BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Talks.cam//talks.cam.ac.uk// X-WR-CALNAME:Talks.cam BEGIN:VEVENT SUMMARY:From TLS to secure websites: the HTTPS landmine - Antoine Delignat -Lavaud\, Inria Paris\, team Prosecco (Programming Securely with Cryptogra phy DTSTART:20140909T130000Z DTEND:20140909T140000Z UID:TALK53857@talks.cam.ac.uk CONTACT:Laurent Simon DESCRIPTION:*Abstract:*\nTLS\, the most ubiquous cryptographic protocol us ed on the Internet\, has received a lot of recent attention from the acade mic community\, motivated by a string of high-impact attacks. This verific ation effort has led to the discovery of a new complex attack against the protocol on one hand\, and to a security proof in the computational model based on a reference implementation that supports a wide range of features used in practice on the other hand.\n\nHowever\, despite these efforts\, the security of actual websites remains widely undermined by weaknesses at the interface between the TLS library and applications\, or in the applic ation protocol itself. For instance\, security events at the transport lay er\, such as improper termination of the connection\, or a change of the p eer identity during transitions between sessions of the TLS protocol\, are typically ignored or mishandled by the application. Similarly\, the TLS l ibrary delegates some of the most critical security decisions\, such as au thorization and session cache management\, entirely to the applications. C ombined with the complex security characteristics of HTTP\, this leads to a range of practical\, high-impact attacks against even the most secure an d scrutinized websites.\n\n*Bio:*\nAntoine Delignat-Lavaud is a PhD studen t at Inria Paris under the supervision of Karthikeyan Bhargavan in team Pr osecco (Programming Securely with Cryptography). While the original topic of his thesis is Web security\, his attempts to model the security of webs ites against strong attackers have led him to spend over a year working on TLS and the PKI with his colleagues from Inria and Microsoft Research. LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building END:VEVENT END:VCALENDAR