informationM2M/DMTME Instruments Communication protocol. Technical specification V.2.1 2CSG445011D0201
M2M/DMTME Instruments Communication protocol 2CSG445011D0201 1 Setting up M2M/DMTME serial communication... 3 1.1 Serial network ID programming... 3 1.2 RS-485 communication interface... 3 1.3 Serial line
More informationSXH Protocol by Spinel Version 3.0 Date:
SXH Protocol by Spinel Version 3.0 Date:.8 Revision History Vision Date Description V.0 V.0 V3.0 September, 6 December, 6 April, 8 Initial release Added LED control, OSD, Cmd 0x30 Added all ratio image
More informationDifferential Computation Analysis Hiding your White-Box Designs is Not Enough. Joppe W. Bos
Differential Computation Analysis Hiding your White-Box Designs is Not Enough Joppe W. Bos 1. Who am I Finished PhD@laboratory for cryptologic algorithms at EPFL, Lausanne, Switzerland under supervision
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationJDICON 400/500 JDICON 401/501. B Interface Description. Universal process controller
JDICON 400/500 Universal process controller JDICON 401/501 Universal profile controller Universal profile generator B 70.3570.2 Interface Description 10.99/00371593 Contents 1 Introduction 5 1.1 Preface...
More informationRS-232 Control of the Advantage DRI
RS-232 Control of the Advantage DRI Biamp Systems, 14130 N.W. Science Park, Portland, Oregon 97229 U.S.A. (503) 641-7287 an affiliate of Rauland-Borg Corp. Introduction This document contains technical
More informationPrimitive Specification for SSS Philip Hawkes, Michael Paddon, Gregory G. Rose, Miriam Wiggers de Vries
Primitive Specification for SSS Philip Hawkes, Michael Paddon, Gregory G. Rose, Miriam Wiggers de Vries {phawkes,mwp,ggr,miriamw}@qualcomm.com Qualcomm Australia Level 3, 230 Victoria Rd Gladesville NSW
More informationID: Sample Name: Q3dY56x3hp Cookbook: defaultlinuxfilecookbook.jbs Time: 04:08:56 Date: 21/08/2018 Version:
ID: 73304 Sample : Q3dY56x3hp Cookbook: defaultlinuxfilecookbook.jbs Time: 04:08:56 Date: 21/08/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationThe Roboteq Modbus Implementation User Manual
The Roboteq Modbus Implementation User Manual V1.1, December 21, 2017 Visit www.roboteq.com to download the latest revision of this manual Copyright 2017 Roboteq, Inc Copyright Roboteq Inc. 2018. All Rights
More information// and verify that there is a sine wave with frequency <FREQUENCY> and
F330DC_IDA0_SineWave.c Copyright 2006 Silicon Laboratories, Inc. http:www.silabs.com Program Description: This program outputs a sine wave using IDA0. IDA0's output is scheduled to update at a rate determined
More informationHDLC BCC 15.1 Data Link Protocol Description
Data Link Protocol Description by Daniel L. Henry Revision 1.1 October 9, 2011 Copyright 2000-2011 by Daniel L. Henry Revision History Rev. Date Changed By Reason for Change 1.0 5/9/03 Dan L. Henry Made
More informationSpecifiche generali protocollo MODBUS-RTU Rev. 10 (inglese) REVISIONS
Modbus-RTU Protocol (Mach Smart / Smart Più) Page 1 of 18 Specifiche generali protocollo MODBUS-RTU Rev. 10 (inglese) Written: U. T. ing. M. Bandini / A. Sangiorgi Verified: A. Q. sig. F. Adinolfi Approved:
More information1 SETTING UP GENERAL FUNCTION TYPE PROTOCOL MESSAGES COMMAND RETURN CODES... 6 TRANSACTION EXAMPLES...
1 SETTING UP... 3 1.1 RS232 CONTROL CABLES...3 1.2 RS232 SETTINGS...3 2 GENERAL... 4 3 FUNCTION TYPE... 4 4 PROTOCOL MESSAGES... 4 4.1 MESSAGE FORMATS...4 4.1.1 Message Head...4 4.1.2 Message Body...5
More informationGSA GAT PROTOCOL V Game Authentication Terminal
GSA GAT PROTOCOL V3.50.0 Game Authentication Terminal Gaming Standards Association GAT Technical Committee Released: 2010/12/13 Document ID: gsa-p0093.001.00 GAMINGSTANDARDS.COM GSA GAT Protocol, Document
More informationCS / ECE , Spring 2010 Exam 1
Andrew login ID: Full Name: Recitation Section: CS 15-213 / ECE 18-243, Spring 2010 Exam 1 Version 1100101 Tuesday, March 2nd, 2010 Instructions: Make sure that your exam is not missing any sheets, then
More informationPCD1.A2000-A20. E-Line S-Serie RIO 6Rel 16A. Features. General technical data. Dimensions and installation
Data sheet www.sbc-support.com PCD1.A2000-A20 E-Line S-Serie RI 6Rel 16A The S-Serie E-Line RI modules are controlled via the RS-485 serial communication protocols S-Bus and Modbus for decentralised automation
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationSPARC INTERNATIONAL. Version1 SPARC Keyboard Specification
SPARC INTERNATIONAL Version1 SPARC Keyboard Specification SPARC International, Inc. 3333 Bowers Ave., Suite 280, Santa Clara, CA 95054-3913, 408-748-9111. FAX 408-748-9777 1999, SPARC International Inc.
