TLS is by far the most important cryptographic protocol in use today. In recent years TLS received much more attention from security researchers. Implementation errors like Heartbleed and protocol bugs like BEAST, Lucky Thirteen, DROWN and many more have made headlines.
Faulty implementations can enable attacks. In some cases they can even be a security risk for uninvolved third parties and endanger the whole TLS ecosystem. Especially so-called Enterprise devices that have their own TLS stack are often a reason for concern.
The speaker will give an overview of implementation errors that happened in various TLS stacks and will shed light on this underappreciated problem.
Slides: https://www.int21.de/slides/bornhack2016-tls/
Speakers for TLS attacks and the burden of faulty TLS implementations:
Metadata for TLS attacks and the burden of faulty TLS implementations
To be recorded: YesURLs for TLS attacks and the burden of faulty TLS implementations
Recording: https://www.youtube.com/watch?v=D2VnA7ZoWcE
Schedule for TLS attacks and the burden of faulty TLS implementations
- Thursday, Sep 1st, 2016, 14:00 (CEST) - Thursday, Sep 1st, 2016, 15:00 (CEST) at Speakers Tent