A Messy State of the Union - Taming the Composite State Machines of TLS
Offered By: IEEE via YouTube
Course Description
Overview
Explore a comprehensive analysis of the Transport Layer Security (TLS) protocol's composite state machines in this IEEE conference talk. Delve into the challenges of designing robust state machines that correctly handle various protocol versions, extensions, authentication modes, and key exchange methods. Discover critical security vulnerabilities uncovered through systematic testing of popular open-source TLS implementations, including the FREAK flaw. Learn about the importance of formal verification for cryptographic protocol libraries and examine the first verified implementation of a composite TLS state machine in C. Gain insights into the complexities of TLS protocol design, the impact of state machine bugs, and the need for improved cryptographic protocol testing.
Syllabus
Intro
Agile Cryptographic Protocols
Transport Layer Security (1994)
TLS protocol overview
RSA Key Transport
(EC)DHE Key Exchange
Composing Key Exchanges
TLS State Machine
OpenSSL State Machine
Fuzzing TLS
Culprit: Underspecified State Machine
Composing with Optional Messages
SKIP: Server Impersonation with DHE
Export-Grade RSA in TLS
FREAK: Downgrade to RSA EXPORT
FREAK: Exploit and Impact
A Verified State Machine for OpenSSL
Conclusions Cryptographic protocol testing needs work
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
An Introduction to Computer NetworksStanford University via Independent Computer Networks
University of Washington via Coursera Computer Networking
Georgia Institute of Technology via Udacity Cybersecurity and Its Ten Domains
University System of Georgia via Coursera Model Building and Validation
AT&T via Udacity