SlideShare uma empresa Scribd logo

ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet

Cyber Security Alliance
Cyber Security Alliance

This document discusses hash flooding denial of service (DoS) attacks and defenses. It presents the theory behind exploiting weaknesses in hash functions like MurmurHash2/3 through differential cryptanalysis. Specifically, it shows how to generate multicollision inputs that result in the same hash value. This allows an attacker to force worst-case insertion times into hash tables, overloading systems. The document notes that many systems using MurmurHash2/3 remain vulnerable. It then discusses potential real-world attacks against uses of hashes in applications like web frameworks. As an example, it demonstrates how to attack internal hash tables in Ruby on Rails, though default protections prevent attacks on request parameters.

Tecnologia
1 de 121
Baixar para ler offline
Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
Jean-Philippe Cryptography expert at the Kudelski Group Applied crypto researcher https://131002.net @aumasson Martin Independent SW engineer and security expert Ruby core dev team member http://www.martinbosslet.de @_emboss_
Hash-flooding DoS reloaded: attacks and defenses
Denial-of-Service (DoS) attacks “Attempt to make a machine or network resource unavailable to its intended users.” Wikipedia
Popular DoS techniques are distributed HTTP or TCP SYN flood… (DDoS)
More subtle techniques exploit properties of TCP-congestion-avoidance algorithms…
Hash-flooding DoS reloaded: attacks and defenses
Hash tables used in many applications to maintain an association between objects Example: Python dictionaries d={} # empty table d[12345]=0xc # insertion d[‘astring’]=‘foo’ # insertion d[(‘a’,‘tuple’)]=0 # insertion print d[‘a string’] # lookup
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc d[‘astring’]=‘foo’ , hash(‘astring’)=0
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc (‘a’,’tuple’): 0 d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ d[‘astring’]=‘foo’ , hash(‘astring’)=0
If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ (‘a’, ‘tuple’): ‘foo’ d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
Hash flooding: Send to a server many inputs with a same hash (a multicollision) so as to enforce worst-case insert time
send 2MB of POST data consisting of 200.000 colliding 10B strings ≈ 40.000.000.000 string comparisons (at least 10s on a 2GHz machine…)
Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
Patches released consisting of a stronger hash with randomization (to make colliding values impossible to find)
MurmurHash2 “used in code by Google, Microsoft, Yahoo, and many others” http://code.google.com/p/smhasher/wiki/MurmurHash CRuby, JRuby
MurmurHash3 “successor to MurmurHash2” Oracle’s Java SE, Rubinius
Hash-flooding DoS reloaded: attacks and defenses
1. Theory
MurmurHash3 core Processes the input per blocks of 4 bytes for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); 0x80000000 h1 = h1 *5+0 xe6546b64;} 0x80000000
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 diff in h1: 0x80000000 ^ 0x80000000 = 0 h1 ^= k1; h1 = ROTL32 ( h1 ,13); COLLISION! h1 = h1 *5+0 xe6546b64;}
M1 M2 32-bit 32-bit h1=f(X)=H h1=X M1^D1 M2^D2 32-bit 32-bit h1=f(X^D3^D3)=H h1=X^D3 2 colliding 8-byte inputs
M1 M2 M3 M4 M5 M6 collision collision collision Chain collisions => multicollisions 8n bytes => 2 n colliding inputs
A multicollision works for any seed => “Universal” multicollisions h1=seed; for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; // transform of k1 independent of the seed! h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
Even simpler for MurmurHash2
Consequence: Systems using MurmurHash2/3 remain vulnerable to hash-flooding
Other hash attacked
Even weaker than MurmurHash2… Also vulnerable to hash flooding
CityHash64( BU9[85WWp/ HASH!, 16 ) = b82e7612e6933d2f CityHash64( 8{YDLn;d.2 HASH!, 16 ) = b82e7612e6933d2f CityHash64( d+nkK&t?yr HASH!, 16 ) = b82e7612e6933d2f CityHash64( {A.#v5i]V{ HASH!, 16 ) = b82e7612e6933d2f CityHash64( FBC=/hJeA!HASH!, 16 ) = b82e7612e6933d2f CityHash64( $03$=K1.-H!HASH!, 16 ) = b82e7612e6933d2f CityHash64( 3o'L'Piw!HASH!, 16 ) = b82e7612e6933d2f CityHash64( duDu%qaUS@"HASH!, 16 ) = b82e7612e6933d2f CityHash64( IZVo|0S=BX"HASH!, 16 ) = b82e7612e6933d2f CityHash64( X2V|P=<u,=#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 9<%45yG]qG#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 6?4O:'<Vho#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 2u 2}7g^>3$HASH!, 16 ) = b82e7612e6933d2f CityHash64( kqwnZH=cKG$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Nl+:rtvw}K$HASH!, 16 ) = b82e7612e6933d2f CityHash64( s/pI!<5u*]$HASH!, 16 ) = b82e7612e6933d2f CityHash64( f|P~n*<xPc$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Cj7TCG|G}}$HASH!, 16 ) = b82e7612e6933d2f CityHash64( a4$>Jf3PF'%HASH!, 16 ) = b82e7612e6933d2f
