Lunch Seminar: Attacking and fixing the Microsoft Windows Kerberos login service

Friday 29 October, at 13:00, Tommaso will give a seminar describing the vulnerability we have found on the Windows systems implementation of the Kerberos login service. More information and full paper can be found here.
Continue reading “Lunch Seminar: Attacking and fixing the Microsoft Windows Kerberos login service”

Security APIs at FOSAD school

I ve just given a course at the FOSAD’10 school, reviewing practical attacks on security APIs and illustrating formal techniques to detect and fix them. The first part of the course focusses on PIN cracking attacks on Hardware Security Modules (HSMs) used by ATM networks to protect user PINs. The second part focusses on PKCS#11 tokens. I have described Tookan, a tool that reverse engineers real cryptographic tokens and performs a formal analysis of the resulting model, finding possible attacks and testing them on the real device (hope to have soon a trial version on this site). I have finally  illustrated CryptokiX, our security-enhanced software simulator of a PKCS#11 token. Here are the slides [Part I] [Part II]