Events

Filter by:

Limit to events where the first date of the event:
Date range
Limit to events where the first date of the event:
Limit to events where the title matches:
Limit to events where the type is one or more of:
Limit to events tagged with one or more of:
Limit to events where the audience is one or more of:
Monday, July 22, 2024 10:30 am - 2:00 pm EDT (GMT -04:00)

Lessons on secure deployment of cryptographic primitives

Elena Bakos Lang and Kevin Henry, NCC Group

QNC building, 200 University Ave. Room 1201, Waterloo 

The security of cryptographic primitives and protocols is inextricably tied to that of the implementations deployed in the real world. Ensuring that these implementations are as secure as possible is thus a problem at the heart of cryptographic security.

This workshop will introduce common classes of cryptographic vulnerabilities, including improper randomness generation, side-channel attacks, flaws in primitives or protocols, and others, and discuss secure coding practices that can help mitigate them, based on our experiences auditing cryptographic code. This discussion will be complemented by a set of practical exercises to provide experience in spotting insecure constructions. Additionally, as implementation quality is often tied to the quality of the source material, we will present a case study on a recent widely implemented threshold signing protocol where ambiguous or unclear presentation in the academic source material has led to multiple critical implementation vulnerabilities.

This workshop is presented by NCC Group Cryptography Services practice in Waterloo, Ontario.

To attend this program please email us at cryptoworks21@uwaterloo.ca by July 17, 2024.