School Work

bh_slides

Description
BH Slides 2014
Categories
Published
of 84
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  The BEAST Wins Again: Why TLS   Keeps Failing to Protect HTTP Antoine Delignat-Lavaud, InriaParis Joint work with K. Bhargavan, C. Fournet, A. Pironti, P.-Y. Strub  INTRODUCTION  Introduction  Cookie Cutter  Virtual Host Confusion  Crossing Origin Boundaries  Shared Reverse Proxies  Triple Handshake  Conclusion  Shared Session Cache  SPDY Connection Pooling  1.Authentication  – Must be talking to the right guy 2.Integrity  – Our messages cannot be tampered 3.Confidentiality  – Messages are only legible to participants 4.Privacy?  – Can’t tell who we are and what we talk about   Why do we need TLS? Active Attacks(MitM)Passive Attacks(Wiretapping)  ã Web attacker  – Controls malicious websites  – User visits honest and malicious sites in parallel  – Web/MitB attacks: CSRF, XSS, Redirection… ã Network attacker  – Captures (passive) and tampers (active) packets What websites expect of TLS Strictly stronger
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks