University of Cambridge > > Isaac Newton Institute Seminar Series > A long answer to the simple question, "Is TLS provably secure?"

A long answer to the simple question, "Is TLS provably secure?"

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Mustapha Amrani.

TLS is perhaps the Internet’s most widely used security protocol, and at its heart is a subprotocol for providing data privacy and integrity, called the TLS Record Protocol. Is the TLS Record Protocol provably secure? A series of papers starting in 2000 delivered the answers (roughly): no, not for all possible underlying encryption schemes; yes, for some of the specific encryption schemes that TLS uses, but only under some impractical assumptions; yes, under less restrictive assumptions, but for a definition of “secure” that is hard to understand; yes, as long as your integrity-providing “tag” isn’t too short. We’ll explore this line of papers, as well as some interesting attacks that helped to guide the provable-security results. In the end, we’ll argue that the answer is still “it depends on how you use it” by discussing new results on using secure authenticated encryption (e.g. TLS ) as a tunnel between a user and a proxy, through which webpages are requested and downloaded. We’ll see that it is surprisingly easy to determine which webpage was visited, even in the presence of some sophisticated efforts to fragment and pad the webpage data prior to entering the provably-secure encryption tunnel.

This talk is part of the Isaac Newton Institute Seminar Series series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2018, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity