Autodafé: an Act of Software Torture

Automated vulnerability searching tools have led to a dramatic increase of the rate at which such flaws are discovered. One particular searching technique is fault injection i.e. insertion of random data into input files, buffers or protocol packets, combined with a systematic monitoring of memory violations. Even if these tools allow to uncover a lot of vulnerabilities, they are still very primitive; despite their poor efficiency, they are useful because of the very high density of such vulnerabilities in modern software. This paper presents an innovative buffer overflow uncovering technique, which uses a more thorough and reliable approach. This technique, called: Fuzzing by Weighting Attacks with Markers, is a specialized kind of fault injection, which does not need source code or special compilation for the monitored program. As a proof of concept of the efficiency of this technique, a tool called Autodafe has been developed. It allows to detect automatically an impressive number of buffer overflow vulnerabilities

About Machine-Readable Travel Documents

Passports are documents that help immigration officers to identify people. In order to strongly authenticate their data and to automatically identify people, they are now equipped with RFID chips. These contain private information, biometrics, and a digital signature by issuing authorities. Although they substantially increase security at the border controls, they also come with new security and privacy issues. In this paper, we survey existing protocols and their weaknesses

Tornado Attack on RC4 with Applications to WEP & WPA

In this paper, we construct several tools for building and manipulating pools of biases in the analysis of RC4. We report extremely fast and optimized active and passive attacks against IEEE 802.11 wireless communication protocol WEP and a key recovery and a distinguishing attack against WPA. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packets), refinement and optimization of all the former known attacks and methodologies against RC4 stream cipher in WEP and WPA modes. We support all our claims on WEP by providing an implementation of this attack as a publicly available patch on Aircrack-ng. Our new attack improves its success probability drastically. Our active attack, based on ARP injection, requires 22500 packets to gain success probability of 50\% against a 104-bit WEP key, using Aircrack-ng in non-interactive mode. It runs in less than 5 seconds on an off-the-shelf PC. Using the same number of packets, Aicrack-ng yields around 3\% success rate. Furthermore, we describe very fast passive only attacks by just eavesdropping TCP/IPv4 packets in a WiFi communication. Our passive attack requires 27500 packets. This is much less than the number of packets Aircrack-ng requires in active mode (around 37500), which is a huge improvement. Deploying a similar theory, we also describe several attacks on WPA. Firstly, we describe a distinguisher for WPA with complexity 2^{42} and advantage 0.5 which uses 2^{42} packets. Then, based on several partial temporary key recovery attacks, we recover the full 128-bit temporary key of WPA by using 2^{42} packets. It works with complexity 2^{96}. So far, this is the best key recovery attack against WPA. We believe that our analysis brings on further insight to the security of RC4

Contact Tracing by Giant Data Collectors: Opening Pandora's Box of Threats to Privacy, Sovereignty and National Security

Many countries have introduced digital contact tracing apps to fight the COVID-19 pandemic. Such apps help to identify contacts between potentially infectious persons automatically and thus bear the promise of reducing the burden on manual contact tracers and increase tracing accuracy in situations in which people have difficulties identifying with whom they have been in contact. A number of different proposals for digital contact tracing systems have been made or deployed, ranging from heavily centralized to completely decentralized approaches, each with its own advantages and disadvantages in terms of tracing effectiveness and impact on user privacy. During the phase of highly dynamic evolution of these approaches, surprisingly, Google and Apple established an unprecedented friendship and agreed on a very special scheme for contact tracing, realizing this in the form of an API called GAEN that they quickly integrated into their mobile operating systems. A multitude of nationally rolled out tracing apps are now based on the GAEN approach. In this paper, we revisit such apps and the GAEN API on which they are built. In particular, we point out a number of very problematic aspects and threats that the GAEN approach creates through its security and privacy weaknesses but also through the threats that it poses on technological sovereignty and the public health system

Mechanism and Enantioselectivity in Palladium-Catalyzed Conjugate Addition of Arylboronic Acids to β‑Substituted Cyclic Enones: Insights from Computation and Experiment