2. Practice
Breaking Murmur: We‘ve got the recipe – Now all we need is the (hash) cake
Where are hashes used?
Internally vs. Externally
Parser symbol tables Method lookup tables Attributes / Instance variables IP Addresses Transaction IDs Database Indexing Session IDs HTTP Headers JSON Representation URL-encoded POST form data Deduplication (HashSet) A* search algorithm Dictionaries …
=> Where aren’t they used?
Can’t we use something different?
We could, but amortized constant time is just too sexy
Possible real-life attacks
Attack internal use?
Elegant, but low impact
Need a high-profile target
Web Application
Example #1 Rails
First: Attacking MurmurHash in Ruby
Straight-forward with a few quirks
Apply the recipe
Demo
Should work with Rails out of the box, no?
Unfortunately, no
Demo
def POST … @env["rack.request.form_hash"] = parse_query(form_vars) … end
def parse_query(qs) Utils.parse_nested_query(qs) end
def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
def unescape(s, encoding = Encoding::UTF_8) URI.decode_www_form_component(s, encoding) end
def self.decode_www_form_component(str, enc=Encoding::UTF_8) raise ArgumentError, "invalid %-encoding (#{str})" unless /A[^%]*(?:%hh[^%]*)*z/ =~ str str.gsub(/+|%hh/, TBLDECWWWCOMP_).force_encoding(enc) end
/A[^%]*(?:%hh[^%]*)*z/ ???
Catches invalid % encodings (e.g. %ZV, %%1 instead of %2F)
def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
def normalize_params(params, name, v = nil) name =~ %r(A[[]]*([^[]]+)]*) k = $1 || '' … end
%r(A[[]]*([^[]]+)]*) ???
helps transform [[]] to []
idea: pre-generate matching values
create random values passing the regular expressions
that should do it, right?
Demo
def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
class KeySpaceConstrainedParams def []=(key, value) @size += key.size if key && !@params.key?(key) raise RangeError, 'exceeded available parameter key space‘ if @size > @limit @params[key] = value end end
What now? Rails is safe?
Remember: Hashes are used everywhere
So if application/x-www-form-urlencoded doesn't work, how about application/json ?
Again, with the encoding...
Fast-forward...
Demo
Conclusion Patchwork is not helping
too many places
code bloat
yet another loophole will be found
Fix it at the root
Example #2 Java
String(byte[] bytes)
public String(byte bytes[], int offset, int length, Charset charset) { … char[] v = StringCoding.decode(charset, bytes, offset, length); … }
Tough nut to crack
What now? Java is safe?
String(char[] value)
public String(char value[]) { int size = value.length; this.offset = 0; this.count = size; this.value = Arrays.copyOf(value, size); }
No decoding!
Substitute byte[] operations with equivalent operations on char[]
Demo
Disclosure Oracle (Java): Sep 11 CRuby, JRuby, Rubinius: Aug 30
Hash-flooding DoS reloaded: attacks and defenses
SipHash: a fast short-input PRF New crypto algorithm to fix hash-flooding: • Rigorous security requirements and analysis • Speed competitive with that of weak hashes Peer-reviewed research paper (A., Bernstein). published at DIAC 2012, INDOCRYPT 2012
SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ 736f6d6570736575 v1 = k1 ⊕ 646f72616e646f6d v2 = k0 ⊕ 6c7967656e657261 v3 = k1 ⊕ 7465646279746573
SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ “somepseu” v1 = k1 ⊕ “dorandom” v2 = k0 ⊕ “lygenera” v3 = k1 ⊕ “tedbytes”
SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m0 c iterations of SipRound v0 ⊕= m0
SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m1 c iterations of SipRound v0 ⊕= m1
SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m2 c iterations of SipRound v0 ⊕= m2
SipHash compression Message parsed as 64-bit words m0, m1, … Etc.
SipRound
SipHash finalization v2 ⊕= 255 d iterations of SipRound Return v0 ⊕ v1 ⊕ v2 ⊕ v3
SipHash-2-4 hashing 15 bytes
Family SipHash-c-d Fast proposal: SipHash-2-4 Conservative proposal: SipHash-4-8 Weaker versions for cryptanalysis: SipHash-1-0, SipHash-2-0, etc. SipHash-1-1, SipHash-2-1, etc. Etc.
Proof of simplicity June 20: paper published online June 28: 18 third-party implementations C (Floodyberry, Boßlet, Neves); C# (Haynes) Cryptol (Lazar); Erlang, Javascript, PHP (Denis) Go (Chestnykh); Haskell (Hanquez) Java, Ruby (Boßlet); Lisp (Brown); Perl6 (Julin)
Who is using SipHash? http://www.opendns.com/ http://www.rust-lang.org/ Soon?
Take home message • DoS is doable with only small data/bandwidth • Java- and Ruby-based web applications vulnerable to DoS (and maybe others…) • SipHash offers both security and performance Contact us if you need to check your application
Hash-flooding DoS reloaded: attacks and defenses THANK YOU!

