Difference between revisions of "AFSecurity Seminar"

From mn/ifi/AFSecurity
Jump to: navigation, search
Line 1: Line 1:
 
== Post-Quantum Crypto ==
 
== Post-Quantum Crypto ==
  
'''DATE:''' 28 February 2017
+
'''DATE:''' 28 March 2017
  
 
'''LOCATION:'''  Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.
 
'''LOCATION:'''  Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.
Line 9: Line 9:
 
14:00h Welcome at IFI
 
14:00h Welcome at IFI
  
14:15h Talk: ''Post-Quantum Cryptography: A Concise Overview''
+
14:15h Talk: ''Exploit Prevention: Overview and Trends''
  
 
15:00h Discussion
 
15:00h Discussion
  
'''SPEAKER:''' Thomas Gregersen, NSM
+
'''SPEAKER:''' Laszlo Erdodi, UiO
  
 
'''ABSTRACT:'''
 
'''ABSTRACT:'''
Cryptographic research is constantly on the move as new cryptanalytical techniques become available. After the discovery of quantum algorithms that can overcome the computational complexity of cryptographic primitives in current mainstream algorithms, the search is on to find suitable candidate primitives for new quantum-resistant algorithms. This research field carries the banner of post-quantum cryptography.
+
The talk presents an overview and history of prevention techniques against software exploits used by hackers to compromise computers. Data Execution Prevention is for example a fundamental prevention technique supported at the microprocessor hardware level. Unfortunately this prevention technique is routinely bypassed by hacker exploits based on so-called Return Oriented Programming (ROP). In 2016 Intel announced its latest microprocessor with a new exploit prevention technique called Control Flow Enforcement which theoretically stops ROP. However, recent research indicates that Intel's new exploit prevention technique can be bypassed by yet another type of exploits based on Loop Oriented Programming. It's interesting to ask what the next exploit prevention technique will be, and how long it will take before hackers develop another counter-exploit. The fundamental question is whether it is possible to design a microprocessor platform which is totally immune against exploits. The talk will also present and analyse recent exploits found in the wild, e.g. the TOR users attacking exploit.
  
I will try to give an overview of how quantum algorithms come into play in cryptanalysis and which problems arise for current cryptography. Finally I will sketch some of the families of primitives that have been proposed in the quest for finding solutions that may survive in the post-quantum era.
+
'''SPEAKER BIO:'''
 +
Laszlo Erdodi is a researcher in cybersecurity at the Department of Informatics at UiO. He holds a PhD in Information Security, is a Certified Ethical Hacker (CEH), and a System Security Certified Practitioner (SSCP). Before joining UiO he worked at the University of Agder.
  
 
+
His main research areas are: Information Security and Ethical Hacking, Software Vulnerabilities and exploitation, Secure Programming, and Malware analysis.
'''SPEAKER BIO:'''
+
His cyber security related activities include: Instructor of courses on ethical hacking and exploit writing (hardcore hacking), continuous penetration testing, continuous research on cyber security and participation in big research projects (e.g. Smart house security, SCADA security).
Thomas Gregersen holds a PhD in mathematics from the University of Oslo. In 2014 he joined NSM (National Security Authorithy) as a researcher.
 

Revision as of 16:38, 14 March 2017

Post-Quantum Crypto

DATE: 28 March 2017

LOCATION:  Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.

AGENDA:

14:00h Welcome at IFI

14:15h Talk: Exploit Prevention: Overview and Trends

15:00h Discussion

SPEAKER: Laszlo Erdodi, UiO

ABSTRACT: The talk presents an overview and history of prevention techniques against software exploits used by hackers to compromise computers. Data Execution Prevention is for example a fundamental prevention technique supported at the microprocessor hardware level. Unfortunately this prevention technique is routinely bypassed by hacker exploits based on so-called Return Oriented Programming (ROP). In 2016 Intel announced its latest microprocessor with a new exploit prevention technique called Control Flow Enforcement which theoretically stops ROP. However, recent research indicates that Intel's new exploit prevention technique can be bypassed by yet another type of exploits based on Loop Oriented Programming. It's interesting to ask what the next exploit prevention technique will be, and how long it will take before hackers develop another counter-exploit. The fundamental question is whether it is possible to design a microprocessor platform which is totally immune against exploits. The talk will also present and analyse recent exploits found in the wild, e.g. the TOR users attacking exploit.

SPEAKER BIO: Laszlo Erdodi is a researcher in cybersecurity at the Department of Informatics at UiO. He holds a PhD in Information Security, is a Certified Ethical Hacker (CEH), and a System Security Certified Practitioner (SSCP). Before joining UiO he worked at the University of Agder.

His main research areas are: Information Security and Ethical Hacking, Software Vulnerabilities and exploitation, Secure Programming, and Malware analysis. His cyber security related activities include: Instructor of courses on ethical hacking and exploit writing (hardcore hacking), continuous penetration testing, continuous research on cyber security and participation in big research projects (e.g. Smart house security, SCADA security).