MR4 - Centre for Mathematical Sciences
Cambridge, United Kingdom
Tuesday, 06 February 2018
from 16:00 to 17:00
Holly Rostill and Matt Wixey
Elliptic curves give us the most efficient form of public key cryptography by offering equivalent security with a much smaller key size. However, the concept of a secure curve has not been universally defined and since the Snowden revelations of 2014 there is some scepticism around the security of elliptic curve cryptography.
Security for elliptic curve cryptography can be considered to be broader than the difficulty of the discrete logarithm problem – it can also include the implementation of the curve and how the curve is generated.
We will discuss how to define a secure curve and some examples of when this has failed. We will also touch on the role that standards play in helping society to be able to trust elliptic curves. To illustrate these points we will use real life examples such as the backdoor in the DUAL EC DRBG algorithm and the Secp256k1 curve used in Bitcoin.
Part 2: The sandman: How timelock puzzles can be used for evil
One of the things malware writers often seek to do is to delay the execution of their malware for a certain amount of time. This is predominantly a detection evasion measure, to ‘wait out’ analysis by automated sandboxes and antivirus software, but is also sometimes used as a ‘time bomb’ approach, so that the malware only begins to perform malicious actions once a certain amount of time has passed.
Historically, malware writers have used a number of techniques to do this. The vast majority of these are known and publicly documented, meaning that in many cases, sandboxes and antivirus software will detect and circumvent these techniques. One possible method, which to date has been largely unexplored, is the use of timelock puzzles.
Timelock puzzles are cryptographic mechanisms for delaying the decryption of data. Historically, they have been suggested as a kind of ‘digital time capsule’, and proposed for various uses – usually benign – including key escrow, sealed auction bids, the release of confidential information, and DDoS mitigation (via proof-of-work schemes, similar to those used in popular cryptocurrencies).
In this talk, I demonstrate multiple ways that different types of timelock puzzle could be used offensively. I build on research I presented at last year’s CREST Con, where I proposed and demonstrated a novel method for delayed execution in order to bypass sandboxes and antivirus, using a modified version of Bitcoin’s proof-of-work algorithm. I will cover simple methods using publicly available information, through to time sources, repeated squaring, chained puzzles, and client-server methods.
For each method, I’ll show a simple proof-of-concept and discuss how feasible it would be for attackers to implement in malware. I’ll also specifically cover methods for detection and investigation for each technique.