Real-world cryptographic systems rarely meet academic expectations, with most systems being shown "insecure" at some point. At the same time, our IT-driven world has not yet fallen apart, suggesting that many protection mechanisms are "secure enough" for how they are employed. This talk argues that hacks with real-world implications are mostly the result of being able to break security assumptions on multiple design layers. Protection designs that focus on a single security function and neglect complimentary layers are hence more prone to compromise. We look at three widely deployed protection systems -- from the cell phone, automotive, and smartcard domains -- and show how technology abuse arises from best-practice deviations on multiple design layers.
CV. Karsten Nohl is a cryptographer and security researcher with degrees in Computer Engineering from SRH University Heidelberg and UVa. Karsten likes to test security assumptions in proprietary systems and typically breaks them.