Breaking Industrial Ciphers at a Whim MATE SOOS PRESENTATION AT HES 11

Relaterede dokumenter
Black Jack --- Review. Spring 2012

Linear Programming ١ C H A P T E R 2

Generalized Probit Model in Design of Dose Finding Experiments. Yuehui Wu Valerii V. Fedorov RSU, GlaxoSmithKline, US

PARALLELIZATION OF ATTILA SIMULATOR WITH OPENMP MIGUEL ÁNGEL MARTÍNEZ DEL AMOR MINIPROJECT OF TDT24 NTNU

United Nations Secretariat Procurement Division

Project Step 7. Behavioral modeling of a dual ported register set. 1/8/ L11 Project Step 5 Copyright Joanne DeGroat, ECE, OSU 1

Basic statistics for experimental medical researchers

Privat-, statslig- eller regional institution m.v. Andet Added Bekaempelsesudfoerende: string No Label: Bekæmpelsesudførende

Shooting tethered med Canon EOS-D i Capture One Pro. Shooting tethered i Capture One Pro 6.4 & 7.0 på MAC OS-X & 10.8

Particle-based T-Spline Level Set Evolution for 3D Object Reconstruction with Range and Volume Constraints

how to save excel as pdf

RoE timestamp and presentation time in past

Statistik for MPH: 7

Brug sømbrættet til at lave sjove figurer. Lav fx: Få de andre til at gætte, hvad du har lavet. Use the nail board to make funny shapes.

IBM Network Station Manager. esuite 1.5 / NSM Integration. IBM Network Computer Division. tdc - 02/08/99 lotusnsm.prz Page 1

Udfordringer med indeklima ved energirenovering

Strings and Sets: set complement, union, intersection, etc. set concatenation AB, power of set A n, A, A +

,

Vina Nguyen HSSP July 13, 2008

Richter 2013 Presentation Mentor: Professor Evans Philosophy Department Taylor Henderson May 31, 2013

Skidding System. Challenge Us

ECE 551: Digital System * Design & Synthesis Lecture Set 5

On the complexity of drawing trees nicely: corrigendum

Lovkrav vs. udvikling af sundhedsapps

Timetable will be aviable after sep. 5. when the sing up ends. Provicius timetable on the next sites.

Using SL-RAT to Reduce SSOs

Løsning af skyline-problemet

Heuristics for Improving

USERTEC USER PRACTICES, TECHNOLOGIES AND RESIDENTIAL ENERGY CONSUMPTION

Skriftlig Eksamen Beregnelighed (DM517)

Melbourne Mercer Global Pension Index

Central Statistical Agency.

Øg sporbarhed og produktivitet gennem integration

CART MULTITEK CART MULTITEK CART. The MultiTek Cart

Terese B. Thomsen 1.semester Formidling, projektarbejde og webdesign ITU DMD d. 02/

User Manual for LTC IGNOU

X M Y. What is mediation? Mediation analysis an introduction. Definition

ArbejsskadeAnmeldelse

Eksempel på eksamensspørgsmål til caseeksamen

DET KONGELIGE BIBLIOTEK NATIONALBIBLIOTEK OG KØBENHAVNS UNIVERSITETS- BIBLIOTEK. Index

Statistik for MPH: oktober Attributable risk, bestemmelse af stikprøvestørrelse (Silva: , )

what is this all about? Introduction three-phase diode bridge rectifier input voltages input voltages, waveforms normalization of voltages voltages?

Overfør fritvalgskonto til pension

Netværksalgoritmer 1

Skriftlig Eksamen Kombinatorik, Sandsynlighed og Randomiserede Algoritmer (DM528)

Differential Evolution (DE) "Biologically-inspired computing", T. Krink, EVALife Group, Univ. of Aarhus, Denmark

Automatic Code Orchestration from Descriptive Implementations

to register

Skriftlig Eksamen Beregnelighed (DM517)

Backup Applikation. Microsoft Dynamics C5 Version Sikkerhedskopiering

Design by Contract. Design and Programming by Contract. Oversigt. Prædikater

Application of High- resolution LiDAR-derived DEM in Landslide Volume Estimation

Sampling real algebraic varieties for topological data analysis

Microsoft Dynamics C5. version 2012 Service Pack 01 Hot fix Fix list - Payroll

Diamond Core Drilling

Delta Elektronik A/S - AKD

Noter til kursusgang 9, IMAT og IMATØ

Bookingmuligheder for professionelle brugere i Dansehallerne

Remember the Ship, Additional Work

Besvarelser til Lineær Algebra Reeksamen Februar 2017

Trolling Master Bornholm 2016 Nyhedsbrev nr. 6

Vores mange brugere på musskema.dk er rigtig gode til at komme med kvalificerede ønsker og behov.

