Abstract

Abstract: TLS , the most ubiquous cryptographic protocol used on the Internet, has received a lot of recent attention from the academic community, motivated by a string of high-impact attacks. This verification effort has led to the discovery of a new complex attack against the protocol on one hand, and to a security proof in the computational model based on a reference implementation that supports a wide range of features used in practice on the other hand.

However, despite these efforts, the security of actual websites remains widely undermined by weaknesses at the interface between the TLS library and applications, or in the application protocol itself. For instance, security events at the transport layer, such as improper termination of the connection, or a change of the peer identity during transitions between sessions of the TLS protocol, are typically ignored or mishandled by the application. Similarly, the TLS library delegates some of the most critical security decisions, such as authorization and session cache management, entirely to the applications. Combined with the complex security characteristics of HTTP , this leads to a range of practical, high-impact attacks against even the most secure and scrutinized websites.

Bio: Antoine Delignat-Lavaud is a PhD student at Inria Paris under the supervision of Karthikeyan Bhargavan in team Prosecco (Programming Securely with Cryptography). While the original topic of his thesis is Web security, his attempts to model the security of websites against strong attackers have led him to spend over a year working on TLS and the PKI with his colleagues from Inria and Microsoft Research.