Abstract

Web security relies on cryptographic protocols: distributed programs that use encryption and signature to protect sensitive data from the many attacks that adversaries controlling the network can carry out. Despite thirty years of study, theoretical and practical vulnerabilities continue to be discovered in the Web's cryptographic protocols, notably TLS(Transport Layer Security). The speaker described several of these vulnerabilities and showed how formal verification can exclude certain classes of attack on modern protocol implementations such as TLS 1.3 and Signal.

Verified Implementations for Real-World Cryptographic Protocols

Abstract

Documents and media

Speaker(s)

Karthikeyan Bhargavan

Events

Software security : introduction and case studies

Information flow

Influence of specification quality on software security

Software isolation

Differential Privacy: From the Central Model to the Local Model and their Generalization

Tempus fugit : time observation attacks

Verified Implementations for Real-World Cryptographic Protocols

Typing and safety

Fault injection attacks and software protection

Compilation and safety

Software obfuscation : scrambling code to protect programs

Calculate with figures or private data

Transient Execution Attacks and Defenses

See also