Chapter. Information Representation

Digitaliseringsstyrelsen

Engelsk. Niveau C. De Merkantile Erhvervsuddannelser September Casebaseret eksamen. og

Microsoft Development Center Copenhagen, June Løn. Ændring

Vind Seminar Fredericia 4. april 2013 JOB2SEA

CONNECTING PEOPLE AUTOMATION & IT

Satisability of Boolean Formulas

Listen Mr Oxford Don, Additional Work

Engelsk. Niveau D. De Merkantile Erhvervsuddannelser September Casebaseret eksamen. og

extreme Programming Kunders og udvikleres menneskerettigheder

Barnets navn: Børnehave: Kommune: Barnets modersmål (kan være mere end et)

Dell Cloud Client Computing Hvordan virtualisere vi de tunge grafisk applikationer?

Resource types R 1 1, R 2 2,..., R m CPU cycles, memory space, files, I/O devices Each resource type R i has W i instances.

IPv6 Application Trial Services. 2003/08/07 Tomohide Nagashima Japan Telecom Co., Ltd.

INGEN HASTVÆRK! NO RUSH!

TM4 Central Station. User Manual / brugervejledning K2070-EU. Tel Fax

INSTALLATION INSTRUCTIONS STILLEN FRONT BRAKE COOLING DUCTS NISSAN 370Z P/N /308960!

Unitel EDI MT940 June Based on: SWIFT Standards - Category 9 MT940 Customer Statement Message (January 2004)

Small Autonomous Devices in civil Engineering. Uses and requirements. By Peter H. Møller Rambøll

Reexam questions in Statistics and Evidence-based medicine, august sem. Medis/Medicin, Modul 2.4.

IBM WebSphere Operational Decision Management

Engineering of Chemical Register Machines

Forelæsning den 18. marts 2002

MSE PRESENTATION 2. Presented by Srunokshi.Kaniyur.Prema. Neelakantan Major Professor Dr. Torben Amtoft

CHAPTER 8: USING OBJECTS

WIO200A INSTALLATIONS MANUAL Rev Dato:

Studieordning del 3,

Shared space - mellem vision og realitet. - Lyngby Idrætsby som case

Maskinsikkerhed Risikovurdering Del 2: Praktisk vejledning og metodeeksempler

Microsoft Dynamics C5. Nyheder Kreditorbetalinger

Summer 2014 Starbucks Beverage Nutrition Information *

South Baileygate Retail Park Pontefract

Design til digitale kommunikationsplatforme-f2013

GAMPIX: a new generation of gamma camera for hot spot localisation

University of Copenhagen Faculty of Science Written Exam - 3. April Algebra 3

Skriftlig Eksamen Automatteori og Beregnelighed (DM17)

GUIDE TIL BREVSKRIVNING

The River Underground, Additional Work

Transkript:

Breaking Industrial Ciphers at a Whim MATE SOOS PRESENTATION AT HES 11

Story line 1 HiTag2: reverse-engineered proprietary cipher 2 Analytic tools are needed to investigate them 3 CryptoMiniSat: free software tool to test ciphers (and to break them) 2

Philips HiTag2 Cipher For access control: cars, army buildings Proprietary: reverse-engineered by Karsten Nohl and Sean O Neil Feedback linear(!), filter non-linear 3

SAT Solvers Input: CNF, an and of or-s (x 1 x 3 ) ( x 2 x 3 ) (x 1 x 2 ) Crypto-problem needs conversion Uses DPLL(ϕ) algorithm 1 If (formula ϕ trivial) return SAT/UNSAT 2 ret DPLL(ϕ with v true) 3 If (ret = SAT) return SAT 4 ret DPLL(ϕ with v false) 5 If (ret = SAT) return SAT 6 return UNSAT 4