More informationTCG Algorithm Registry
Family 2.0" Level 00 Revision 01.27 September 26, 2017 Committee Draft Contact: admin@trustedcomputinggroup.org Work in Progress: This document is an intermediate draft for comment only and is subject
More informationLow visibility of Cyber Threats Invisible Attacks VPN, AD, PtH, PtT Invisible Network Traffic Google Drive, Dropbox Invisible Malware Task schedule, Wmi, Powershell 2016 Verint systems inc. All rights
More informationMotors I Automation I Energy I Transmission & Distribution I Coatings. Modbus RTU CFW701. User s Manual
Motors I Automation I Energy I Transmission & Distribution I Coatings Modbus RTU CFW701 User s Manual Modbus RTU User s Manual Series: CFW701 Language: English Document Number: 10001538593 / 00 Publication
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationModbus RTU CFW100. User s Manual. Phone: Fax: Web: -
Modbus RTU CFW100 User s Manual Modbus RTU User s Manual Series: CFW100 Language: English Document Number: 10002909455 / 00 Publication Date: 06/2014 CONTENTS CONTENTS... 3 ABOUT THIS MANUAL... 5 ABBREVIATIONS
More informationComputer Control of the Advantage DRC 4+4
Computer Control of the Advantage DRC 4+4 Biamp Systems, 14130 N.W. Science Park, Portland, Oregon 97229 U.S.A. (503) 641-7287 an affiliate of Rauland-Borg Corp. Introduction This document contains technical
More informationPCD1.W5200-A20. E-Line S-Serie RIO 8AO. Features. General technical data. Dimensions and installation
Data sheet www.sbc-support.com PCD1.W5200-A20 E-Line S-Serie RI 8A The S-Serie E-Line RI modules are controlled via the RS-485 serial communication protocols S-Bus and Modbus for decentralised automation
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationModbus Map: Conext XW/XW+ Device
Map: Conext XW/XW+ Device 503-0246-01-01 Revision A.3 UNINTENDED OPERATION WARNING The use of this product with communications requires expertise in the design, operation, and programming of the device.
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationFLARE-On 4: Challenge 3 Solution greek_to_me.exe
FLARE-On 4: Challenge 3 Solution greek_to_me.exe Challenge Author: Matt Williams (@0xmwilliams) greek_to_me.exe is a Windows x86 executable whose strings reveal what is likely the desired state of the
More informationUNPACKING THE PACKED UNPACKER: REVERSING AN ANDROID ANTI-ANALYSIS NATIVE LIBRARY Maddie Stone Google, USA
3 5 October UNPACKING THE PACKED UNPACKER: REVERSING AN ANDROID ANTI-ANALYSIS NATIVE LIBRARY Maddie Stone Google, USA ABSTRACT maddiestone@google.com Malware authors implement many different techniques
More informationDifferential Computation Analysis Hiding your White-Box Designs is Not Enough
Differential Computation Analysis Hiding your White-Box Designs is Not Enough Joppe W. Bos Microsoft Research Visit, August 24, 2016 Redmond, WA, USA 1. NXP Semiconductors Operations in > 35 countries,
More informationReturn oriented programming
Return oriented programming TOOR - Computer Security Hallgrímur H. Gunnarsson Reykjavík University 2012-05-04 Introduction Many countermeasures have been introduced to foil EIP hijacking: W X: Prevent
More informationCIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1
Version 1 1. (20 Points) Given the class A network address 117.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 4,000 subnets? b. (5 Points) What is
More informationBENCHTOP INSTRUMENT. Digital AC/DC Power Meter. Operation Manual V1.0
BENCHTOP INSTRUMENT Digital AC/DC Power Meter Operation Manual V1.0 Default Setup Item Default Remark Version 0 Model No. Address 1 1 ~ 255 decimal Baud Rate 96 3 bps, 6 bps, 12 bps, 24 bps, 48 bps, 96
More informationECE251: Intro to Microprocessors Name: Solutions Mid Term Exam October 4, 2018
ECE251: Intro to Microprocessors Name: Solutions Mid Term Exam October 4, 2018 (PRINT) Instructions: No calculators, books, or cell phones; do not communicate with any other student. One side of a single
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationMotors I Automation I Energy I Transmission & Distribution I Coatings. Modbus RTU CFW300. User s Manual
Motors I Automation I Energy I Transmission & Distribution I Coatings Modbus RTU CFW300 User s Manual Modbus RTU User s Manual Series: CFW300 Language: English Document Number: 10003806158 / 02 Publication
More informationDATA SHEET. article numbers P125-1b & P125-1g
