NorthSec 2021

Ben Gardiner

Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including GENIVI security sessions, Hack in Paris, HackFest and DEF CON.

The speaker's profile picture

Twitter account (full URL)

https://twitter.com/benlgardiner

GitHub account (full URL)

https://github.com/bengardiner


Sessions

05-21
17:40
30min
Just Add More LEDs: NSec 2018 and 2019 Badge Mods
Ben Gardiner

Here's what you can do with a hardware badge once a con is over besides just hanging it up on the lanyard. Specifically, how to modify the Nsec 2018 'Sputnik' and 2019 'Brain' badges for off-board LED strips. e.g. as a monitor backlight, or just BLINKEN LIGHTS! With a bonus of how to do a hardware-port of a 503 party badge to the nsec 2018 badge.

Hardware
Main stream
05-20
14:00
180min
How Crypto Gets Broken (by you)
Ben Gardiner

This is an introduction to crypto: building blocks, protocols and attacks on them. We cover: encoding vs encryption, hashes, ‘classic’ crypto, stream ciphers, block ciphers, symmetric crypto, asymmetric crypto, has attacks, classic crypto attacks, stream cipher attack, block cipher attack models, ECB attacks, crypto protocols, digital signatures, message authentication code, nonces, simple authentication, challenge response, simple authentication attacks (key collisions, key extraction and extension, replay, valet, bad counter resync), MAC attacks, digital signature attacks, pubkey substitution, challenge response attacks (middleperson attack, UDS style seed-key predictions), WPA2 password cracking, WPA2 key reinstallation, WPA2 key nulling, TLS/SSL middleperson attacks, SWEET32, DROWN, logjam, POODLE, UDS seed-key exchange attacks (reverse key algorithm, lift key algorithm, solve for unknowns, retry-retry-retry, brute force, glitch past).

Vulnerability research
Workshops2
05-21
18:35
30min
Hardware
Ben Gardiner, Marc-andre Labonte, Eric Evenchick, Geneviève Lajeunesse (denki)

Q&A and discussion for the hardware block, hosted and moderated by Geneviève Lajeunesse. Questions will be gathered from the audience during the four prior talks.

Hardware
Main stream