Recomendados

Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Ds 2 cycle
Ds 2 cycleDs 2 cycle
Ds 2 cycleChaitanya Kn
 
A verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysA verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysAleksandr Yampolskiy
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionChristoph Matthies
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Let’s talk about microbenchmarking
Let’s talk about microbenchmarkingLet’s talk about microbenchmarking
Let’s talk about microbenchmarkingAndrey Akinshin
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 

Recomendados

Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Ds 2 cycle
Ds 2 cycleDs 2 cycle
Ds 2 cycleChaitanya Kn
 
A verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysA verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysAleksandr Yampolskiy
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionChristoph Matthies
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Let’s talk about microbenchmarking
Let’s talk about microbenchmarkingLet’s talk about microbenchmarking
Let’s talk about microbenchmarkingAndrey Akinshin
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Platonov Sergey
 
COSCUP: Introduction to Julia
COSCUP: Introduction to JuliaCOSCUP: Introduction to Julia
COSCUP: Introduction to Julia岳華 杜
 
Asssignment2
Asssignment2 Asssignment2
Asssignment2 AnnamalikAnnamalik
 
Java puzzles
Java puzzlesJava puzzles
Java puzzlesNikola Petrov
 
Java Puzzle
Java PuzzleJava Puzzle
Java PuzzleSFilipp
 
Clojure class
Clojure classClojure class
Clojure classAysylu Greenberg
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2Vani Kandhasamy
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
 
Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Platonov Sergey
 
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...Alex Pruden
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and IsogeniesPriyanka Aash
 
Distributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutDistributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutSuneel Marthi
 
Predicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPredicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPhilippe Camacho, Ph.D.
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013Amazon Web Services
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksPascal Flöschel
 

Mais conteúdo relacionado

Mais procurados

Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Platonov Sergey
 
COSCUP: Introduction to Julia
COSCUP: Introduction to JuliaCOSCUP: Introduction to Julia
COSCUP: Introduction to Julia岳華 杜
 
Java Puzzle
Java PuzzleJava Puzzle
Java PuzzleSFilipp
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
 
Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Platonov Sergey
 
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...Alex Pruden
 
Distributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutDistributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutSuneel Marthi
 
Predicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPredicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPhilippe Camacho, Ph.D.
 

