|![[Search]](http://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](http://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](http://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](http://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](http://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Microsoft Research Cambridge, public talks > Protecting encrypted cookies from compression side-channel attacks
Protecting encrypted cookies from compression side-channel attacksAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins. This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques—-heuristic separation of secrets and fixed-dictionary compression—-for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve. Joint work with Janaka Alawatugoda (QUT) and Colin Boyd (NTNU). This talk is part of the Microsoft Research Cambridge, public talks series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsCambridge AWiSE Next Genration Biophysics; Friday 8th November 2019 Computer Laboratory Automated Reasoning Group Lunches Rouse Ball Lectures Operations Group Seminar Series ARClub TalksOther talksValue generalization during human avoidance learning Fukushima and the Law Why does cardiac function deteriorate in heart failure and how does phosphodiesterase 5 inhibition help? Systems for Big Data Applications: Revolutionising personal computing Animal Migration |
Douglas Stebila, Queensland University of Technology
Wednesday 18 February 2015, 12:00-13:00