[Colloq] TODAY - Invited Talk - Thai Duong (Google) - BEAST and CRIME vs the Internet - March 11th, 1:00pm, 366 WVH
Jessica Biron
bironje at ccs.neu.edu
Mon Mar 11 11:45:19 EDT 2013
BEAST and CRIME vs the Internet
Thai Duong - Google
Monday, March 11th - 1:00pm
366 WVH
Abstract:
The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks like the Internet. It is widely used to secure web traffic and e-commerce transactions on the Internet. We present BEAST and CRIME, a set of recently disclosed attacks against TLS that allow a Man-in-the-Middle attacker to recover plaintext from a TLS connection. We applied BEAST and CRIME to attack HTTPS, and were able to obtain HTTPS's authentication tokens that allow us to compromise user accounts of a large number of popular websites. The same results were observed with SPDY, a new protocol from Google that has been selected as the basis of HTTP 2.0. The resulting exploits worked for major web browsers at the time of disclosure, and required a industry-wide effort to fix.
Bio:
Thai is an information security engineer at Google, where he is a proud member of the core product security team in charge of most Google products and services. Before joining Google, Thai was a security consultant at Matasano Security, where he helped Fortune 500 companies secure their most important consumer gadgets and software systems. Thai is best known for his award-winning research on practical cryptography attacks. He was the lead author of a Oakland'11 paper disclosing a critical vulnerability that affected millions of websites. That work was awarded the Pwnie for Best Server-Side Bug of 2011. His recent works include the BEAST and CRIME attacks against SSL/TLS - both of which were selected by the web security experts as the best web hacking technique of 2011 and 2012, respectively.
Jessica Biron
Administrative Assistant – Office of the Dean and CCIS Development
College of Computer and Information Science
Northeastern University
202 West Village H
617-373-5204
bironje at ccis.neu.edu
http://www.ccs.neu.edu/
More information about the Colloq
mailing list