ALPACA - Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

Explore the vulnerabilities in TLS authentication through this 44-minute Black Hat conference talk. Delve into the concept of Application Layer Protocol Confusion (ALPACA) and its potential for man-in-the-middle attacks on TLS traffic. Learn how attackers can exploit the lack of binding between TCP connections and intended application layer protocols to redirect TLS traffic to different service endpoints. Gain insights from security researchers Marcus Brinkmann and Juraj Somorovsky as they analyze and discuss mitigation strategies for these cracks in TLS authentication across various protocols such as HTTP, SMTP, IMAP, POP3, and FTP.

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication