YoVDO

On the Practical - In-Security of 64-bit Block Ciphers - Collision Attacks on HTTP over TLS and OpenVPN

Offered By: Association for Computing Machinery (ACM) via YouTube

Tags

ACM CCS (Computer and Communications Security) Courses Cryptography Courses Network Security Courses Block Ciphers Courses TLS Courses OpenVPN Courses Collision Attacks Courses

Course Description

Overview

Explore the practical insecurity of 64-bit block ciphers in this conference talk presented at CCS 2016. Delve into collision attacks on HTTP over TLS and OpenVPN, examining the vulnerabilities of block ciphers and modes of operation. Understand the birthday paradox and its implications for security. Analyze communication issues and the impact of these vulnerabilities. Learn about a practical attack scenario involving HTTP authentication tokens and the "Beastly Attack." Investigate the use of 3DES in TLS (HTTPS) and the significance of HTTPS session length. Discover potential countermeasures and compare these attacks with RC4 attacks. Gain valuable insights into the security challenges posed by 64-bit block ciphers and their implications for modern cryptographic protocols.

Syllabus

Choosing a cipher
Block ciphers and Modes of operation
Birthday paradox
Security of modes of operation
Communication issues
Outline
Impact
Towards a practical attack
HTTP authentication tokens
Beastly Attack Scenario
3DES use in TLS (HTTPS)
HTTPS session length
Countermeasures
Comparison with RC4 attacks
Conclusion


Taught by

ACM CCS

Related Courses

Developing APIs with Google Cloud's Apigee API Platform
Google Cloud via Coursera Play by Play: Authenticating External App and Service Integrations with Salesforce
Pluralsight Introduction to Application Security Course (How To)
Treehouse API Security on Google Cloud's Apigee API Platform
Pluralsight Analyzing Network Protocols with Wireshark
Pluralsight