goto fail;: exploring two decades of transport layer insecurity

Presented at 32C3 (2015), Dec. 28, 2015, 11 p.m. (60 minutes).

Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems. In this talk we’ll discuss the pitfalls in designing and implementing a cryptographic protocol and lessons learned from TLS up to version 1.2.

Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems.

From the HMAC-then-Encrypt vs Encrypt-then-HMAC debate to the preference for Cipher Block Chaining (CBC) modes, the 90s was an innocent time in secure protocol design. Daniel Bleichenbacher had not yet started his assault on RSA and the types of side-channel attacks that enabled BEAST and POODLE had not yet been discovered. Over the next two decades, not only were weaknesses revealed in the protocol, but implementation flaws were found in even the most widely deployed SSL/TLS libraries. By following the security-relevant changes in SSL/TLS over the years we can paint a picture of the hard lessons learned by the cryptographic community over the history of this protocol all and how we can prevent ourselves from repeating the mistakes of the past.


Presenters:

  • Nick Sullivan
    Nick Sullivan leads the security engineering team at CloudFlare. He built many of the content security mechanisms for Apple’s multi-billion dollar iTunes store. He previously worked as a security analyst worked at Symantec analyzing large scale threat data. Nick Sullivan leads the security engineering team at CloudFlare. He built many of the content security mechanisms for Apple’s multi-billion dollar iTunes store. He previously worked as a security analyst worked at Symantec analyzing large scale threat data. Nick is a hands-on engineering leader, software developer, and security architect with deep expertise in cryptography, computer security, software protection, information security, digital rights management and distributed systems. He is passionate about building and breaking secure systems and moving the state of computer security forward through technological innovation, open source software, writing, and speaking. His security expertise has been cited by news organizations including the New York Times, Wall Street Journal, CNN, Forbes, Bloomberg, Wired, re/code, The Verge, Schneier Blog, CBC, Ars Technica and others.

Links:

Similar Presentations: