Alicja Kario
Alicja is a quality engineer specialised in cryptography at Red Hat. She is the quality team lead responsible for handling core cryptographic packages in Red Hat Enterprise Linux: OpenSSL, Mozilla NSS, GnuTLS, OpenSSH, libreswan, and others. With over 15 years of experience in the cryptography area she has contributed to or co-authored multiple IETF RFCs and found multiple security vulnerabilities, most impactful one being the Marvin Attack.
Session
Side-channel attacks are a common threat to cryptographic implementations. Unfortunately, most available tooling to combat this problem has limited usability, especially in black-box testing scenarios. In this talk I will talk about how by performing the testing using statistical best practices we were able to find multiple leaking implementations of cryptographic algorithms in OpenSSL. I'll also talk about how we're applying the lessons learned from testing RSA and ECDSA to testing post-quantum cryptography like ML-KEM.