On the Practical - In-Security of 64-bit Block Ciphers - Collision Attacks on HTTP over TLS and OpenVPN
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore the practical insecurity of 64-bit block ciphers in this conference talk presented at CCS 2016. Delve into collision attacks on HTTP over TLS and OpenVPN, examining the vulnerabilities of block ciphers and modes of operation. Understand the birthday paradox and its implications for security. Analyze communication issues and the impact of these vulnerabilities. Learn about a practical attack scenario involving HTTP authentication tokens and the "Beastly Attack." Investigate the use of 3DES in TLS (HTTPS) and the significance of HTTPS session length. Discover potential countermeasures and compare these attacks with RC4 attacks. Gain valuable insights into the security challenges posed by 64-bit block ciphers and their implications for modern cryptographic protocols.
Syllabus
Choosing a cipher
Block ciphers and Modes of operation
Birthday paradox
Security of modes of operation
Communication issues
Outline
Impact
Towards a practical attack
HTTP authentication tokens
Beastly Attack Scenario
3DES use in TLS (HTTPS)
HTTPS session length
Countermeasures
Comparison with RC4 attacks
Conclusion
Taught by
ACM CCS
Related Courses
Peeling the Onion's User Experience Layer - Examining Naturalistic Use of the Tor BrowserAssociation for Computing Machinery (ACM) via YouTube DeepCorr - Strong Flow Correlation Attacks on Tor Using Deep Learning
Association for Computing Machinery (ACM) via YouTube SandScout - Automatic Detection of Flaws in iOS Sandbox Profiles
Association for Computing Machinery (ACM) via YouTube Game of Decoys - Optimal Decoy Routing Through Game Theory
Association for Computing Machinery (ACM) via YouTube PREDATOR - Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
Association for Computing Machinery (ACM) via YouTube