The conference will take place on March 18 2016.
|Track 1 (room K)
|Track 2 (room F)
|Track 3 (room G)
|9h30 - 10h15
A Hippocratic Oath for Connected Medical Devices
Crypto code: the 9 circles of testing
IAEA - The role of the IT security specialists at the International Atomic Energy Agency.
Unboxing the black-Box
Criminal Hideouts for Lease: Bulletproof Hosting Services
Million Dollar Baby: An "angr"y Attempt at
Conquering the DARPA CGC
Building Trust by Design
8 security lessons from 8bit games
Beating the trust out of the root of trust
Cyber criminalité, recrutement djihadiste : "le facteur humain" dans les affaires cyber
Reversing Internet of Things from mobile applications
DDoS Surviving or mitigating
4G/LTE Security : l'état de l'art
Lessons learnt from the history of vulnerabilities in hypervisors
From Bored Hacker to Board CISO, a short-n-fun tale
Title: Unboxing the White-Box Crypto
Speaker : Eloi Sanfèlix
Eloi works as a Principal Security Analyst at Riscure, where he performs security evaluations on different products ranging from software-based solutions to embedded systems. Most of his working time is currently spent reverse engineering and analyzing protected software such as DRM systems and mobile payment applications. In the last few years, he has also been involved in evaluating the security of embedded systems and smart card technology, mostly for the PayTV and the payment industries. In his spare time, Eloi enjoys participating in CTF competitions with the int3pids team.
White-Box Cryptography (WBC) aims to provide software implementations of cryptographic algorithms that are resistant against an attacker with full access to the internals. Therefore, the key must remain secure even if the attacker is able to inspect and modify the execution of the cryptographic algorithm. This is often referred to as "security in the White-Box context."
In a vanilla implementation of a cryptographic algorithm, access to intermediate results directly leads to extraction of the key. To achieve security in the white-box context, data encoding schemes and strong obfuscation are typically applied. This type of implementation is commonly seen in DRM systems, and is currently gaining momentum in the mobile payment market.
Assessing the security of WBC implementations is a challenge both for evaluators and for WBC designers, as it often requires a powerful mix of reverse engineering and applied cryptanalysis skills.
In this presentation, we show how attacks typically used to attack hardware cryptosystems can be ported to the white-box settings. We will introduce generic yet practical attacks on WBC implementations of the TDES and AES ciphers. Additionally, we will analyze the requirements for each attack and discuss potential countermeasures.
We have applied these attacks to recover cryptographic keys from commercial as well as academic implementations. During the presentation, we will demonstrate several attacks on open source WBC implementations using custom tools.
If you are tasked with evaluating the attack resistance of a WBC-based solution, this presentation will provide a better understanding of what White-Box Cryptography is and how to evaluate its robustness against different key extraction attacks. If you are a WBC designer, you will obtain a better understanding of what the most common weak points of such schemes are.
Our results highlight the importance of evaluating WBC implementations with respect to these generic attacks in order to provide correct judgement about their level of security.
Title: Million Dollar Baby: An "angr"y Attempt at Conquering the DARPA CGC
Speaker: Nick Stephens
Nick is a researcher at the seclab at UC Santa Barbara where he helps develop angr and works on the CGC. He goes by the handle 'mike_pizza' online and enjoys playing wargames and CTFs
In this talk we will first introduce Shellphish, a group of security enthusiasts located (mostly) at the University of California, Santa Barbara (UCSB).
Then, we will explain what we are building to participate in the DARPA Cyber Grand Challenge, a security competition in which participants have to design a system able to automatically exploit and patch binaries. In particular, we will show how it is possible to use the open source binary analysis framework we developed (https://github.com/angr/angr) to automatically find a vulnerability and generate an exploit targeting it for a sample CGC binary.
Title: Crypto code: the 9 circles of testing
Speaker : JP Aumasson
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and gave talks about cryptography at Black Hat, DEFCON, RSA, CCC, SyScan, CHES. He initiated the Crypto Coding Standard and the Password Hashing Competition projects. He co-wrote the 2015 book "The Hash Function BLAKE". JP tweets as @veorq.
Major crypto vulnerabilities would have been detected if we had better testing methodologies and tools. Heartbleed, Gotofail, or FREAK are some the most dramatic examples, but there are many others and many that we haven’t discovered yet. To help fix this, and to show how hard it is to test crypto code, this talk will go through the simplest to the most sophisticated methods, from basic test vectors to fuzzing and verification. I’ll show code examples, and the limitations of each class of test.
