Overview
Syllabus
Intro
Agile Cryptographic Protocols
Attacks on Legacy Crypto in TLS
TLS protocol overview
Protocol Agility in TLS
Example Protocol Instance
miTLS: New TLS Attacks
Anonymous Diffie-Hellman (DHanon)
Man-in-the-Middle attack on DH anon
SIGMA: Authenticated DH
SIGMA with Group Negotiation
Logjam: MitM Group Downgrade Attack
Downgrade Protection in TLS 1.2
Logjam: Exploiting Pre-Computation
Logjam: Impact and Countermeasures
SIGMA with Generic Negotiation
Downgrade Protection via Signatures
SLOTH: Transcript Collision Attacks
Computing a Transcript Collision
Chosen-Prefix Transcript Collisions
Other SLOTH Vulnerabilities
AKEs with Parameter Negotiation
Agile AKE Security Goals
Agile Agreement vs. Downgrades
A New Downgrade Resilience Goal
Testing the Definition
TLS 1.3 Negotiation Sub-Protocol
Group Negotiation with Retry
Full Transcript Signatures
Preventing Version Downgrade
TLS 1.3 is Downgrade Resilient
Final Thoughts
Taught by
TheIACR