Website: greatly improved materials viewing experience
This commit is contained in:
parent
4b6498ede3
commit
d5a06032b0
SSH key fingerprint:
SHA256:o0JJHYcP8LVBoARMU+JjVbzJxL3HxW2F+C0yu/5zPgc
406 changed files with 159269 additions and 184 deletions
|
|
@ -1293,7 +1293,7 @@
|
|||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Target}: TLS's CBC (Cipher Block Chaining) mode with HMAC
|
||||
\item \textbf{The vulnerability}: Timing differences in MAC verification\footnote{\url{https://appliedcryptography.page/papers/lucky-thirteen.pdf}}
|
||||
\item \textbf{The vulnerability}: Timing differences in MAC verification\footnote{\url{https://appliedcryptography.page/papers/\#lucky-thirteen}}
|
||||
\begin{itemize}
|
||||
\item TLS 1.0-1.2 used MAC-then-encrypt with CBC mode
|
||||
\item Padding oracle attacks exploit timing differences
|
||||
|
|
@ -1363,7 +1363,7 @@
|
|||
\begin{columns}[c]
|
||||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Full name}: Padding Oracle On Downgraded Legacy Encryption\footnote{\url{https://appliedcryptography.page/papers/google-poodle.pdf}}
|
||||
\item \textbf{Full name}: Padding Oracle On Downgraded Legacy Encryption\footnote{\url{https://appliedcryptography.page/papers/\#google-poodle}}
|
||||
\item \textbf{Target}: SSL 3.0 (ancient protocol from 1996)
|
||||
\item \textbf{The setup}:
|
||||
\begin{itemize}
|
||||
|
|
@ -1437,7 +1437,7 @@
|
|||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Discovered by}: Inria Prosecco team (future TLS 1.3 verifiers!)
|
||||
\item \textbf{Core problem}: TLS handshake can be \textbf{resumed} with different certificates\footnote{\url{https://appliedcryptography.page/papers/triple-handshakes.pdf}}
|
||||
\item \textbf{Core problem}: TLS handshake can be \textbf{resumed} with different certificates\footnote{\url{https://appliedcryptography.page/papers/\#triple-handshakes}}
|
||||
\begin{itemize}
|
||||
\item Client connects to Server A, establishes session
|
||||
\item Session can be resumed with Server B using different certificate
|
||||
|
|
@ -1503,7 +1503,7 @@
|
|||
\begin{columns}[c]
|
||||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Not a protocol flaw}: Implementation bug in OpenSSL\footnote{\url{https://appliedcryptography.page/papers/matter-heartbleed.pdf}}
|
||||
\item \textbf{Not a protocol flaw}: Implementation bug in OpenSSL\footnote{\url{https://appliedcryptography.page/papers/\#matter-heartbleed}}
|
||||
\item \textbf{The vulnerability}: Buffer over-read in heartbeat extension
|
||||
\begin{itemize}
|
||||
\item Heartbeat: ``keep-alive'' mechanism for TLS
|
||||
|
|
@ -1602,7 +1602,7 @@
|
|||
\begin{columns}[c]
|
||||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Research by}: Inria Prosecco team (again!)\footnote{\url{https://appliedcryptography.page/papers/smack-tls.pdf}}
|
||||
\item \textbf{Research by}: Inria Prosecco team (again!)\footnote{\url{https://appliedcryptography.page/papers/\#smack-tls}}
|
||||
\item \textbf{Two major attack classes discovered}:
|
||||
\begin{itemize}
|
||||
\item \textbf{SMACK}: State Machine AttaCKs
|
||||
|
|
@ -1803,7 +1803,7 @@
|
|||
\begin{columns}[c]
|
||||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Research team}: 14 researchers from 10 institutions\footnote{\url{https://appliedcryptography.page/papers/imperfect-dh.pdf}}
|
||||
\item \textbf{Research team}: 14 researchers from 10 institutions\footnote{\url{https://appliedcryptography.page/papers/\#imperfect-dh}}
|
||||
\item \textbf{Target}: Diffie-Hellman key exchange in TLS
|
||||
\item \textbf{Two main attacks}:
|
||||
\begin{itemize}
|
||||
|
|
@ -1930,7 +1930,7 @@
|
|||
\begin{columns}[c]
|
||||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/inria-sweet32.pdf}}
|
||||
\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/\#inria-sweet32}}
|
||||
\item \textbf{Target}: 64-bit block ciphers (3DES, Blowfish)
|
||||
\item \textbf{Core vulnerability}: Birthday paradox in block cipher usage
|
||||
\begin{itemize}
|
||||
|
|
@ -2002,7 +2002,7 @@
|
|||
\begin{columns}[c]
|
||||
\begin{column}{1\textwidth}
|
||||
\begin{itemize}[<+->]
|
||||
\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/inria-collisions.pdf}}
|
||||
\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/\#inria-collisions}}
|
||||
\item \textbf{Novel attack class}: Hash collision attacks on protocol transcripts
|
||||
\item \textbf{Core idea}:
|
||||
\begin{itemize}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue