Bay Area iSEC Open Forum

DATE: Thursday, April 25, 2013

TIME: 6:00pm-9:00pm

LOCATION: Square, Inc. 901 Mission Street - Downstairs Library, San Francisco CA, 94103

Please RSVP via Meetup or to rsvp@isecpartners.com if you wish to attend!

technical managers and engineers only please

food and beverage provided

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

AGENDA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKER: Colin O’Flynn / Dalhousie University

PRESO TITLE: Adventures in Power Analysis for Cheapskates

PRESO SUMMARY: Power analysis attacks present a devious method of cracking cryptographic systems. But looking at papers published in this field show that often the equipment used is fairly expensive: the typical oscilloscope used often have at least a 1 GSPS sampling rate, and then various probes and amplifiers also add to this cost. What is a poor researcher to do without such tools? This presentation will give a detailed description of how to setup a power analysis lab for a few hundred dollars, one that provides sufficient performance to attack real devices. It's based on some open-source hardware & software I developed, and is small enough to fit in your pocket. This includes an open-hardware design for the capture board, open-source Python tools for doing the capture, and open-source example attacks. Underlying theory behind side-channel attacks will be presented, giving attendees a complete picture of how such attacks work.

SPEAKER BIO: Colin O’Flynn’s introduction to electronics began with a Radio Shack 15-in-1 kit, but since then he’s moved on to a variety of embedded software and hardware projects. At a time he was involved in the open-source tool chain now used by Arduino, which transitioned into a job with Atmel as part of the low-power wireless division working on IEEE 802.15.4 devices. He has since returned to pursue his PhD at Dalhousie University in Halifax, Canada. He currently researches side-channel attacks on embedded cryptographic devices and has spoken at several conferences on topics around embedded security.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKER: Dr. Anton Chuvakin / Research Director / Gartner

PRESO TITLE: The Dawn of Security Sharing or Another “False Start”?

PRESO SUMMARY: The presentation will touch upon the current state of information sharing in security – what is real and what is hype. It will also outline some of the aspects of cross-enterprise security data sharing efforts that work. Finally, it will present a few ideas for improving information sharing in the future.

SPEAKER BIO: Dr. Anton Chuvakin is a Research Director at Gartner's Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" is one of the most popular in the industry. He also works on emerging security standards and serves on advisory boards of several security start-ups.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

SPEAKER: Diogo Mónica / Security Engineer / Square

PRESO TITLE: Bletchley: dealing with HSMs so you don’t have to

PRESO SUMMARY: Bletchley is an HSM-backed decryption service that we developed internally at Square. The objective of Bletchley is to centralize and abstract our HSMs providing a stable API for decryption operations. This service allows Square to use HSM's without having to deal with legacy APIs and reduces cost of ownership. A Bletchley cluster can provide an arbitrarily scalable replacement for network-based HSMs and supports secure key deletion, eliminating the concerns surrounding secure data deletion in a Service Oriented Architecture. In this presentation we will briefly introduce Square's SOA, present Bletchley's Architecture and several real-world use cases for our decryption service. We intend to open-source Bletchley as soon as possible.

SPEAKER BIO: Diogo Mónica is a Security Engineer @Square, Security Researcher at INESC-ID and a PhD Candidate at IST. His main area of expertise is Network Security.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-