Learning a few Crypto pitfalls practically-Part 2
NULL Hyderabad held its September month's security meetup at CA Technologies, Hyderabad. I had the opportunity to present in this meet and I chose to continue with April month's topic - practical crypto pitfalls.
As always, for me presentation means demos first and slides last. This time I have spent exactly a week on the demos and as usual didn't prepare slides till the last hour :)
All set for tomorrow's talk-Practical Crypto Pitfalls at @nullhyd. Have been working since last week on the demos. Should I make slides? ;)
— Krishna Chaitanya T (@novogeek) September 22, 2017
Topic: Regarding the topic, I have presented on Padding Oracle attacks. This is one topic I really struggled to grasp the low-level details. I thought presenting this topic in NULL meet is an opportunity for me to study this properly. So I have spent a week trying to understand the math behind it as well as coming up with a demo.
Slides: Below are the slides. They only contain screenshots of my hand-written notes and screenshots of Crypto Explorer utility. Thankfully, there are several fantastic blog posts which serve as great reference materials. No point re-creating slides or writing in length about the topic. Check the references slide in the ppt for the pointers. I have also listed them at the end of this article.
*Note: Understanding the basics of crypto is a pre-requisite to understand padding oracle attack. I strongly recommend you to go through the slides of [April month's talk](http://blog.novogeek.com/2017/04/22/learning-a-few-crypto-pitfalls-practically-null-hyd/), in case you want a refresher.*Demo Source Code:
There are two parts to the demo:
- A web application, built in ASP.NET, which is vulnerable to Padding Oracle attack. Check my PaddingOracleWebApp github repo for the source.
- A client which launches the attack on the vulnerable web app. Check my Crypto Explorer utility for this. I have added "Padding oracle" tab.
Demo Video:
Here is a quick video recording of the padding oracle attack:
References:
- Udacity - Cipher Block Chaining Mode -
Fundamentals of how CBC mode of AES encryption works. - Padding oracle attacks: in depth - Strongly recommend to go through this post for understanding the math part of the attack.
- Automated Padding Oracle Attacks with PadBuster - Strongly recommend to go through this post for a pictorial understanding of the attack. Beautifully captured!
- Martani's implementation of Padding Oracle Attack in C# - My demo is based out of this. Check this out for C# implementation of the attack.
- Erlend Oftedal's web app demonstrating padding oracle - A fantastic JavaScript based visualization of the attack.