1 / 14

Cybercalypse , HeartBleed : Is our Government Listening

Cybercalypse , HeartBleed : Is our Government Listening. Ajit adh@null.co.in. Stories. The Backbone The Nexus A Random Story The Curves You Like My Heart is Bleeding History Repeats it self… Conclusion Is our Government Listening. Dedicated to…. The BackBone.

errol
Télécharger la présentation

Cybercalypse , HeartBleed : Is our Government Listening

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cybercalypse, HeartBleed : Is our Government Listening Ajit adh@null.co.in

  2. Stories • The Backbone • The Nexus • A Random Story • The Curves You Like • My Heart is Bleeding • History Repeats it self… Conclusion Is our Government Listening

  3. Dedicated to…

  4. The BackBone OpenSSL – Defacto Standard for all the cryptography Library. Free, Open, Well Maintained by Community *Hundreds of Contributors*

  5. The Nexus Openssl FIPS Module openssl-1.0.1i.tar.gz openssl-fips-2.0.7.tar.gz FIPS Compliance Needs NIST/NSA approved third party “fipscansiter”

  6. The Nexus

  7. A Random Story Told By : • Microsoft cryptologists - Dan Shumow& Niels Ferguson • Edward Snowden • Bruce Schneier • @Cocon • IS That Clear

  8. The Curves You Like • The Story • RSA Sucks, not for Phones • Elliptical Curve Crypto • Patient owned by RIM • Patient bought by NSA • Made Public • Now We all Can use it

  9. Issues with Curves • NISTP --  256 • Coefficients generated by hashing the unexplained seed • C49d3608, 86e70493, 6a6678e1, 139d26b7, 819f7e90 • It is possible to define some arbitrary parameters. • Web browsers will only support a handful of predefined curves, usually NIST P-256, P-384 and P-521.

  10. My Heart is Bleeding • SSL Handshake Protocol • Very Costly, CPU intensive • Optimization • Session ID cashing • Keep Alive Session • HeartBeat Module Robin Seggelmann Dr. Robin Seggelmann

  11. History • Remember SE-Linux? • Capture of communicaitons of David Headley & TahawwurRana • Acquisition of Skype • Acquisition of Whatsapp

  12. Conclusion

  13. Questions? • Why doesn’t our government CONTRIBUTE • To clean & Use the OpenSSL • Contribute to Open source pain points • Why doesn’t our government LISTEN • To other Govt. • It’s an Asymmetric war • Why don’t we try n Get UNFair Advantage?

  14. THANK YOU • IS IT CLEAR????? • IF NOT, PLS talk to my Friend – Gurudev…

More Related