• rdist blog: all my latest articles are now posted here
• Public Key Signature Vulnerabilities - Analysis of the RSA padding bug in various libraries, explaining how the attack works in simple terms. Also, we go into some flaws that are present in implementations of other crypto algorithms.

Software

• rsa_calcmod - python code to calculate RSA modulus n given two signatures (info, download)
• hexf - ASCII to binary filter for interactive programs (info, download)

Presentations

• When Crypto Attacks! (Yahoo 2009) - In-depth list of attacks against various crypto implementations. Developers seem to have gotten the message not to design their own ciphers. Now, we're trying to get the message out that you shouldn't be implementing your own crypto protocols or constructions, using low-level crypto libraries. Instead, developers should work at a higher level, using libraries like GPGME, Keyczar, or cryptlib. If you do end up designing/implementing your own construction, getting it reviewed by a third party is an expensive but vital task.
• Highway to Hell: Hacking Toll Systems (Blackhat 2008) - summary blog post
• Designing and Attacking DRM (RSA 2008) - Why software protection matters to everyone, including IT professionals. Design principles for making more robust DRM. Attacker tools. Provides a framework in two variables (L and T) for evaluating the longer term success of a DRM system. Gives an update on the latest DRM cracks.
• TLS/SSL MAC security flaw (iSec Forum) - Analysis of one of the CBC attacks on TLS that resulted in the bump from 1.0 to 1.1.
• TLS/SSL Protocol Design (Cal Poly) - Introduction to the design principles behind SSL. This was a relatively basic talk since the audience was a networking class with no previous security experience.
• Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007) - Analysis of virtualized rootkit detection methods. Introduces "Samsara", our framework for detecting virtualization and an implementation of data/instruction TLB sizing, HPET timer, and VT errata tests. We predict the future will be cat-and-mouse, where each side analyzes and responds to the behavior of their opponent, ad infinitum.
• Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007) - History and future of copy protection. Builds on the property of asymmetry as a way of analyzing copy protection features. Defenders only need to increase cost to attackers, not build an impenetrable wall. Included a live demo of reading a C64 game and cracking its protection, as well as an intro to the Xbox 360 drive hacks. Ended with some simple recommendations for repairing the 360 hacks.
• ACPI and FreeBSD (Part 2) (Bay Area FreeBSD Users Group) - An introduction to ACPI for users. Covers how to configure ACPI on FreeBSD and what is currently supported.
• ACPI and FreeBSD (Part 1) (Bay Area FreeBSD Users Group) - An introduction to ACPI for developers. Includes an example tracing a power management event from the hardware up through the OS and back down. Intended to get other kernel developers interested in helping me maintain FreeBSD's ACPI layer.
• Foundations of Platform Security (SJSU Security Class) - Uses the concept of asymmetry as a foundation for analyzing the security of various systems. Asymmetry in security is the property where mounting an attack is much more difficult for the attacker than the defender's effort required to maintain security. Platform design principles, including a study of sendmail vs. qmail architectures, are recommended for those who are designing their own systems.
• Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004) - Case study of a project I did of interfacing a proprietary digital cinema server to a FreeBSD machine, configured to act as a SCSI target. Also contains an analysis of NetBSD's CGD disk encryption with respect to several less common security models. While CGD (and similar products) focus on providing privacy if an attacker has one-time read-only access to the ciphertext, they were not designed to address other threat models.
• Designing and Attacking Virtual Machines (RSA 2004) - Describes using VMs for attack and defense and talks about the need for good partitioning in commodity hardware (i.e., bring LPAR from IBM's VM to x86 today.) Introduces the metric of "cross-section", which is the number/size of unique inputs that need to be recorded to reproduce the VM state.
• Beyond Applied Cryptography: Designing a Secure Application (Infosec World 2004) - Gives various principles necessary to design a secure application -- adding encryption is not sufficient. Also describes a simple process for doing secure protocol design (suggested by Ben Jun of CRI).
• Peering Behind the Curtain: Evaluating Your Security Vendor (Pentagon PENTCIRT 2003) - Recommends customers of products commission a security evaluation. Typically, the customer would choose a security evaluator and request the vendor provide any information the evaluator needs to determine the security of the product. Each party's interest is aligned with good security -- the vendor wants the sale, the customer wants to be secure, and the evaluator wants to find holes. This is very different from a vendor-commissioned report, where the evaluator is often pressured to sugar-coat the results. The suggestion slides were provided by Paul Kocher of CRI.

Information

• Security Conference Calendar - If you're writing a paper or looking for a conference to attend, this schedule should make it easy to see what needs to be submitted when. There is some leeway with what I consider a security conference.
• TCP/IP Development - archive of historical notes and presentations on the development of TCP/IP including many important lessons for us today