The INI has a new website!

This is a legacy webpage. Please visit the new site to ensure you are seeing up to date information.

Skip to content

SAS

Seminar

A long answer to the simple question, "Is TLS provably secure?"

Shrimpton, T (Portland State)
Tuesday 31 January 2012, 14:45-15:30

Seminar Room 1, Newton Institute

Abstract

TLS is perhaps the Internet's most widely used security protocol, and at its heart is a subprotocol for providing data privacy and integrity, called the TLS Record Protocol. Is the TLS Record Protocol provably secure? A series of papers starting in 2000 delivered the answers (roughly): no, not for all possible underlying encryption schemes; yes, for some of the specific encryption schemes that TLS uses, but only under some impractical assumptions; yes, under less restrictive assumptions, but for a definition of "secure" that is hard to understand; yes, as long as your integrity-providing "tag" isn't too short. We'll explore this line of papers, as well as some interesting attacks that helped to guide the provable-security results. In the end, we'll argue that the answer is still "it depends on how you use it" by discussing new results on using secure authenticated encryption (e.g. TLS) as a tunnel between a user and a proxy, through which webpages are requested and downloaded. We'll see that it is surprisingly easy to determine which webpage was visited, even in the presence of some sophisticated efforts to fragment and pad the webpage data prior to entering the provably-secure encryption tunnel.

Video

The video for this talk should appear here if JavaScript is enabled.
If it doesn't, something may have gone wrong with our embedded player.
We'll get it fixed as soon as possible.

Back to top ∧