Enantioselective conjugate additions of arylboronic acids to β-substituted cyclic enones have been previously reported from our laboratories. Air- and moisture-tolerant conditions were achieved with a catalyst derived in situ from palladium(II) trifluoroacetate and the chiral ligand (S)-t-BuPyOx. We now report a combined experimental and computational investigation on the mechanism, the nature of the active catalyst, the origins of the enantioselectivity, and the stereoelectronic effects of the ligand and the substrates of this transformation. Enantioselectivity is controlled primarily by steric repulsions between the t-Bu group of the chiral ligand and the α-methylene hydrogens of the enone substrate in the enantiodetermining carbopalladation step. Computations indicate that the reaction occurs via formation of a cationic arylpalladium(II) species, and subsequent carbopalladation of the enone olefin forms the key carbon–carbon bond. Studies of nonlinear effects and stoichiometric and catalytic reactions of isolated (PyOx)Pd(Ph)I complexes show that a monomeric arylpalladium–ligand complex is the active species in the selectivity-determining step. The addition of water and ammonium hexafluorophosphate synergistically increases the rate of the reaction, corroborating the hypothesis that a cationic palladium species is involved in the reaction pathway. These additives also allow the reaction to be performed at 40 °C and facilitate an expanded substrate scope

Computer Aided Cryptanalysis from Ciphers to Side Channels

In this dissertation, we study the security of cryptographic protocols and cryptosystems from the mathematical definition of the primitives, up to their physical implementations in the real world. We propose a representation of the chronological design using six layers (cryptographic primitives, cryptographic protocols, implementation, computer insecurity, side channel cryptanalysis and computer human interactions). We do the assumption that these layers should not be studied independently. Indeed, many negligible security weaknesses coming from different layers can be correlated to provide devastating practical attacks on cryptosystems. However, the complexity of a complete security analysis becomes huge and interdisciplinary knowledge is needed. These limitations are probably the reasons of the lack of complete security analysis in practice. We define a novel approach, to combine and study the six layers simultaneously. We propose to follow the data flow of a system and to perform security analysis across the six layers. This technique is applied in practice to the security analysis of computer keyboards, RC4, IEEE 802.11, and e-passports. Thanks to this method, we found 34 additional exploitable correlations in RC4 and we defined the best key recovery attacks on WEP and WPA. We also identified weaknesses in the design and the implementation of e-passports. Therefore, we show that the security risk of every layer seems to be related to its level of complexity. Thus, the implementation layer, the computer insecurity layer, the side channel layer and the computer human interfaces layer are subject to cost-effective attacks in practice. Interestingly, these layers are not intensively studied in cryptography, where research stays usually focused on the two first layers (and some side channel attacks). In this dissertation, we also propose frameworks for computer aided cryptanalysis. Indeed, when the complexity of a system is too important to perform manual analysis, some tools may automatically find weaknesses. Increasing complexity in systems adds new vulnerabilities. Straightforward but automated analysis becomes relevant. Two frameworks have been developed. The first one automatically highlights linear correlation in RC4. The second framework, called Autodafé automatically detects buffer overflows in modern software, using a technique called Fuzzing by Weighting Attacks with Markers

Passive-only key recovery attacks on RC4

Abstract. We present several weaknesses in the key scheduling algorithm of RC4 when the secret key contains an initialization vector – a cryptographic scheme typically used by the WEP and WPA protocols to protect IEEE 802.11 wireless communications. First, we show how the previously discovered key recovery attacks can be improved by reducing the dependency between the secret key bytes. Then, we describe two new weaknesses related to the modulo operation of the key scheduling algorithm. Finally, we describe a passive-only attack able to significantly improve the key recovery process on WEP with a data complexity of 2 15 eavesdropped packets

About Machine-Readable Travel Documents

Abstract. Passports are documents that help immigration officers to identify people. In order to strongly authenticate their data and to automatically identify people, they are now equipped with RFID chips. These contain private information, biometrics, and a digital signature by issuing authorities. Although they substantially increase security at the border controls, they also come with new security and privacy issues. In this paper, we survey existing protocols and their weaknesses.