BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Protecting encrypted cookies from compression side-channel attacks
  - Douglas Stebila\, Queensland University of Technology
DTSTART:20150218T120000Z
DTEND:20150218T130000Z
UID:TALK58108@talks.cam.ac.uk
CONTACT:Microsoft Research Cambridge Talks Admins
DESCRIPTION:Compression is desirable for network applications as it saves 
 bandwidth\; however\, when data is compressed before being encrypted\, the
  amount of compression leaks information about the amount of redundancy in
  the plaintext.  This side channel has led to successful CRIME and BREACH 
 attacks on web traffic protected by the Transport Layer Security (TLS) pro
 tocol.  The general guidance in light of these attacks has been to disable
  compression\, preserving confidentiality but sacrificing bandwidth.  In t
 his paper\, we examine two techniques---heuristic separation of secrets an
 d fixed-dictionary compression---for enabling compression while protecting
  high-value secrets\, such as cookies\, from attack.  We model the securit
 y offered by these techniques and report on the amount of compressibility 
 that they can achieve.\n\nJoint work with Janaka Alawatugoda (QUT) and Col
 in Boyd (NTNU).\n
LOCATION:Small Lecture Theatre\, Microsoft Research Ltd\, 21 Station Road\
 , Cambridge\, CB1 2FB
END:VEVENT
END:VCALENDAR