A summary of recent TLS attacks and their impact on future research directions

Add to your list(s) Download to your calendar using vCal

• Juraj Somorovsky (Bochum)
• Thursday 26 April 2018, 11:00-12:00
• Computer Science, The Sloman Lounge (UG).

If you have a question about this talk, please contact Dr Garfield Benjamin.

Transport Layer Security (TLS) is arguably the most important cryptographic protocol. It is used to secure the connection to websites, web services, or to create Virtual Private Networks. However, the complexity of TLS led to various design as well as implementation failures. In the last few years, we saw many TLS attacks with fancy names like FREAK , DROWN, or Heartbleed.

In this presentation we first give an overview of some well-known TLS attacks. We highlight the problems developers have to face when evaluating the security of TLS libraries. Afterwards, we present TLS -Attacker – our open-source framework for flexible analysis of TLS . TLS -Attacker can be used to easily develop new attacks or detect invalid library behaviour. We use TLS -Attacker in different research projects, for example, TLS fingerprinting, TLS fuzzing, or performing IPv4 scans.

This talk is part of the Computer Security Seminars series.

This talk is included in these lists:

• Computer Science Departmental Series
• Computer Science Distinguished Seminars
• Computer Science, The Sloman Lounge (UG)
• Computer Security Seminars
• computer sience

Note that ex-directory lists are not shown.