Protecting Firefox Data with Content Signatures
Offered By: USENIX Enigma Conference via YouTube
Course Description
Overview
Explore a 19-minute conference talk from USENIX Enigma 2018 featuring Julien Vehent, Firefox Operations Security Lead at Mozilla, discussing the implementation of content signatures to protect Firefox data integrity. Delve into the challenges of securing data transmission between web services and Firefox, including the risks posed by transport intermediaries and potential web server compromises. Learn about the new signing protocol integrated into Firefox, designed to safeguard data exchanged between Mozilla and millions of Firefox installations worldwide. Discover key topics such as updating Firefox, industry best practices for HTTPS, internal Firefox PKI, content signature delivery and verification, operational security, and implementation complexities. Gain insights into specific issues like HTTPS interception, certificate validity checks, measuring validation failures, and emergency revocations.
Syllabus
Intro
Updating Firefox Updates
Updates Security
Serving data through web APIs Industry best practice: HTTPS and trust the backend. That has two problems
HTTPS Interception . 4% of Firefox Updates are being intercepted
Compromise of web API
Internal Firefox PKI
Delivering Content Signatures
Verifying Content Signatures
Operational Security
Some interesting problems
Checking certificate validity . Signature verification fails when client clock
Measuring validation failures . Firefox drops the data when the signature does not validate
Emergency revocations
Implementation complexity
Taught by
USENIX Enigma Conference
Related Courses
Managing Devices using Enterprise Mobility SuiteMicrosoft via edX Firebase Essentials For Android
Google via Udacity Research Data Management and Sharing
The University of North Carolina at Chapel Hill via Coursera SAP HANA CLOUD PLATFORM の重要事項
SAP Learning Windows 10 pour l'entreprise
Microsoft Virtual Academy via OpenClassrooms