Mais procurados (14)

Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”Bartosz Milewski, “Re-discovering Monads in C++”
Bartosz Milewski, “Re-discovering Monads in C++”
 
COSCUP: Introduction to Julia
COSCUP: Introduction to JuliaCOSCUP: Introduction to Julia
COSCUP: Introduction to Julia
 
Asssignment2
Asssignment2 Asssignment2
Asssignment2
 
Java puzzles
Java puzzlesJava puzzles
Java puzzles
 
Java Puzzle
Java PuzzleJava Puzzle
Java Puzzle
 
Clojure class
Clojure classClojure class
Clojure class
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2
 
Computer security
Computer security Computer security
Computer security
 
ZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their ApplicationsZK Study Club: Sumcheck Arguments and Their Applications
ZK Study Club: Sumcheck Arguments and Their Applications
 
Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”Rainer Grimm, “Functional Programming in C++11”
Rainer Grimm, “Functional Programming in C++11”
 
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
zkStudyClub: PLONKUP & Reinforced Concrete [Luke Pearson, Joshua Fitzgerald, ...
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and Isogenies
 
Distributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache MahoutDistributed Machine Learning with Apache Mahout
Distributed Machine Learning with Apache Mahout
 
Predicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant HashingPredicate-Preserving Collision-Resistant Hashing
Predicate-Preserving Collision-Resistant Hashing
 

Destaque

F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013Amazon Web Services
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 

Destaque (10)

Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 

Semelhante a ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet

Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cppAlamgir Hossain
 
Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06Aritra Sarkar
 
Lecture3 combinational blocks
Lecture3 combinational blocksLecture3 combinational blocks
Lecture3 combinational blocksNima Shafiee
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Mozaic Works
 
Computer graphics lab manual
Computer graphics lab manualComputer graphics lab manual
Computer graphics lab manualUma mohan
 
Ee693 sept2014midsem
Ee693 sept2014midsemEe693 sept2014midsem
Ee693 sept2014midsemGopi Saiteja
 
QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017Fred J. Hickernell
 
Ch01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluitonCh01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluitonshin
 
Introduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from ScratchIntroduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from ScratchAhmed BESBES
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
Efficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCLEfficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCLJonas Traub
 
PyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into CoroutinePyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into CoroutineDaehee Kim
 
Understanding the Disruptor
Understanding the DisruptorUnderstanding the Disruptor
Understanding the DisruptorTrisha Gee
 
20101017 program analysis_for_security_livshits_lecture02_compilers
20101017 program analysis_for_security_livshits_lecture02_compilers20101017 program analysis_for_security_livshits_lecture02_compilers
20101017 program analysis_for_security_livshits_lecture02_compilersComputer Science Club
 

Semelhante a ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet (20)

Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cpp
 
Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06Fractal Rendering in Developer C++ - 2012-11-06
Fractal Rendering in Developer C++ - 2012-11-06
 
Lecture3 combinational blocks
Lecture3 combinational blocksLecture3 combinational blocks
Lecture3 combinational blocks
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
 
Computer graphics lab manual
Computer graphics lab manualComputer graphics lab manual
Computer graphics lab manual
 
Ee693 sept2014midsem
Ee693 sept2014midsemEe693 sept2014midsem
Ee693 sept2014midsem
 
Faster Python, FOSDEM
Faster Python, FOSDEMFaster Python, FOSDEM
Faster Python, FOSDEM
 
QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017QMC Error SAMSI Tutorial Aug 2017
QMC Error SAMSI Tutorial Aug 2017
 
Ch01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluitonCh01 basic concepts_nosoluiton
Ch01 basic concepts_nosoluiton
 
Introduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from ScratchIntroduction to Neural Networks and Deep Learning from Scratch
Introduction to Neural Networks and Deep Learning from Scratch
 
Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...
Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...
Program on Quasi-Monte Carlo and High-Dimensional Sampling Methods for Applie...
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 
C++ TUTORIAL 10
C++ TUTORIAL 10C++ TUTORIAL 10
C++ TUTORIAL 10
 
Efficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCLEfficient SIMD Vectorization for Hashing in OpenCL
Efficient SIMD Vectorization for Hashing in OpenCL
 
PyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into CoroutinePyconKR 2018 Deep dive into Coroutine
PyconKR 2018 Deep dive into Coroutine
 
03.01 hash tables
03.01 hash tables03.01 hash tables
03.01 hash tables
 
QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...
QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...
QMC: Operator Splitting Workshop, Forward-Backward Splitting Algorithm withou...
 
