![]() |
![]() |
University of Birmingham > Talks@bham > Computer Security Seminars > ECC-based bug attacks on OpenSSL: a retrospective
ECC-based bug attacks on OpenSSL: a retrospectiveAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Matthijs Melissen. In 2012, we published work that leveraged a bug within the OpenSSL 0.9.8g implementation of ECC to recover the server ECDH key. This was predominantly of academic interest, since the bug was quickly fixed in the next release. However, there is obviously a much wider reliance on OpenSSL, and various events before and after have more compellingly illustrated how fragile it, and surrounding standards and systems, are: beyond obvious examples brought to light by Snowden, vulnerabilities such as Heartbleed, CCS and Lucky13 have continued to emerge (arguably due to a more active emphasis on audit of OpenSSL). The goal of this talk will be to (re)introduce our attack, examine it in the context of what has happened since, and highlight various directions being explored (elsewhere) to address underlying issues. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsTheoretical Physics Journal Club and Group Meeting Type the title of a new list here Particle Physics SeminarsOther talksLet there be light: Illuminating neutron star mergers with radiative transfer simulations Width parameters and the maximum independent set problem Life : it’s out there, but what and why ? Control variates for computing transport coefficients Wave turbulence in the Schrödinger-Helmholtz equation TBA |