«
Expand/Collapse
19 items tagged "channel"
Related tags:
side [+],
hacks [+],
chaos communication congress [+],
timing [+],
sebastian schinzel [+],
realplayer [+],
penetration testers [+],
networked environments [+],
code execution [+],
aac files [+],
aac file [+],
aac [+],
wpa wpa2 [+],
wpa [+],
wlan [+],
tool [+],
side channel [+],
quot [+],
nbsp nbsp nbsp nbsp nbsp [+],
nbsp [+],
matthias heuft [+],
logic [+],
jobby [+],
ghz [+],
electromagnetic emanations [+],
dirk feldhusen [+],
cryptographic algorithms [+],
controller [+],
channel logic analyzer [+],
channel 11 [+],
card [+],
blah blah [+],
analyzer [+],
airodump [+],
Newbie [+],
Area [+],
service vulnerability [+],
ronald de bruijn [+],
project controller [+],
project [+],
playstation [+],
pcb artwork [+],
outlet boxes [+],
monitor [+],
joshua [+],
irc channel [+],
irc [+],
iax [+],
home [+],
hobby electronics [+],
extension cords [+],
ds18b20 [+],
dmx controller [+],
dmx [+],
digital thermometers [+],
denial of service [+],
dan julio [+],
couple handfuls [+],
cool project [+],
character lcd [+],
channel controller [+],
asterisk [+],
arduino [+],
Support [+],
Idiots [+],
General [+],
Corner [+],
BackTrack [+]
-
-
![Permalink for '[Slides] Side Channel Analysis of Smart Cards'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
3:33
»
SecDocs
Authors:
Dirk Feldhusen Matthias Heuft Tags:
smart card Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Smart cards are used for authentication and for securing transactions. But even if the cryptographic algorithms and the protocols are secure, information about secret data may leak through so called side channels. Examples for side channels are timing of the computation as well as power consumption and electromagnetic emanation of the card. Nowadays cards which are used in security applications are protected against such attacks and are tested by IT security evaluation facilities. Smart cards are used for authentication and for securing transactions, e.g. in electronic banking systems. The key point for the use of smart cards in comparison with magnet stripe cards is that the smart card is not only used for the storage of data but also for cryptographic operations. The smart card can keep stored data secret and use them only as input for cryptographic operations, which can for instance be used for authenticating the card holder. The cryptographic operations base on symmetric or asymmetric cryptography. Commonly used algorithms are triple DES with a key length of 112 bits and AES with a key length of 128 bits as well as RSA with a key length of at least 1024 bits (or better at least 2048 bits). Let us assume that these cryptographic algorithms and also the transmission protocols are secure. This means, that the secret data on the card cannot be reconstructed on behalf of the knowledge of the input and output data alone. But there is also other information that the card emits to the outer world during the cryptographic computations and that can depend on the secret data. Examples for this information are timing of computation, power consumption of the smart card during the computation (most cards are power supplied from the outside) as well as electromagnetic emanations. Since this information is not transmitted over the defined interfaces, it is called side channel information. They can potentially expose the secret data as long there are no counter measures implemented on the card. There are various possible counter measures, which can be implemented on the hardware as well as the software of the card. But no counter measure can protect the side channels alone. Only a combination of several counter measures make it too hard for an attacker to successfully gain information about the secret data. The quality of those countermeasures can only be approved by tests, which are performed normally by the manufacturer during the development process to harden the card against side channel analysis. These tests have to be also performed by independent IT security evaluation facilities in order to approve side channel resistance of the card for possible consumers. It is distinguished between active and passive side channel attacks. The lecture concentrates on passive side channel attacks. Active side channel attacks try to induce faults in the computation and gain information from the results of such erroneous computations. The lecture shows the result of a successful performed side channel analysis of unprotected smart cards, so called simple power analysis (SPA) and differential power analysis (DPA) for a Rijndael implementation and some results about an RSA implementation. Typically these tests are performed as an iterative process. First the unprotected cards are successfully corrupted and than different counter measures are implemented and their quality in protecting the side channels is tested. Finally the card should be resistant against known side channel attacks.
