Nicky Mouha
Dr. Nicky Mouha works as a Contractor at the Computer Security Division of NIST, specializing in the analysis, implementation and standardization of cryptographic algorithms. He discovered vulnerabilities in the cryptographic software of billions of devices: CVE-2019-8741 and CVE-2022-37454. Furthermore, he is the designer of Chaskey, which is a MAC algorithm that is internationally standardized under ISO/IEC 29192-6. He is also the inventor of the MILP and SAT-based techniques that have now become the standard tools to analyze the security of cryptographic algorithms against attacks such as differential and linear cryptanalysis.
Session
In this talk, I will discuss my OpenSSL contributions. My first contribution involves a potentially vulnerable code pattern that is the root cause of CVE-2022-37454, a buffer overflow vulnerability in the "official" SHA-3 implementation (Mouha and Celi, CT-RSA 2023). Jaroslav Lobačevski of GitHub Security Lab found the same pattern in OpenSSL, specifically in its HKDF implementation. (HKDF, which stands for HMAC-based Key Derivation Function, is used in TLS 1.3, the protocol that keeps your browser connection secure.) My second contribution is related to OpenSSL issue #13210 ("Incorrect usage of the HMAC APIs"), which discusses an attack when HMAC_Update() is invoked after HMAC_Final() (Benmocha et al., SAC 2020). It surprised me that the attack is no longer possible since OpenSSL 3.2.0 due to a change in the HMAC API, and I proposed adding a regression test to document the new API behavior.