University of Pennsylvania
To comply with 1990s-era US export restrictions on cryptography, early versions of SSL/TLS supported reduced-strength ciphersuites that were restricted to 40-bit symmetric keys and 512-bit RSA and Diffie-Hellman public values. Although the relevant export restrictions have not been in effect since 2000, modern implementations often maintain support for these cipher suites along with old protocol versions.
In this talk, I will discuss recent attacks against TLS (FREAK, Logjam, and DROWN) demonstrating how server-side support for these insecure ciphersuites harms the security of users with modern TLS clients. These attacks exploit a combination of clever cryptanalysis, advances in computing power since the 1990s, previously undiscovered protocol flaws, and implementation vulnerabilities.
Nadia Heninger is an assistant professor in the Computer and Information Science department at the University of Pennsylvania. Her research focuses on security, applied cryptography, and algorithms. Previously, she was an NSF Mathematical Sciences Postdoctoral Fellow at UC San Diego and a visiting researcher at Microsoft Research New England. She received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley.
September 17-19 2018
Westin Buckhead Hotel, Atlanta, GA
September 19-22 2018
Integrated Innovation Institute
2018 ACM Richard Tapia Celebration of Diversity in Computing
Hyatt Regency Orlando, Orlando, FL
September 26-28 2018
George R. Brown Convention Center, Houston, TX
October 2-5 2018
October 8 2018
12:00 PM - 1:20 PM
Scott Institute for Energy Innovation
Feedback, fast and slow: A field study on activity-specific feedback on energy consumption
Hamburg Hall A301
October 23-25 2018
Information Networking Institute
Executive Women's Forum 2018 National Conference
Hyatt Regency, Scottsdale, AZ