VaultBoot: Next-Gen Firmware Security

Background

Firmware is a special type of software, mainly used for the control and communication of the underlying hardware. The scope of firmware is too broad, different areas of firmware involved in security issues vary greatly. This article only discusses the firmware running on general computer, such as servers, notebooks and desktops.

The current problem

UEFI is still the mainstream firmware solution at the moment. There are several problems...

VaultFuzzer: A state-based approach for Linux kernel

VaultFuzzer: A state-based approach for Linux kernel

Vault Labs, HardenedVault Limited

Background

Since the beginning of computer software development, software quality has become an inevitable issue in the field of software testing. In order to more efficiently identify software defects (commonly known as bugs), Fuzzer (fuzz testing tool) appeared, but objectives of the usage of a fuzzer in different areas are different:

  • QA-oriented fuzz testing, i.e. detect...

What every CISO and security engineer should know about Intel CSME

What every CISO and security engineer should know about Intel CSME

Vault Labs, HardenedVault Limited

Background

The majority of infosec community are trying to ignore the risks below the OS in past decades but it’s impossible to bury all of them at low cost today. In other words, the time has changed. U.S government issued Executive Order (EO 14028) on Improving the Nation’s Cybersecurity to address multiple important issues. SBOM (Software Bill...

VaultHSM report: The way to confirm whether the Smart Card (J3H145) supports RFC-6979 ECDSA implementation

VaultHSM report: The way to confirm whether the Smart Card (J3H145) supports RFC-6979 ECDSA implementation

Vault Labs, HardenedVault Limited

Background

The original implementation of DSA-type signature algorithm (including ECDSA) needs a random number which belongs to the same mathematical object of the private key (an element of GF(p), in which p is a prime number). This random number should also have these three property below:

1. Randomness: It should be...
        

Public crypto audit report: lurch/OMEMO

lurch/OMEMO Security Assessment

Crypto is a neutral technology just like the natural existence (“For he makes his sun rise on the evil and on the good, and sends rain on the just and on the unjust.” – Matt 5:45) but it’s the crucial part to protect your privacy. Crypto is hard and the crypto audit is harder. Hope this public report can help the FOSS (Free and Open source) crypto community take the design...

Vault1317 protocol: a modern approach for metadata protection with deniability

vault1317/signal-dakez: An authenticated key exchange protocol with a public key concealing and a participation deniability designed for secure messaging

Richard B. Riddick

Vault Labs, Butcher Bay

[email protected]

Abstract

A deniable authenticated key exchange can establish a secure communication channel while leaving no cryptographic evidence of communication. Some well-designed protocol today, even in the case of betrayal by some participants and disclosure of long-term key materials, cannot leave any cryptographic evidence. However, this...

HardenedVault White paper

This is the way to build your own “Cyber Bunker”