Title: Reversing Internet of Things from mobile applications
Speaker : Axelle Apvrille
Axelle Apvrille is a senior antivirus researcher at Fortinet. Senior hopefully meaning she's experienced, but not that old 😉 She specifically looks into mobile malware, but is also having fun with Internet of Things.
She enjoyed speaking at several past Insomni'Hack editions, but also at Hack.Lu, Black Hat Europe, Hashdays etc.
Known in the community by her more or less mysterious handle "Crypto Girl", she also is a member of the pic0wn CTF team and (tries to) solve challenges for fun (and no profit).
Have you ever reverse engineered (or wanted to) smart glasses, smart watches or your favourite connected object? Quite difficult at first to start on a new unknown system, isn’t it? Good news! There’s an easy way in (for most connected objects). I’ll explain during the talk.
We’ll hack our way into smart glasses, a house safety alarm, and a toothbrush!
Title: Building Trust by Design
Speaker : Hoang Bao
Hoang has 10+ years of experience in information policy and risk management, in particular: privacy, data governance, and IT compliance. He currently serves as Director of Policy, Privacy & Data Governance at Yahoo where he leads the development and implementation of privacy and data management policies.
Prior to Yahoo, Hoang was a Senior Consultant at KPMG LLP, focusing on IT compliance, attestation, and financial forensics investigations. His clients range from pre-IPO to Fortune 500 companies.
Hoang is an Advisor to OneVietnam Network, a Ford Foundation funded nonprofit, as well as a member of the Grant Committee for the Yahoo! Employee Foundation (YEF).
Hoang received his BS and MSc in Computer Science from Cal Poly, San Luis Obispo.
The talk will focus on how to engender users trust in consumer products by integrating privacy, safety, and security elements in the product design process. Key points include:
- Privacy and Safety by Design should be an integral part of the online and mobile product development processes.
- A product should strive to find that sweet spot of giving consumers meaningful notice and controls over their data without limiting the core functionality of the product.
- Security is a requisite for privacy.
Title: A Hippocratic Oath for Connected Medical Devices
Speaker : Beau Woods
Beau Woods is a core contributor to the grassroots initiative, I Am The Cavalry, ensuring connected technology that can impact life and safety is worthy of our trust. Beau has over a decade in Cyber Security, and has advised dozens of organizations on security practice, strategy and technology, including Global 100, small businesses, NGOs, government agencies, and others. Beau is a frequent presenter, media contributor, and author.
Medical devices are rapidly adopting network-connected, software-controlled technology to deliver life-saving care faster and cheaper. But they may also transplant the contagions and illnesses from a computing environment. Sensational headlines may draw needed attention, but can trigger undesirable reactions from the healthcare industry and the public. Let’s choose a different course of treatment. Medical professionals are masters of their domain; information security researchers are masters of ours. As these domains collide, collaborative efforts make us all safer, sooner, together.
This talk will briefly outline the problem space and current efforts, then detail the fruits of one collaborative effort: A Hippocratic Oath for Connected Medical Devices.
Title: Beating the trust out of the root of trust
Speaker : Frederic Jacobs
Frederic Jacobs is currently an independent security engineer working on tools to harden security of mobile devices. Previously, he led iOS development of Signal @ Open Whisper Systems and has been contributing to open source implementations of encryption protocols and tools.
Recently, Apple was ordered by a judge to unlock an iPhone belonging to the company of a suspect by providing a signed firmware that disables the throttling of passcode attempts on the device. Mitigations exist, but are they effective?
This talk will focus on defensive measures that companies can take to protect themselves against coercion, insider threat and compromise of signing key.
Title: From Bored Hacker to Board CISO, a short-n-fun tale.
Speaker : Bruno Kerouanton
Since 2007, Bruno (@kerouanton) is CISO of the Swiss Republic and Canton of Jura. Because he loves to meet great people on this planet, he takes part in all kinds of talks and conferences worldwide, as a frequent speaker (http://éé.net/speakings). On his spare time, he enjoys hacking and tweaking, C64 and old electronics, ham (but not spam), reverse-engineering and forensics, and lots of other fun topics not related to Infosec, such as delivering passports or being part of a global think-tank. Last, but not least, it has been heard Bruno is the official mascot at InsomniHack since a couple of years, for obscure reasons.