Understanding the Disruptor
Understanding the DisruptorUnderstanding the Disruptor
Understanding the Disruptor
 
Introduction VHDL.ppt
Introduction VHDL.pptIntroduction VHDL.ppt
Introduction VHDL.ppt
 
20101017 program analysis_for_security_livshits_lecture02_compilers
20101017 program analysis_for_security_livshits_lecture02_compilers20101017 program analysis_for_security_livshits_lecture02_compilers
20101017 program analysis_for_security_livshits_lecture02_compilers
 

Mais de Cyber Security Alliance

Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Cyber Security Alliance
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksCyber Security Alliance
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 

Mais de Cyber Security Alliance (20)

Bug Bounty @ Swisscom
Bug Bounty @ SwisscomBug Bounty @ Swisscom
Bug Bounty @ Swisscom
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacks
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
 
Blockchain for Beginners
Blockchain for Beginners Blockchain for Beginners
Blockchain for Beginners
 
Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging apps
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacks
 
Rump : iOS patch diffing
Rump : iOS patch diffingRump : iOS patch diffing
Rump : iOS patch diffing
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Rump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabriceRump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabrice
 
Operation emmental appsec
Operation emmental appsecOperation emmental appsec
Operation emmental appsec
 

Último

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Último (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson / Martin Boßlet

