Episode 19: Cross-Protocol Attacks on TLS with ALPACA!
Cryptography FM12 Heinä 2021

Episode 19: Cross-Protocol Attacks on TLS with ALPACA!

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Marcus Brinkmann and Robert Merget.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(24)

Episode‌ ‌8:‌ ‌Breaking‌ ‌Elliptic-Curve‌ ‌Signatures‌ ‌With‌ ‌LadderLeak!‌

Episode‌ ‌8:‌ ‌Breaking‌ ‌Elliptic-Curve‌ ‌Signatures‌ ‌With‌ ‌LadderLeak!‌

Elliptic-curve signatures have become a highly used cryptographic primitive in secure messaging, TLS as well as in cryptocurrencies due to their high speed benefits over more traditional signature sch...

17 Marras 202042min

Episode 7: Scaling Up Secure Messaging to Large Groups With MLS!

Episode 7: Scaling Up Secure Messaging to Large Groups With MLS!

Secure messaging protocols like Signal have succeeded at making end-to-end encryption the norm in messaging more generally. Whether you’re using WhatsApp, Wire, Facebook Messenger’s Secret Chat featur...

10 Marras 202045min

Episode 6: Proving the Existence of Vulnerabilities With Zero-Knowledge Proofs!

Episode 6: Proving the Existence of Vulnerabilities With Zero-Knowledge Proofs!

Zero-knowledge proofs have been a notorious research target ever since Zcash and other cryptocurrencies have invented lots of new use cases for them. Range proofs, bullet proofs, you name it – all kin...

3 Marras 202041min

Episode 5: Isogeny-based Cryptography for Dummies!

Episode 5: Isogeny-based Cryptography for Dummies!

The NIST post-quantum competition has started a race for post-quantum cryptography. As a result, we’ve seen a great deal of research into alternative hard mathematical problems to use as a basis for p...

27 Loka 202048min

Episode 4: Formally Verifying Your Taxes With Catala!

Episode 4: Formally Verifying Your Taxes With Catala!

Anyone who’s looked at the French civil code -- or, God forbid, the French tax code -- will tell you that it takes more than a mere human mind to decipher its meaning, given how it’s been growing and ...

20 Loka 202043min

Episode 3: BLAKE3, A Parallelizable Hash Function Using Merkle Trees!

Episode 3: BLAKE3, A Parallelizable Hash Function Using Merkle Trees!

Ever since its introduction in 2012, the BLAKE hash function has been reputed for achieving performance matching and even exceeding MD5 while still maintaining a high security margin. While the origi...

13 Loka 202045min

Episode 2: Breaking Lightweight Symmetric Cryptography!

Episode 2: Breaking Lightweight Symmetric Cryptography!

Aside from working on a competition for standardizing post-quantum primitives, the United States National Institute of Standards and Technology, or NIST, has also organized a lightweight cryptography ...

6 Loka 202034min

Episode 1: Post-Quantum TLS With KEMs Instead of Signatures!

Episode 1: Post-Quantum TLS With KEMs Instead of Signatures!

TLS 1.3 has been widely praised as a major upgrade to the Transport Layer Security protocol responsible for securing the majority of Web traffic. But one area in which TLS 1.3 seems to be lacking is i...

29 Syys 202035min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
rss-vaalirankkurit-podcast
tervo-halme
otetaan-yhdet
rss-podme-livebox
viisupodi
et-sa-noin-voi-sanoo-esittaa
rss-pinnalla
rss-asiastudio
rss-girls-finish-f1rst
linda-maria
rss-raha-talous-ja-politiikka
rss-ulkopoditiikkaa
rikosmyytit
the-ulkopolitist
rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit