Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

USENIX via YouTube

Overview

Explore a comprehensive conference talk on the detection and classification of TLS padding oracle vulnerabilities in modern Internet implementations. Delve into the innovative three-step scanning methodology used to identify vulnerabilities in 1.83% of Alexa Top Million websites. Learn about the creation of probes, reduction techniques for large-scale scanning, and clustering of findings using graph drawing algorithms. Discover how CBC padding oracle attacks can be exploited without precise timing measurements, posing a greater threat than previously assumed. Gain insights into TLS protocol security, CBC encryption, padding oracles, and vulnerability identification techniques. Understand the implications of these findings for Internet security and the importance of addressing obsolete cryptographic algorithms in currently-deployed TLS versions.

Syllabus

Intro
Transport Layer Security (TLS)
TLS Cipher Suites
TLS Encryption (CBC)
CBC Mode Decryption
CBC Malleability
Padding Oracles in TLS
Insecure Server
TLS Padding Oracle History
Padding Oracles in the Wild
Malformed Message Design
Prescanning Results
Vulnerability Identification
Example Fingerprint
Contributions
Conclusion

Taught by

USENIX

Reviews

Start your review of Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.