On the Practical - In-Security of 64-bit Block Ciphers - Collision Attacks on HTTP over TLS and OpenVPN
Association for Computing Machinery (ACM) via YouTube
Overview
Explore the practical insecurity of 64-bit block ciphers in this conference talk presented at CCS 2016. Delve into collision attacks on HTTP over TLS and OpenVPN, examining the vulnerabilities of block ciphers and modes of operation. Understand the birthday paradox and its implications for security. Analyze communication issues and the impact of these vulnerabilities. Learn about a practical attack scenario involving HTTP authentication tokens and the "Beastly Attack." Investigate the use of 3DES in TLS (HTTPS) and the significance of HTTPS session length. Discover potential countermeasures and compare these attacks with RC4 attacks. Gain valuable insights into the security challenges posed by 64-bit block ciphers and their implications for modern cryptographic protocols.
Syllabus
Choosing a cipher
Block ciphers and Modes of operation
Birthday paradox
Security of modes of operation
Communication issues
Outline
Impact
Towards a practical attack
HTTP authentication tokens
Beastly Attack Scenario
3DES use in TLS (HTTPS)
HTTPS session length
Countermeasures
Comparison with RC4 attacks
Conclusion
Taught by
ACM CCS