Toy Example ( x 1 x 2 x 3 ) ( x 1 x 2 ) ( x 1 x 2 ) Clause 1 Clause 2 Clause 3 1 Guess: x 1 = True 2 Clause 2: x 2 = True 3 Clause 3: impossible! Reverse. 4 x 1 = False 5 Good, everything is satisfied! 5

calc_s[80] - - **57 - - - - - **58 - - **59 - - - - - **61 **60 calc_s[80] - - **62 - - - - - s[80] - s[84] - s[83] - s[82] - s[81] **63 - - - **65 **64 - - - **66 - - - - - - s[86] - s[95] - s[94] - - s[92] - s[91] - s[90] - s[89] - s[88] - s[87] - - - - - - - **61 **60 - **69 **68 - calc_s[7] - **70 - - - s[97] - - calc_s[8] - **71 - s[98] - - calc_s[20] - - **65 - **69 **73 - - calc_s[7] **74 **72 - - - - - - calc_s[8] - - **76 - **75 - - calc_s[20] - - **77 - - - calc_s[8] - - - **78 - - - - - - - **80 - **81 - **76 - **71 **82 **78 - **79 - calc_s[8] - - **74 - - calc_s[7] **84 - **83 - - s[101] **85 - **77 - - - calc_s[20] **86 - - - - - - - - - - - - - **88 - - **89 - - - - **90 **87 - - - - - - - - - - **92 - **91 - - - **93 - - - **94 - - - - **83 **87 - - - - - **96 - - **97 - - - - **98 - - - - - - - - - - - **100 - - - **101 - - - - **102 - - - - - - - - **104 **103 - - - - - **105 - - - - - **106 - **99 - - - - - - **108 - - - **109 - - - - **110 **107 - - - - - - **111 - - - - - - - **112 - - - - **113 - - - - - **114 - - **101 - - - **85 **81 - **116 **113 - **101 - - **85 - - - **118 **117 - **119 **113 - - - - - **120 **115 - - - - - **87 **83 **122 **121 **111 - **105 BEGIN - **123 - - **87 - - - - - - - - - **127 **124 - - - - - - calc_s[25] - **125 - **106 - - **128 - - - **129 **126 **114 - - - - - - - calc_s[25] **131 **130 - **132 - - s[86] - - - **133 - - calc_s[25] - **135 - - - **136 - **137 **134 - - - - - - **139 **138 - - calc_s[25] **140 node66 learnt unit clause - - - - **141 - - - - - - - **142 - learnt unit clause - **143 - - - - calc_s[16] **144 - - - - - **145 **146 - - - **147 - - **148 - - - - - calc_s[92] - s[92] calc_s[18] - - calc_s[83] - s[83] calc_s[87] s[87] - calc_s[81] s[81] calc_s[97] s[97] calc_s[90] - s[90] calc_s[98] - s[98] calc_s[82] - s[82] calc_s[88] - s[88] calc_s[84] - s[84] calc_s[101] - s[101] calc_s[80] s[80] calc_s[94] - s[94] calc_s[95] - s[95] calc_s[89] s[89] calc_s[91] - s[91] calc_s[86] - s[86] MODEL Example Search Tree Guess until conflict Start - - Backtrack - - First conflict Solution Found 6

CryptoMiniSat SAT solver that excels at cryptography General purpose: won SAT Race 10 Time (s) 6000 5000 4000 3000 2000 1000 MiniSat 2.2 lingeling PrecoSat465 CryptoMiniSat SAT Comp 11 0 80 100 120 140 160 180 200 220 240 No. solved instances from SAT Comp 09 Collaborative: GPL, mailing list, regular releases 7

Demo 1 Generate HiTag2 problem: Grain-of-Salt tool 2 Solve it using CryptoMiniSat 3 Analyse results: 2 days to break 8

Conclusion SAT solvers are powerful tools to break weak cryptography CryptoMiniSat, a leading SAT solver, is waiting for your contribution Weak ciphers like HiTag2 should not be used in high-value applications 9

2024 © DocPlayer.dk Fortrolighedspolitik | Servicevilkår | Feedback