-
3:33
»
SecDocs
Authors:
Dirk Feldhusen Matthias Heuft Tags:
smart card Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Smart cards are used for authentication and for securing transactions. But even if the cryptographic algorithms and the protocols are secure, information about secret data may leak through so called side channels. Examples for side channels are timing of the computation as well as power consumption and electromagnetic emanation of the card. Nowadays cards which are used in security applications are protected against such attacks and are tested by IT security evaluation facilities. Smart cards are used for authentication and for securing transactions, e.g. in electronic banking systems. The key point for the use of smart cards in comparison with magnet stripe cards is that the smart card is not only used for the storage of data but also for cryptographic operations. The smart card can keep stored data secret and use them only as input for cryptographic operations, which can for instance be used for authenticating the card holder. The cryptographic operations base on symmetric or asymmetric cryptography. Commonly used algorithms are triple DES with a key length of 112 bits and AES with a key length of 128 bits as well as RSA with a key length of at least 1024 bits (or better at least 2048 bits). Let us assume that these cryptographic algorithms and also the transmission protocols are secure. This means, that the secret data on the card cannot be reconstructed on behalf of the knowledge of the input and output data alone. But there is also other information that the card emits to the outer world during the cryptographic computations and that can depend on the secret data. Examples for this information are timing of computation, power consumption of the smart card during the computation (most cards are power supplied from the outside) as well as electromagnetic emanations. Since this information is not transmitted over the defined interfaces, it is called side channel information. They can potentially expose the secret data as long there are no counter measures implemented on the card. There are various possible counter measures, which can be implemented on the hardware as well as the software of the card. But no counter measure can protect the side channels alone. Only a combination of several counter measures make it too hard for an attacker to successfully gain information about the secret data. The quality of those countermeasures can only be approved by tests, which are performed normally by the manufacturer during the development process to harden the card against side channel analysis. These tests have to be also performed by independent IT security evaluation facilities in order to approve side channel resistance of the card for possible consumers. It is distinguished between active and passive side channel attacks. The lecture concentrates on passive side channel attacks. Active side channel attacks try to induce faults in the computation and gain information from the results of such erroneous computations. The lecture shows the result of a successful performed side channel analysis of unprotected smart cards, so called simple power analysis (SPA) and differential power analysis (DPA) for a Rijndael implementation and some results about an RSA implementation. Typically these tests are performed as an iterative process. First the unprotected cards are successfully corrupted and than different counter measures are implemented and their quality in protecting the side channels is tested. Finally the card should be resistant against known side channel attacks.
-
-
15:01
»
Hack a Day
So you’ve got a really cool project that requires a wireless controller and a ton of different channels. What are you going to do? Are you going to go pick up an expensive RC controller? Nah, you’re going to build your own. This project makes a generic 20 channel controller for your projects by stuffing [...]
-
-
22:30
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
22:30
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
-
22:40
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
-
11:01
»
Hack a Day
If you’re just getting into hobby electronics chances are there are lots of tools you’d like to get you hands on but can’t yet justify the purchases. Why not build some of the simpler ones? Here’s a great example of a 4-channel logic analyzer that can be your next project and will add to your [...]
-
-
15:38
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.
-
15:38
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.
-
15:38
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.
-
-
6:11
»
Hack a Day
Say what you will about the Arduino platform but there certainly are a ton of libraries one can choose from. That is precisely what [Dan Julio] set out to do when building his slick looking 4 channel temperature monitor. The monitor consists of an Arduino RBBB, 2×16 character LCD and four DS18B20 1-wire digital thermometers. [...]
-
-
2:00
»
Hack a Day
[Joshua] shares his details on building this 20-channel DMX controller. He’s sourced some extension cords to cut up for the complicated wiring project. He plans to drive 120V lights with the system so he’s also using the extension cords to connect a bunch of outlet boxes to the main controller. Inside you’ll find a set [...]
-
-
12:30
»
Hack a Day
If you’ve got a graphic LCD lying around you can build this four-channel logic analyzer with a couple handfuls of cheap components. [Ronald de Bruijn's] design uses a PIC18F4580 to sample up to four logic inputs at a maximum resolution of 2 MHz. He’s included the PCB artwork so that you can etch your own [...]
-
-
10:38
»
remote-exploit & backtrack
hi all .. i was trying to crack security for some routers .. i tried to crack web, and i done it ,, also wpa/wpa2 and i cracked it (because the password was in the dictionary as all know)
but the question is ,, that there is a router has web security,and its channel is 123 ,, and when i start the monitor mode in on its channel ,, and start airodump again i see that its channel channged to another
first
Code:
CH 5 ][ Elapsed: 4 s ][ 2010-01-31 19:33
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:C0:CA:1D:DA:3E -1 0 7 1 123 -1 WEP WEP <length: 0>
00:1F:9F:D3:1F:EB -47 10 0 0 3 54 WPA2 CCMP PSK test
BSSID STATION PWR Rate Lost Packets Probes
00:C0:CA:1D:DA:3E 00:60:B3:35:FB:E1 -86 0 - 1 0 9
00:C0:CA:1D:DA:3E 00:19:E0:79:EB:D0 -84 0 - 1 13 24
after typing airodump again .. i see that its channel changed to another
second
Code:
CH 2 ][ Elapsed: 4 s ][ 2010-01-31 19:39
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:C0:CA:1D:DA:3E -1 0 7 3 118 -1 WEP WEP <length: 0>
00:1F:9F:D3:1F:EB -51 8 0 0 3 54 WPA2 CCMP PSK test
BSSID STATION PWR Rate Lost Packets Probes
00:C0:CA:1D:DA:3E 00:60:B3:35:FB:E1 -86 0 - 1 0 10
00:C0:CA:1D:DA:3E 00:19:E0:79:EB:D0 -81 0 - 1 5 4
it had changed to 118 :S .. i cant crack it ..
if some one can give help or solution .. i thank him lot ...