According to experts, in the next 30 years, 50% of our jobs could be replaced by machines. What are those predictions meaning for infosec professionals, and should our jobs evolve or disappear? From hackers to CISOs, not counting consultants and pentesters, Bruno will draw an evolution of his personal experience on this, and give tips on the way to mitigate our own risk level. If you want to work, or are already working in "Cyber", this talk is for you !
Title: Lessons learnt from the history of vulnerabilities in hypervisors
Speaker : Rafal Wojtczuk, Bromium Inc
Rafal Wojtczuk has over 15 years of experience with computer security. Specializing primarily in kernel and virtualization security, over the years he has disclosed many security vulnerabilities in popular operating system kernels and virtualization software. He is also well known for his articles on advanced exploitation techniques, including novel methods for exploiting buffer overflows in partially randomized address space environments. Recently, he was researching advanced Intel security-related technologies, particularly TXT and VTd. He is also the author of libnids, a low-level packet reassembly library. He holds a Masters Degree in Computer Science from the University of Warsaw.
Hypervisors have become a key element of both cloud and client computing. It is without doubt that hypervisors are going to be commonplace in future devices, and play an important role in the security industry. In this presentation, we discuss in detail the various lessons learnt whilst building and breaking various common hypervisors. In particular, we take a trip down memory lane and examine vulnerabilities found in all the popular hypervisors that have led to breakouts.
One of the key value propositions of hypervisors, as they relate to security, is to shrink the attack surface. However, in the quest for new features and functionality some trade-offs are made, which can prove to be fatal. While discussing the particular problems, we will examine what the strong (and weak) security-related features of hypervisors are. We compare the attack surface of hypervisors with that of user mode applications and operating systems kernels, and show that the purpose and design of the hypervisor significantly changes its attack surface size. Most importantly, we make a fact-based argument that many hypervisors aren't designed with security in mind. We show how superfluous code and poor design can be punished by demonstrating real examples of hypervisor breakouts. The presentation ends with lessons learnt, and recommendations for hypervisor design and approaches that can be taken to harden them.
Title: 8 security lessons from 8bit games
Speaker : Florian Hammers, Tenable
Florian Hammers, Security Specialist at Tenable Network Security GmbH, is working in the IT-Security since 2008.
Before joining Tenable he was working at Kaspersky Labs and was responsible for the design and implementation of endpoint security solutions at large
What can Space Invaders teach us about attack path analysis? Mario about defending your users that are the weakest link? Even Pac Man about focusing on the right goals?
This presentation will explore the lessons to be learned from the games many of us played years ago that are still valid in the reduction of security risks within all of our infrastructures.
Key takeaways from the talk will include:
- How to game the system to get a high score in security.
- How to gain insight into the attack path used by hackers to gain access to your data.
- What cheats can be used to reduce the risk of data loss.
Title: The role of the IT security specialists at the International Atomic Energy Agency.
Speaker : Massimiliano Falcinelli, IAEA
Head of Security Infrastructure – International Atomic Energy Agency (IAEA)
Adjunct Professor on Cybercrime Webster University - Vienna
Mr. Massimiliano Falcinelli serves as the IT security systems unit head at IAEA, where he develops and implements annual work and resource plans, assesses their applicability within overall ICT strategies, and seeks ways to secure and monitor internal assets and services. He also delivers high-level security roadmaps based on ISO 27002, implements appropriate procedural and technical access control mechanisms, performs security assessments, and makes recommendations for corrective actions.
He cooperates with several international organizations and companies in the private sector, especially in the field of automatic detection of threats and incident response.
Massimiliano will talk about the role of the IT security specialists in the UN.
The challenges, the threats and the actors, with a special emphasis on the role of the IAEA, its relation with the other UN orgs and the importance (and the difficulties) of sharing info in a big decentralized environment.
Title: 4G/LTE Security : l’état de l’art
Speaker : Sylvain Maret
With more than 20 years of experience in the field of ICT security, Sylvain is passionate about critical infrastructure defense, threat modelling and security of the digital identity. He is a lecturer at HEIG-VD, a member of OWASP in Switzerland, and the Founder of the Cyber Security Alliance and co-organiser for the Cyber Security Conference.
