Jos Wetzels

Carlo Meijer, Veelasha Moonsamy, Jos Wetzels

The continuing use of proprietary cryptography in embedded systems across many industry verticals, from physical access control systems and telecommunications to machine-to-machine authentication, presents a significant obstacle to black-box security-evaluation efforts. In-depth security analysis requires locating and classifying the algorithm in often very large binary images, thus rendering manual inspection, even when aided by heuristics, time consuming. In this paper, we present a novel approach to automate the identification and classification of (proprietary) cryptographic primitives within binary code. Our approach is based on Data Flow Graph (DFG) isomorphism, previously proposed by Lestringant et al. Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis. By combining the said approach with symbolic execution, we overcome all limitations of their work, and are able to extend the analysis into the domain of unknown, proprietary cryptographic primitives. To demonstrate that our proposal is practical, we develop various signatures, each targeted at a distinct class of cryptographic primitives, and present experimental evaluations for each of them on a set of binaries, both publicly available (and thus providing reproducible results), and proprietary ones. Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler.

Ali Abbasi, Jos Wetzels, Thorsten Holz et al.

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

Jos Wetzels

In this document we present an overview of the background to and goals of the Password Hashing Competition (PHC) as well as the design of its winner, Argon2, and its security requirements and properties.

Jos Wetzels, Wouter Bokslag

In this document we present an introductory overview of the algorithms and design components underlying the Keccac cryptographic primitive and the Keyak encryption scheme for authenticated (session-supporting) encryption. This document aims to familiarize readers with the basic principles of authenticated encryption, the Sponge and Duplex constructions (full-state, keyed as well as regular versions), the permutation functions underlying Keccak and Keyak as well as Keyak v2's Motorist mode of operation.

Jos Wetzels, Wouter Bokslag

In this paper we will present various hardware architecture designs for implementing the SIMON 64/128 block cipher as a cryptographic component offering encryption, decryption and self-contained key-scheduling capabilities and discuss the issues and design options we encountered and the tradeoffs we made in implementing them. Finally, we will present the results of our hardware architectures' implementation performances on the Xilinx Spartan-6 FPGA series.

Jos Wetzels

In this paper, we will provide an overview of the current state-of-the-art with regards to so-called cold boot attacks, their practical applicability and feasibility, potential counter-measures and their effectiveness.

Jos Wetzels

This paper presents an overview of the current state-of-the-art of security and privacy concerns regarding RFID-based car key applications. We will first present a general overview of the technology and its evolution before moving on to an overview and discussion of the various known security weaknesses and attacks against such systems and the associated privacy risks they introduce.