Cybercalypse, HeartBleed : Is our Government Listening

Ajitadh@null.co.in

Stories

• The Backbone• The Nexus• A Random Story• The Curves You Like• My Heart is Bleeding• History Repeats it self…

ConclusionIs our Government Listening

Dedicated to…

The BackBone

OpenSSL – Defacto Standard for all the cryptography Library.

Free, Open, Well Maintained by Community

*Hundreds of Contributors*

The Nexus

Openssl FIPS Moduleopenssl-1.0.1i.tar.gz openssl-fips-2.0.7.tar.gz

FIPS ComplianceNeeds NIST/NSA approved third party

“fipscansiter”

The Nexus

A Random Story

Told By :• Microsoft cryptologists - Dan Shumow & Niels

Ferguson• Edward Snowden• Bruce Schneier • @Cocon• IS That Clear

The Curves You Like

The Story• RSA Sucks, not for Phones• Elliptical Curve Crypto• Patient owned by RIM• Patient bought by NSA• Made Public• Now We all Can use it

Issues with Curves

• NISTP -- 256�• Coefficients generated by hashing the

unexplained seed • C49d3608, 86e70493, 6a6678e1, 139d26b7,

819f7e90• It is possible to define some arbitrary

parameters.• Web browsers will only support a handful of

predefined curves, usually NIST P-256, P-384 and P-521.

My Heart is Bleeding

• SSL Handshake Protocol• Very Costly, CPU intensive• Optimization– Session ID cashing– Keep Alive Session

• HeartBeat ModuleRobin SeggelmannDr. Robin Seggelmann

History

• Remember SE-Linux?• Capture of communicaitons of David Headley

& Tahawwur Rana

• Acquisition of Skype• Acquisition of Whatsapp

Conclusion

Questions?

• Why doesn’t our government CONTRIBUTE– To clean & Use the OpenSSL

• Contribute to Open source pain points• Why doesn’t our government LISTEN– To other Govt.

• It’s an Asymmetric war– Why don’t we try n Get UNFair Advantage?

THANK YOU

• IS IT CLEAR?????• IF NOT, PLS talk to my Friend – Gurudev…