The Identity Ecosystem
This paper is about how you can make your Security Operation Center more efficient and give your bored-out analysts more purpose, by making a small change to your security monitoring process. With a potential huge change in your workflow, and improved results.
The Sorry State of TLS Security in Enterprise Interception Appliances
Athough side-channel attacks appeared almost two decades ago, they remain very little discussed by security professionals outside the academia, or very specific sectors (e.g. smartcard industry, governments). However, with the increasing generalisation of IoT systems, they are a threat that can no longer be ignored by the operational world. This work aims to demonstrate that side-channel attacks can be practically achieved by an attacker, with reasonable means, effort, knowledge, and time. For this purpose, the contribution of this work is twofold. First, it is shown how a side-channe attack setup exploiting power leakages through electro-magnetic radiations, and making use of general-purpose and affordable equipment can be built. The acquisition of attack power traces is made thanks to a Red Pitaya STEMlab platform coupled with a home-built radio front-end. Second, it is shown how an attack can be conducted against targets that are representative of IoT devices: 8-bit and 32-bit Arduino boards.