IFIP SEC 2018, Abstract of the invited talk

Cryptographic failures: how and why they happen

Krystian Matusiewicz

INTEL Technology Poland

Abstract. Cryptographic algorithms and protocols are one of the fundamental building blocks of modern digital systems. Cryptographic schemes provide security functions and by definition lie at the heart of any secure system. As with any heart failure, failures of cryptographic algorithms and implementations tend to be catastrophic. In environments such as hardware components where patching and updates are difficult it may be even more dramatic, leading to long exposure times or even device recalls. In this talk we are going to go through a number of crypto bugs and weaknesses in various systems, from some well-known CVEs to examples of bugs we prevented by our internal security validation activities. These examples will illustrate different classes of deficiencies: algorithmic fragility, design mistakes, implementation errors and validation gaps. The key takeaway of this talk will be suggestions on how to design secure systems to minimize the chance of cryptographic failures.