-
10:38
»
remote-exploit & backtrack
hi all .. i was trying to crack security for some routers .. i tried to crack web, and i done it ,, also wpa/wpa2 and i cracked it (because the password was in the dictionary as all know)
but the question is ,, that there is a router has web security,and its channel is 123 ,, and when i start the monitor mode in on its channel ,, and start airodump again i see that its channel channged to another
first
Code:
CH 5 ][ Elapsed: 4 s ][ 2010-01-31 19:33
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:C0:CA:1D:DA:3E -1 0 7 1 123 -1 WEP WEP <length: 0>
00:1F:9F:D3:1F:EB -47 10 0 0 3 54 WPA2 CCMP PSK test
BSSID STATION PWR Rate Lost Packets Probes
00:C0:CA:1D:DA:3E 00:60:B3:35:FB:E1 -86 0 - 1 0 9
00:C0:CA:1D:DA:3E 00:19:E0:79:EB:D0 -84 0 - 1 13 24
after typing airodump again .. i see that its channel changed to another
second
Code:
CH 2 ][ Elapsed: 4 s ][ 2010-01-31 19:39
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:C0:CA:1D:DA:3E -1 0 7 3 118 -1 WEP WEP <length: 0>
00:1F:9F:D3:1F:EB -51 8 0 0 3 54 WPA2 CCMP PSK test
BSSID STATION PWR Rate Lost Packets Probes
00:C0:CA:1D:DA:3E 00:60:B3:35:FB:E1 -86 0 - 1 0 10
00:C0:CA:1D:DA:3E 00:19:E0:79:EB:D0 -81 0 - 1 5 4
it had changed to 118 :S .. i cant crack it ..
if some one can give help or solution .. i thank him lot ...
-
-
14:34
»
remote-exploit & backtrack
Hello im having trouble with some wifi cracking im trying the target networks are all on channel 13 i have 2 wifi cards on my laptop a IPW3945 built in jobby and a USB f5d7050b both are working fine on wlano and wlan1. However they wont go to a channel above 11 in airmon or airodump etc.. even using the channel flags i dont get an error but it just uses channel 11.
when i get to using aireplay-ng i get the error " WLAN0 is on channel 11, but the AP uses channel 13"
ive traced this error back to a driver issue the drivers built into bt4 are the US version and they only have 11 wifi channels here in the UK we use channel 13 all the time for some reason ( mainly as BT defaults to that on their equipment they give free with the broadband)
anyway i thought i had found the fix to this
Quote:
The key piece to sorting this out was adding this line to my /etc/modprobe.d/options and then re-starting my system (simple - brute force!):
options cfg80211 ieee80211_regdom="EU"
"iwlist wlan0 channel" previously only reported channels 1 to 11, but now shows all of them. No problems connecting to the AP now on channel 13:
steve@steve-laptop:~$ iwlist wlan0 channel
wlan0 13 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
( blah blah blah blah )
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Current Frequency=2.472 GHz (Channel 13)
|
i did all the above and besides the fact i have 32 channels available none of them are 12 13 and 14
what am i doing wrong does anyone know ?? has anyone done this before to get to use channel 13 ?
thanks for your replies please keep them simple i am a total noob
oh forgot to add in windows both these cards work fine in the EU channel bands ..
-
14:34
»
remote-exploit & backtrack
Hello im having trouble with some wifi cracking im trying the target networks are all on channel 13 i have 2 wifi cards on my laptop a IPW3945 built in jobby and a USB f5d7050b both are working fine on wlano and wlan1. However they wont go to a channel above 11 in airmon or airodump etc.. even using the channel flags i dont get an error but it just uses channel 11.
when i get to using aireplay-ng i get the error " WLAN0 is on channel 11, but the AP uses channel 13"
ive traced this error back to a driver issue the drivers built into bt4 are the US version and they only have 11 wifi channels here in the UK we use channel 13 all the time for some reason ( mainly as BT defaults to that on their equipment they give free with the broadband)
anyway i thought i had found the fix to this
Quote:
The key piece to sorting this out was adding this line to my /etc/modprobe.d/options and then re-starting my system (simple - brute force!):
options cfg80211 ieee80211_regdom="EU"
"iwlist wlan0 channel" previously only reported channels 1 to 11, but now shows all of them. No problems connecting to the AP now on channel 13:
steve@steve-laptop:~$ iwlist wlan0 channel
wlan0 13 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
( blah blah blah blah )
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Current Frequency=2.472 GHz (Channel 13)
|
i did all the above and besides the fact i have 32 channels available none of them are 12 13 and 14
what am i doing wrong does anyone know ?? has anyone done this before to get to use channel 13 ?
thanks for your replies please keep them simple i am a total noob
oh forgot to add in windows both these cards work fine in the EU channel bands ..
thought i spotted a mistake as the "EU" is in quotes in his text and i found the same instructions elsewhere without the quotes round the EU and you can also use JP but no its still only does 1-11
21:00