LC 16.2 TREND DATA SHEET article numbers P125-1b & P125-1g Pottery House, Pottery Road, Dun Laoghaire, Co. Dublin, Ireland. Tel: +353-1-2350279 Fax: +353-1-2350361 Am Gneisenauflöz 6, 66538 Neunkirchen,
More informationCS 537: Introduction to Operating Systems Fall 2015: Midterm Exam #1
CS 537: Introduction to Operating Systems Fall 2015: Midterm Exam #1 This exam is closed book, closed notes. All cell phones must be turned off. No calculators may be used. You have two hours to complete
More informationFlexi Soft T E L E G R A M M L I S T I N G
T E L E G R A M M L I S T I N G This document is protected by the law of copyright, whereby all rights established therein remain with the company SICK AG. Reproduction of this document or parts of this
More informationWhite-Box Cryptography
Based on: J. W. Bos, C. Hubain, W. Michiels, P. Teuwen. In CHES 2016: Differential computation analysis: Hiding your white-box designs is not enough. White-Box Cryptography Don't Forget About Grey Box
More informationMotors I Automation I Energy I Transmission & Distribution I Coatings. Modbus RTU CFW500. User s Manual
Motors I Automation I Energy I Transmission & Distribution I Coatings Modbus RTU CFW500 User s Manual Modbus RTU User s Manual Series: CFW500 Language: English Document Number: 10002253377 / 00 Publication
More informationUsing the USB and Serial Interfaces
Using the USB and Serial Interfaces PulsON 300 and 400 Series TIME DOMAIN Cummings Research Park 4955 Corporate Drive Suite 101 Huntsville, AL 35805 USA http://www.timedomain.com Tel: +1 256.922.9229 +1
More informationData point description for the Modbus protocol. 4 quadrant controller. multicomp 6D6-ESMSBSDS-1V1C6RO. Your partner for network analysis
Data point description for the Modbus protocol 4 quadrant controller multicomp 6D6-ESMSBSDS-1V1C6RO Your partner for network analysis Table of Contents 1 Supported Modbus commands...2 2 Data formats...2
More informationTransferable State Attack on Iterated Hashing Functions. July 26, Brian Wallace. Ballast Security
Transferable State Attack on Iterated Hashing Functions July 26, 2012 Brian Wallace Ballast Security 1 Abstract In this paper I will describe an attack on the iterated use of hashing functions used as
More informationModbus communication protocol
TIP Thüringer Industrie Produkte GmbH Bahnhofstraße 26 99842 Ruhla GERMANY Tel. : +49 (0)36929/64029-0 Fax : +49 (0)36929/64029-99 info@stromzaehler.de www.stromzaehler.de Modbus communication protocol
More informationFew Other Cryptanalytic Techniques
Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Boomerang Attack
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationSGX SECURE ENCLAVES IN PRACTICE: SECURITY AND CRYPTO REVIEW
SUMMARY Our Black Hat 2016 talk SGX Secure Enclaves in Practice: Security and Crypto Review is the first public report about the security of Intel(R) Software Guard Extensions (SGX) based on actual SGX
More informationThe cache is 4-way set associative, with 4-byte blocks, and 16 total lines
Sample Problem 1 Assume the following memory setup: Virtual addresses are 20 bits wide Physical addresses are 15 bits wide The page size if 1KB (2 10 bytes) The TLB is 2-way set associative, with 8 total
More informationMODBUS Communication Protocol
MODBUS Communication Protocol for counters with integrated MODBUS or ETHERNET interface 7E.78/86 0212 7E.68 0212 7E.64 0210 7E.78/86 0412 7E.68 0412 6A and 80A 3phase counters with RS485 serial communication.
More informationSalsa20 security. Daniel J. Bernstein
Salsa20 security Daniel J. Bernstein Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago Chicago, IL 60607 7045 snuffle@box.cr.yp.to 1 Introduction
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationUnderstanding Crashes and Crash Logs
#WWDC18 Understanding Crashes and Crash Logs Session 414 Chris D'Angelo, Xcode Engineer Greg Parker, Runtime Wrangler Kuba Mracek, Program Analysis Engineer 2018 Apple Inc. All rights reserved. Redistribution
More informationIEC /104 Communications Protocol
expertmeter High Performance Analyzer PM180 IEC60870-5-101/104 Communications Protocol Reference Guide BG0593 Rev. A1 Every effort has been made to ensure that the material herein is complete and accurate.
More information1CAPI INFORMATION VALUES. August Software Reference CAPI Information Values 1
1CAPI INFORMATION VALUES August 2000 Software Reference CAPI Information Values 1 2 CAPI Information Values Software Reference Table of Contents CAPI INFORMATION Table of Contents VALUES A REFERENCE 5
More information