  • 1. Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
  • 2. Hash-flooding DoS reloaded: attacks and defenses Jean-Philippe Aumasson, Kudelski Group Daniel J. Bernstein, University of Illinois at Chicago Martin Boßlet, freelancer
  • 3. Jean-Philippe Cryptography expert at the Kudelski Group Applied crypto researcher https://131002.net @aumasson Martin Independent SW engineer and security expert Ruby core dev team member http://www.martinbosslet.de @_emboss_
  • 4. Hash-flooding DoS reloaded: attacks and defenses
  • 5. Denial-of-Service (DoS) attacks “Attempt to make a machine or network resource unavailable to its intended users.” Wikipedia
  • 6. Popular DoS techniques are distributed HTTP or TCP SYN flood… (DDoS)
  • 7. More subtle techniques exploit properties of TCP-congestion-avoidance algorithms…
  • 8. Hash-flooding DoS reloaded: attacks and defenses
  • 9. Hash tables used in many applications to maintain an association between objects Example: Python dictionaries d={} # empty table d[12345]=0xc # insertion d[‘astring’]=‘foo’ # insertion d[(‘a’,‘tuple’)]=0 # insertion print d[‘a string’] # lookup
  • 10. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average
  • 11. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
  • 12. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc d[‘astring’]=‘foo’ , hash(‘astring’)=0
  • 13. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n) operations on average 0 1 2 ‘astring’: ‘foo’ 12345: 0xc (‘a’,’tuple’): 0 d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
  • 14. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc d[12345]=0xc, hash(12345)=1
  • 15. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ d[‘astring’]=‘foo’ , hash(‘astring’)=0
  • 16. If the table is about as large as the number of elements to be stored (=n), insertion or lookup of n elements takes O(n2) operations in the worst case 0 1 2 12345: 0xc ‘astring’: ‘foo’ (‘a’, ‘tuple’): ‘foo’ d[(‘a’,’tuple’)=0; hash((‘a’,’tuple’))=2
  • 17. Hash flooding: Send to a server many inputs with a same hash (a multicollision) so as to enforce worst-case insert time
  • 18. send 2MB of POST data consisting of 200.000 colliding 10B strings ≈ 40.000.000.000 string comparisons (at least 10s on a 2GHz machine…)
  • 19. Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
  • 20. Previous work Crosby, Wallach. Denial of Service via Algorithmic Complexity Attacks, USENIX Security 2003 -> attack formalized and applied to Perl, Squid, etc. Klink, Wälde. Efficient Denial of Service Attacks on Web Application Platforms. CCC 28c3 -> application to PHP, Java, Python, Ruby, etc.
  • 21.
  • 22. Patches released consisting of a stronger hash with randomization (to make colliding values impossible to find)
  • 23. MurmurHash2 “used in code by Google, Microsoft, Yahoo, and many others” http://code.google.com/p/smhasher/wiki/MurmurHash CRuby, JRuby
  • 24. MurmurHash3 “successor to MurmurHash2” Oracle’s Java SE, Rubinius
  • 25. Hash-flooding DoS reloaded: attacks and defenses
  • 27. MurmurHash3 core Processes the input per blocks of 4 bytes for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 28. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 29. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 30. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 31. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=0 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D1 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x00040000 h1 ^= k1; diff in h1 0x00040000 h1 = ROTL32 ( h1 ,13); 0x80000000 h1 = h1 *5+0 xe6546b64;} 0x80000000
  • 32. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 33. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 34. Differential cryptanalysis strategy 1/ introduce a difference in the state h1 via the input k1 2/ cancel this difference with a second well chosen difference for (i=0;i<nblocks;i++) { i=1 uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; inject difference D2 k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; diff in k1:0x80000000 diff in h1: 0x80000000 ^ 0x80000000 = 0 h1 ^= k1; h1 = ROTL32 ( h1 ,13); COLLISION! h1 = h1 *5+0 xe6546b64;}
  • 35. M1 M2 32-bit 32-bit h1=f(X)=H h1=X M1^D1 M2^D2 32-bit 32-bit h1=f(X^D3^D3)=H h1=X^D3 2 colliding 8-byte inputs
  • 36. M1 M2 M3 M4 M5 M6 collision collision collision Chain collisions => multicollisions 8n bytes => 2 n colliding inputs
  • 37. A multicollision works for any seed => “Universal” multicollisions h1=seed; for (i=0;i<nblocks;i++) { uint32_t k1 = getblock(blocks, i); k1 *= 0xcc9e2d51 ; k1 = ROTL32(k1 ,15); k1 *= 0x1b873593; // transform of k1 independent of the seed! h1 ^= k1; h1 = ROTL32 ( h1 ,13); h1 = h1 *5+0 xe6546b64;}
  • 38. Even simpler for MurmurHash2
  • 39. Consequence: Systems using MurmurHash2/3 remain vulnerable to hash-flooding
  • 41. Even weaker than MurmurHash2… Also vulnerable to hash flooding
