Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Protecting TLS from Legacy Crypto

TheIACR via YouTube

Overview

Explore the intricacies of protecting Transport Layer Security (TLS) from legacy cryptographic vulnerabilities in this comprehensive Eurocrypt 2016 invited talk. Delve into agile cryptographic protocols, attacks on legacy crypto in TLS, and the TLS protocol overview. Examine protocol agility in TLS and learn about new TLS attacks using miTLS. Investigate anonymous Diffie-Hellman (DHanon) and man-in-the-middle attacks, as well as SIGMA authenticated DH with group negotiation. Analyze the Logjam attack, including MitM group downgrade, pre-computation exploitation, and countermeasures. Study downgrade protection mechanisms in TLS 1.2 and via signatures. Explore SLOTH transcript collision attacks and their vulnerabilities. Discuss Agile AKE security goals, downgrade resilience, and test the new definition. Examine the TLS 1.3 negotiation sub-protocol, group negotiation with retry, and full transcript signatures. Understand how TLS 1.3 prevents version downgrades and achieves downgrade resilience. Conclude with final thoughts on protecting TLS from legacy cryptographic vulnerabilities.

Syllabus

Intro
Agile Cryptographic Protocols
Attacks on Legacy Crypto in TLS
TLS protocol overview
Protocol Agility in TLS
Example Protocol Instance
miTLS: New TLS Attacks
Anonymous Diffie-Hellman (DHanon)
Man-in-the-Middle attack on DH anon
SIGMA: Authenticated DH
SIGMA with Group Negotiation
Logjam: MitM Group Downgrade Attack
Downgrade Protection in TLS 1.2
Logjam: Exploiting Pre-Computation
Logjam: Impact and Countermeasures
SIGMA with Generic Negotiation
Downgrade Protection via Signatures
SLOTH: Transcript Collision Attacks
Computing a Transcript Collision
Chosen-Prefix Transcript Collisions
Other SLOTH Vulnerabilities
AKEs with Parameter Negotiation
Agile AKE Security Goals
Agile Agreement vs. Downgrades
A New Downgrade Resilience Goal
Testing the Definition
TLS 1.3 Negotiation Sub-Protocol
Group Negotiation with Retry
Full Transcript Signatures
Preventing Version Downgrade
TLS 1.3 is Downgrade Resilient
Final Thoughts

Taught by

TheIACR

Reviews

Start your review of Protecting TLS from Legacy Crypto

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.