This talk will focus on the security within 4G/LTE systems. It will gives an overview about the 4G/LTE architecture, the 3gpp standards and the security controls (best practices) in place in many 4G/LTE Operators and NVNO’s. Based on this “classical” architecture the talk will present a threat modelling approach defining threat scenarios and vulnerabilities in a 4G/LTE usage in critical situation (Firstnet approach). Finally some defence architecture will be presented to mitigate risks in a critical network infrastructure.
Title: Cyber criminalité, recrutement djihadiste : « le facteur humain » dans les affaires cyber (FR)
Speaker : Frank Decloquement
Franck DeCloquement est expert en intelligence économique et stratégique pour le groupe Ker-Meur et ancien de l’Ecole de Guerre Economique de Paris (EGE). Professeur à l'IRIS (Institut de Relations Internationales et Stratégiques) pour le Master 2 IRIS Sup' en « Géo-économie et intelligence stratégique », diplôme délivré conjointement par l'IRIS Sup' et l'ESC Grenoble, Franck DeCloquement est aussi contributeur régulier pour le site d’information en ligne ATLANTICO, sur les menaces cyber-émergentes liées aux actions d'espionnage, et aux déstabilisations criminelles de nature informationnelle et humaine. Il est en outre intervenu récemment pour la SCIA (Swiss Competitive Intelligence Association) section romande à Genève, aux assises annuelles 2015 de la FNCDS (Fédération Nationale des Cadres Dirigeants et Supérieurs) au Sénat, et pour la Direction « iles de France » du groupe ORANGE, à l’occasion du séminaire Big Data : « Intelligence économique et Intelligence des données ».
Notre présentation se focalisera sur un les méthodologies de recrutement « d’apprentis » djihadistes, via les ressources de l’Internet 2 .0. Fruit d'une propagande « glauque » redoutablement efficace et qui se déroule en plusieurs actes. Nous parlerons à cet effet de la politique de « contre radicalisation » adopté par la France.
Title: DDoS Surviving or mitigating
Speaker : René Luria
CTO at Infomaniak Network SA, he began administrating the first linux boxes for the hosting environment 16 years ago. The company hosts now more than 200k domains and various services. Linux and open-source enthousiast, he's passionate about linking services together, automation. Without forgetting the technical part, the global view and understanding of problems is what he is dedicated to.
DDoS is a day to day problem to face for most internet companies. What happens to the hosting provider, now and before, what changed in the past years, what can we do (or can't). This is the story of what challenges we face and how we deal with them.
Title: Criminal Hideouts for Lease: Bulletproof Hosting Services
Speaker : Maxim Goncharov
Threat Analyst with 15 years working experience in the field of computer security. Equipped with knowledge in research and development of threat analytics systems, producing white papers based on research work and presenting these research results at security conferences. Participate as speaker at various security conferences and training seminars regarding the topic of cybercrime and related issues (e.g.cyberterrorism, cybersecurity, underground economy, etc.), like PacSec,Power of Community, DeepSec, VB, APWG. Russian Underground research and the development of secure analytics tools are some of the most important parts of his day- to-day work.
During my frequent talks about cybercriminal activities and their tools, tactics, and techniques, I am often asked about Bullet Proof Hosting Services, infrastructure and business models behind it. This type of activity is one of the most important parts of almost every single online criminal activity we see today. Without servers where people can put their malicious files or hosting facilities to execute malicious code – entire cybercriminal eco-systems would not work. An entire Bullet Proof Hosting Services industry is designed to host something that is not really welcome from white hat business models, but definitely expected by the black hat community. Bullet Proof Hosting Services refers to hardware-based, virtual-based or application hosting facilities that can allow collocating any type of content or executable code on their platforms. The main difference between a Bullet Proof Hosting Service provider and a normal hosting service provider is the possibility to use facilities for hosting non-legitimate or semi-legitimate content or applications on their servers. Bullet Proof Hosting Services allows hosting everything from phishing websites to carding forums, from Command & Control (C2) environments to pornographic websites, from SEO tools to eCommerce sites with fake watches… The business model of Bullet Proof Hosting Services is complex. On one hand the hosting service needs to offer a solid service in terms of ignoring abuse and stability in order to keep its customers happy and loyal. On the other hand every Bullet Proof Hosting Service provider is trying to be as legitimate as possible from the official authority’s point of view. Because of the seriousness of law enforcement and industry authorities, Bullet Proof Hosting Service providers are keen to diversify their infrastructure, supporting both legitimate and illegitimate services.