Episode 19: Cross-Protocol Attacks on TLS with ALPACA!
Cryptography FM12 Jul 2021

Episode 19: Cross-Protocol Attacks on TLS with ALPACA!

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Marcus Brinkmann and Robert Merget.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(24)

Episode‌ ‌8:‌ ‌Breaking‌ ‌Elliptic-Curve‌ ‌Signatures‌ ‌With‌ ‌LadderLeak!‌

Episode‌ ‌8:‌ ‌Breaking‌ ‌Elliptic-Curve‌ ‌Signatures‌ ‌With‌ ‌LadderLeak!‌

Elliptic-curve signatures have become a highly used cryptographic primitive in secure messaging, TLS as well as in cryptocurrencies due to their high speed benefits over more traditional signature sch...

17 Nov 202042min

Episode 7: Scaling Up Secure Messaging to Large Groups With MLS!

Episode 7: Scaling Up Secure Messaging to Large Groups With MLS!

Secure messaging protocols like Signal have succeeded at making end-to-end encryption the norm in messaging more generally. Whether you’re using WhatsApp, Wire, Facebook Messenger’s Secret Chat featur...

10 Nov 202045min

Episode 6: Proving the Existence of Vulnerabilities With Zero-Knowledge Proofs!

Episode 6: Proving the Existence of Vulnerabilities With Zero-Knowledge Proofs!

Zero-knowledge proofs have been a notorious research target ever since Zcash and other cryptocurrencies have invented lots of new use cases for them. Range proofs, bullet proofs, you name it – all kin...

3 Nov 202041min

Episode 5: Isogeny-based Cryptography for Dummies!

Episode 5: Isogeny-based Cryptography for Dummies!

The NIST post-quantum competition has started a race for post-quantum cryptography. As a result, we’ve seen a great deal of research into alternative hard mathematical problems to use as a basis for p...

27 Okt 202048min

Episode 4: Formally Verifying Your Taxes With Catala!

Episode 4: Formally Verifying Your Taxes With Catala!

Anyone who’s looked at the French civil code -- or, God forbid, the French tax code -- will tell you that it takes more than a mere human mind to decipher its meaning, given how it’s been growing and ...

20 Okt 202043min

Episode 3: BLAKE3, A Parallelizable Hash Function Using Merkle Trees!

Episode 3: BLAKE3, A Parallelizable Hash Function Using Merkle Trees!

Ever since its introduction in 2012, the BLAKE hash function has been reputed for achieving performance matching and even exceeding MD5 while still maintaining a high security margin. While the origi...

13 Okt 202045min

Episode 2: Breaking Lightweight Symmetric Cryptography!

Episode 2: Breaking Lightweight Symmetric Cryptography!

Aside from working on a competition for standardizing post-quantum primitives, the United States National Institute of Standards and Technology, or NIST, has also organized a lightweight cryptography ...

6 Okt 202034min

Episode 1: Post-Quantum TLS With KEMs Instead of Signatures!

Episode 1: Post-Quantum TLS With KEMs Instead of Signatures!

TLS 1.3 has been widely praised as a major upgrade to the Transport Layer Security protocol responsible for securing the majority of Web traffic. But one area in which TLS 1.3 seems to be lacking is i...

29 Sep 202035min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
fotballpodden-2
nokon-ma-ga
stopp-verden
rss-espen-lee-usensurert
rss-gukild-johaug
det-store-bildet
dine-penger-pengeradet
lydartikler-fra-aftenposten
hanna-de-heldige
rss-ness
aftenbla-bla
rss-dannet-uten-piano
chit-chat-med-helle
rss-penger-polser-og-politikk
e24-podden