|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > From TLS to secure websites: the HTTPS landmine
From TLS to secure websites: the HTTPS landmineAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Laurent Simon. Abstract: TLS , the most ubiquous cryptographic protocol used on the Internet, has received a lot of recent attention from the academic community, motivated by a string of high-impact attacks. This verification effort has led to the discovery of a new complex attack against the protocol on one hand, and to a security proof in the computational model based on a reference implementation that supports a wide range of features used in practice on the other hand. However, despite these efforts, the security of actual websites remains widely undermined by weaknesses at the interface between the TLS library and applications, or in the application protocol itself. For instance, security events at the transport layer, such as improper termination of the connection, or a change of the peer identity during transitions between sessions of the TLS protocol, are typically ignored or mishandled by the application. Similarly, the TLS library delegates some of the most critical security decisions, such as authorization and session cache management, entirely to the applications. Combined with the complex security characteristics of HTTP , this leads to a range of practical, high-impact attacks against even the most secure and scrutinized websites. Bio: Antoine Delignat-Lavaud is a PhD student at Inria Paris under the supervision of Karthikeyan Bhargavan in team Prosecco (Programming Securely with Cryptography). While the original topic of his thesis is Web security, his attempts to model the security of websites against strong attackers have led him to spend over a year working on TLS and the PKI with his colleagues from Inria and Microsoft Research. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsType the title of a new list here Chemical Engineering and Biotechnology Departmental Seminars Health and Welfare Reading Group Special Lecture Series: THE NATURAL COOK: A THEORY OF HUMAN EVOLUTION Cambridge Product Management Network New Directions in the Study of the MindOther talksCANCELLED: The Loxbridge Triangle: Integrating the East-West Arch into the London Mega-region Organoid systems to study the maternal-fetal dialogue of early pregnancy UK 7T travelling-head study: pilot results Translational Science: using biomarkers to guide clinical development in oncology Human Brain Development Modelled in a Dish Summer Cactus & Succulent Show |
Antoine Delignat-Lavaud, Inria Paris, team Prosecco (Programming Securely with Cryptography
Tuesday 09 September 2014, 14:00-15:00