Key Overwriting Attacks
Speaker
Miro Haller
Host
Henry Corrigan-Gibbs
n this talk, I will formally define key overwriting attacks and discuss some recent applications.
After lying dormant for 20 years, a recent series of papers exploited key overwriting attacks to break the security of deployed end-to-end encrypted schemes. More and more, systems aim to protect users even against a malicious or compromised server. Together with complex key hierarchies, this lead to attacks where the adversary can overwrite (part of) the key material of users. By observing the client's operation on such (partially) corrupted key material, some attacks were able to go as far as recovering the key material.
This talk is based on "MEGA: Malleable Encryption Goes Awry" and "Caveat Implementor! Key Recovery Attacks on MEGA" but I will also touch on other key recovery attacks.
After lying dormant for 20 years, a recent series of papers exploited key overwriting attacks to break the security of deployed end-to-end encrypted schemes. More and more, systems aim to protect users even against a malicious or compromised server. Together with complex key hierarchies, this lead to attacks where the adversary can overwrite (part of) the key material of users. By observing the client's operation on such (partially) corrupted key material, some attacks were able to go as far as recovering the key material.
This talk is based on "MEGA: Malleable Encryption Goes Awry" and "Caveat Implementor! Key Recovery Attacks on MEGA" but I will also touch on other key recovery attacks.