University of Birmingham > Talks@bham > Computer Security Seminars >  ECC-based bug attacks on OpenSSL: a retrospective

ECC-based bug attacks on OpenSSL: a retrospective

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Matthijs Melissen.

In 2012, we published work that leveraged a bug within the OpenSSL 0.9.8g implementation of ECC to recover the server ECDH key. This was predominantly of academic interest, since the bug was quickly fixed in the next release. However, there is obviously a much wider reliance on OpenSSL, and various events before and after have more compellingly illustrated how fragile it, and surrounding standards and systems, are: beyond obvious examples brought to light by Snowden, vulnerabilities such as Heartbleed, CCS and Lucky13 have continued to emerge (arguably due to a more active emphasis on audit of OpenSSL).

The goal of this talk will be to (re)introduce our attack, examine it in the context of what has happened since, and highlight various directions being explored (elsewhere) to address underlying issues.

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on talks.cam from the University of Cambridge.