  • 42. CityHash64( BU9[85WWp/ HASH!, 16 ) = b82e7612e6933d2f CityHash64( 8{YDLn;d.2 HASH!, 16 ) = b82e7612e6933d2f CityHash64( d+nkK&t?yr HASH!, 16 ) = b82e7612e6933d2f CityHash64( {A.#v5i]V{ HASH!, 16 ) = b82e7612e6933d2f CityHash64( FBC=/hJeA!HASH!, 16 ) = b82e7612e6933d2f CityHash64( $03$=K1.-H!HASH!, 16 ) = b82e7612e6933d2f CityHash64( 3o'L'Piw!HASH!, 16 ) = b82e7612e6933d2f CityHash64( duDu%qaUS@"HASH!, 16 ) = b82e7612e6933d2f CityHash64( IZVo|0S=BX"HASH!, 16 ) = b82e7612e6933d2f CityHash64( X2V|P=<u,=#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 9<%45yG]qG#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 6?4O:'<Vho#HASH!, 16 ) = b82e7612e6933d2f CityHash64( 2u 2}7g^>3$HASH!, 16 ) = b82e7612e6933d2f CityHash64( kqwnZH=cKG$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Nl+:rtvw}K$HASH!, 16 ) = b82e7612e6933d2f CityHash64( s/pI!<5u*]$HASH!, 16 ) = b82e7612e6933d2f CityHash64( f|P~n*<xPc$HASH!, 16 ) = b82e7612e6933d2f CityHash64( Cj7TCG|G}}$HASH!, 16 ) = b82e7612e6933d2f CityHash64( a4$>Jf3PF'%HASH!, 16 ) = b82e7612e6933d2f
  • 44. Breaking Murmur: We‘ve got the recipe – Now all we need is the (hash) cake
  • 47. Parser symbol tables Method lookup tables Attributes / Instance variables IP Addresses Transaction IDs Database Indexing Session IDs HTTP Headers JSON Representation URL-encoded POST form data Deduplication (HashSet) A* search algorithm Dictionaries …
  • 48. => Where aren’t they used?
  • 49. Can’t we use something different?
  • 50. We could, but amortized constant time is just too sexy
  • 56. Example #1 Rails
  • 60. Demo
  • 61. Should work with Rails out of the box, no?
  • 63. Demo
  • 64. def POST … @env["rack.request.form_hash"] = parse_query(form_vars) … end
  • 66. def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
  • 67. def unescape(s, encoding = Encoding::UTF_8) URI.decode_www_form_component(s, encoding) end
  • 68. def self.decode_www_form_component(str, enc=Encoding::UTF_8) raise ArgumentError, "invalid %-encoding (#{str})" unless /A[^%]*(?:%hh[^%]*)*z/ =~ str str.gsub(/+|%hh/, TBLDECWWWCOMP_).force_encoding(enc) end
  • 70. Catches invalid % encodings (e.g. %ZV, %%1 instead of %2F)
  • 71. def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
  • 72. def normalize_params(params, name, v = nil) name =~ %r(A[[]]*([^[]]+)]*) k = $1 || '' … end
  • 76. create random values passing the regular expressions
  • 77. that should do it, right?
  • 78. Demo
  • 79.
  • 80. def parse_nested_query(qs, d = nil) params = KeySpaceConstrainedParams.new (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p| k, v = p.split('=', 2).map { |s| unescape(s) } normalize_params(params, k, v) end return params.to_params_hash end
  • 81. class KeySpaceConstrainedParams def []=(key, value) @size += key.size if key && !@params.key?(key) raise RangeError, 'exceeded available parameter key space‘ if @size > @limit @params[key] = value end end
  • 82.
  • 83. What now? Rails is safe?
  • 85. So if application/x-www-form-urlencoded doesn't work, how about application/json ?
  • 86. Again, with the encoding...
  • 88. Demo
  • 92. yet another loophole will be found
  • 93. Fix it at the root
  • 94. Example #2 Java
  • 96. public String(byte bytes[], int offset, int length, Charset charset) { … char[] v = StringCoding.decode(charset, bytes, offset, length); … }
  • 97. Tough nut to crack
  • 98. What now? Java is safe?
  • 100. public String(char value[]) { int size = value.length; this.offset = 0; this.count = size; this.value = Arrays.copyOf(value, size); }
  • 102. Substitute byte[] operations with equivalent operations on char[]
  • 103. Demo
  • 104. Disclosure Oracle (Java): Sep 11 CRuby, JRuby, Rubinius: Aug 30
  • 105. Hash-flooding DoS reloaded: attacks and defenses
  • 106. SipHash: a fast short-input PRF New crypto algorithm to fix hash-flooding: • Rigorous security requirements and analysis • Speed competitive with that of weak hashes Peer-reviewed research paper (A., Bernstein). published at DIAC 2012, INDOCRYPT 2012
  • 107. SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ 736f6d6570736575 v1 = k1 ⊕ 646f72616e646f6d v2 = k0 ⊕ 6c7967656e657261 v3 = k1 ⊕ 7465646279746573
  • 108. SipHash initialization 256-bit state v0 v1 v2 v3 128-bit key k0 k1 v0 = k0 ⊕ “somepseu” v1 = k1 ⊕ “dorandom” v2 = k0 ⊕ “lygenera” v3 = k1 ⊕ “tedbytes”
  • 109. SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m0 c iterations of SipRound v0 ⊕= m0
  • 110. SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m1 c iterations of SipRound v0 ⊕= m1
  • 111. SipHash compression Message parsed as 64-bit words m0, m1, … v3 ⊕= m2 c iterations of SipRound v0 ⊕= m2
  • 112. SipHash compression Message parsed as 64-bit words m0, m1, … Etc.
  • 114. SipHash finalization v2 ⊕= 255 d iterations of SipRound Return v0 ⊕ v1 ⊕ v2 ⊕ v3
  • 116. Family SipHash-c-d Fast proposal: SipHash-2-4 Conservative proposal: SipHash-4-8 Weaker versions for cryptanalysis: SipHash-1-0, SipHash-2-0, etc. SipHash-1-1, SipHash-2-1, etc. Etc.
  • 117.
  • 118. Proof of simplicity June 20: paper published online June 28: 18 third-party implementations C (Floodyberry, Boßlet, Neves); C# (Haynes) Cryptol (Lazar); Erlang, Javascript, PHP (Denis) Go (Chestnykh); Haskell (Hanquez) Java, Ruby (Boßlet); Lisp (Brown); Perl6 (Julin)
  • 119. Who is using SipHash? http://www.opendns.com/ http://www.rust-lang.org/ Soon?
  • 120. Take home message • DoS is doable with only small data/bandwidth • Java- and Ruby-based web applications vulnerable to DoS (and maybe others…) • SipHash offers both security and performance Contact us if you need to check your application
  • 121. Hash-flooding DoS reloaded: attacks and defenses THANK YOU!