News and EventsEvents ▸ Lessons on secure deployment of crypt...

Lessons on secure deployment of cryptographic primitives

Date and time: July 22, 2024, 10:30 am - 2:00 pm (Lunch is provided)

Location: QNC1201

Registration: To attend the this program please email us at cryptoworks21@uwaterloo.ca by July 17, 2024.

The security of cryptographic primitives and protocols is inextricably tied to that of the implementations deployed in the real world. Ensuring that these implementations are as secure as possible is thus a problem at the heart of cryptographic security.

This workshop will introduce common classes of cryptographic vulnerabilities, including improper randomness generation, side-channel attacks, flaws in primitives or protocols, and others, and discuss secure coding practices that can help mitigate them, based on our experiences auditing cryptographic code. This discussion will be complemented by a set of practical exercises to provide experience in spotting insecure constructions. Additionally, as implementation quality is often tied to the quality of the source material, we will present a case study on a recent widely implemented threshold signing protocol where ambiguous or unclear presentation in the academic source material has led to multiple critical implementation vulnerabilities.

This workshop is presented by NCC Group Cryptography Services practice in Waterloo, Ontario.

Instructors:

  • Elena Bakos Lang graduated with a Masters' degree in Cryptography at the University of Waterloo in 2019, specializing in security reductions in lattice-based cryptography. She then worked in industry doing research in post-quantum cryptography and was involved with post-quantum standardization efforts at the IETF. She has been a member of the Cryptography Services practice at NCC Group since early 2022, focusing on implementation and design reviews of a variety of cryptographic primitives.
  • Kevin Henry completed a Masters and Ph.D (2015) in Cryptography at the University of Waterloo as a member of the Cryptography, Security, and Privacy (CrySP) lab, where he researched voter-verifiable voting, homomorphic cryptography, distributed consensus, and lightweight security protocols. Following graduation, Kevin worked on the standardization and implementation of privacy-preserving public key infrastructure (PKI) for automotive applications, including the development of a deployment model for a national rollout in Canada. He is currently a member of the Cryptography Services practice at NCC Group in Waterloo, Ontario, where he primarily focuses on high assurance audits of cryptographic software and systems.