![]() |
![]() |
University of Birmingham > Talks@bham > Computer Security Seminars > ECC-based bug attacks on OpenSSL: a retrospective
ECC-based bug attacks on OpenSSL: a retrospectiveAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Matthijs Melissen. In 2012, we published work that leveraged a bug within the OpenSSL 0.9.8g implementation of ECC to recover the server ECDH key. This was predominantly of academic interest, since the bug was quickly fixed in the next release. However, there is obviously a much wider reliance on OpenSSL, and various events before and after have more compellingly illustrated how fragile it, and surrounding standards and systems, are: beyond obvious examples brought to light by Snowden, vulnerabilities such as Heartbleed, CCS and Lucky13 have continued to emerge (arguably due to a more active emphasis on audit of OpenSSL). The goal of this talk will be to (re)introduce our attack, examine it in the context of what has happened since, and highlight various directions being explored (elsewhere) to address underlying issues. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsSERENE Group Seminar Series Computer Science Distinguished Seminar Computer Security SeminarsOther talksProvably Convergent Plug-and-Play Quasi-Newton Methods for Imaging Inverse Problems Sylow branching coefficients for symmetric groups TBC Ultrafast, all-optical, and highly efficient imaging of molecular chirality TBC Quantum simulations using ultra cold ytterbium |