Post-quantum cryptographic (PQC) algorithms are being integrated into firmware, bootloaders, and other embedded systems as a replacement for RSA and ECC. While these schemes are designed to resist quantum attacks, their implementations remain vulnerable to classical fault injection techniques. This talk presents practical voltage fault injection attacks on three major PQC signature schemes: Dilithium, XMSS, and SPHINCS+. By targeting signature verification logic — including challenge generation, bit shifts, and checksum validation — we demonstrate how to forge valid signatures without breaking the underlying cryptographic primitives. All attacks are performed on real microcontroller hardware using open-source PQC libraries running on bare metal. We also show how shared components like WOTS+ introduce common vulnerabilities across XMSS and SPHINCS+, exposing a broader attack surface. This work highlights how fault injection continues to be effective, even against modern cryptography, and the ever-present need for effective countermeasures for implementation-level threats. By: Fikret Garipay | Security Engineer, Keysight Device Security Testing Presentation Materials Available at: https://ift.tt/nelXRIS
source https://www.youtube.com/watch?v=JS30uepSuMo
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment