PHD 2011 Technical Section Program

"Evil Maid" Goes After PGP

Alexander Tereshkin, independent researcher, ex-Invisible Things Lab

Full disk encryption is applied to protect information from unauthorized access. Generally, these systems are used to protect data on the hard drives of laptops and removable media, since they can be easily lost or stolen. The report examines whether an owner can rely on full disk encryption in his or her absence in case if an attacker has an opportunity not only to obtain the medium, but also to perform unnoticeable actions upon it. Trusted boot, integrity control, static and dynamic root of trust measurement (SRTM/DRTM) and their usage in the systems of full disk encryption are addressed.

The report considers how reliable the implementation of this control is in the PGPЃ Whole Disk Encryption product and whether it has any cryptographic flaws.

DNS Rebinding Returns (0-day)

Denis Baranov, Information Security Expert, Positive Technologies

The report examines a type of attack which has been known for several years as DNS Rebinding (Anti-DNS Pinning). The attack implies the possibility of bypassing same origin policy in all contemporary web browsers and thus gaining access to any data handled in affected applications. Despite rich history, it is believed that contemporary protection mechanisms block the attack, and to carry out it in practice is almost impossible.

The reporter will demonstrate practical ways of applying the Anti-DNS Pinning technique to attack enterprise networks, virtualization systems, and protected external resources; will offer tools to exploit the vulnerability. The report includes real-life scenarios of gaining maximum access to any target systems in large heterogeneous networks, and also possible variants of protection.

Vulnerabilities in the Systems of Authentication Control of Digital Photographic Images

Dmitry Sklyarov, Information Security Analyst, Elcomsoft

The report considers practical aspects of reliability of existing systems allowing authentication of photographic evidence originality. The reporter examines a vulnerability in the Canon Original Data Security system of image authenticity verification, which was designed to authenticate originality of images captured by the Canon digital reflex still cameras.

Zero Day for SCADA (0-day)

Yury Gurkin, CEO, GLEG Ltd.

Vulnerabilities in SCADA systems, after the mass propagation of the Stuxnet worm, have become journalists' favorite bugbear and a nightmare for all who has something to do with industry and national security.

How difficult is it to detect a vulnerability in SCADA systems? Which attack vectors are the most dangerous for such systems? How many unfixed vulnerabilities in SCADA are known as yet?

The reporter will practically demonstrate 0-day vulnerabilities in some popular systems of production process management.

Browser Security: New Aspect (0-day)

Vladimir Vorontsov, Chief Security Expert, ONsec

The report covers the issues of security of client applications used to work on the Internet. It focuses on the research of cashing techniques and files downloading in modern browsers (IE8, IE9, Chrome, Opera, Safari, Firefox).

The report includes attack schemes and examples involving the research findings and the browser vulnerabilities detected in the course of work on this material. The reporter will consider Cross Application Scripting, when a browser is both the sender and the target application.

The report also concerns the issue of interaction between a file system and browser external plug-ins (such as Adobe Flash and Adobe Acrobat) and attacks exploiting this vector.

__________________________________ __________________________________ __________________________________ __________________________________
Copyright © 2011
Positive Technologies