Episode 19: Cross-Protocol Attacks on TLS with ALPACA!
Nadim discusses a new line of cross-protocol attacks on TLS with
Marcus Brinkmann and Robert Merget, made possible via the new
ALPACA Attack, research published this year at the USENIX Security
Symposium.
42 Minuten
Podcast
Podcaster
In-depth, substantive discussions on the latest news and research in applied cryptography.
Beschreibung
vor 4 Jahren
TLS is an internet standard to secure the communication between
servers and clients on the internet, for example that of web
servers, FTP servers, and Email servers. This is possible because
TLS was designed to be application layer independent, which allows
its use in many diverse communication protocols. ALPACA is an
application layer protocol content confusion attack, exploiting TLS
servers implementing different protocols but using compatible
certificates, such as multi-domain or wildcard certificates.
Attackers can redirect traffic from one subdomain to another,
resulting in a valid TLS session. This breaks the authentication of
TLS and cross-protocol attacks may be possible where the behavior
of one protocol service may compromise the other at the application
layer. Links and papers discussed in the show: * ALPACA Attack
Website (https://alpaca-attack.com/) Music composed by Toby Fox and
performed by Sean Schafianski
(https://seanschafianski.bandcamp.com/). Special Guests: Marcus
Brinkmann and Robert Merget.
servers and clients on the internet, for example that of web
servers, FTP servers, and Email servers. This is possible because
TLS was designed to be application layer independent, which allows
its use in many diverse communication protocols. ALPACA is an
application layer protocol content confusion attack, exploiting TLS
servers implementing different protocols but using compatible
certificates, such as multi-domain or wildcard certificates.
Attackers can redirect traffic from one subdomain to another,
resulting in a valid TLS session. This breaks the authentication of
TLS and cross-protocol attacks may be possible where the behavior
of one protocol service may compromise the other at the application
layer. Links and papers discussed in the show: * ALPACA Attack
Website (https://alpaca-attack.com/) Music composed by Toby Fox and
performed by Sean Schafianski
(https://seanschafianski.bandcamp.com/). Special Guests: Marcus
Brinkmann and Robert Merget.
Weitere Episoden
49 Minuten
vor 2 Jahren
53 Minuten
vor 2 Jahren
52 Minuten
vor 2 Jahren
47 Minuten
vor 4 Jahren
43 Minuten
vor 4 Jahren
In Podcasts werben
Kommentare (0)