University of Pennsylvania
To comply with 1990s-era US export restrictions on cryptography, early versions of SSL/TLS supported reduced-strength ciphersuites that were restricted to 40-bit symmetric keys and 512-bit RSA and Diffie-Hellman public values. Although the relevant export restrictions have not been in effect since 2000, modern implementations often maintain support for these cipher suites along with old protocol versions.
In this talk, I will discuss recent attacks against TLS (FREAK, Logjam, and DROWN) demonstrating how server-side support for these insecure ciphersuites harms the security of users with modern TLS clients. These attacks exploit a combination of clever cryptanalysis, advances in computing power since the 1990s, previously undiscovered protocol flaws, and implementation vulnerabilities.
Nadia Heninger is an assistant professor in the Computer and Information Science department at the University of Pennsylvania. Her research focuses on security, applied cryptography, and algorithms. Previously, she was an NSF Mathematical Sciences Postdoctoral Fellow at UC San Diego and a visiting researcher at Microsoft Research New England. She received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley.
January 14 2019
January 17 2019
12:00 PM - 1:20 PM
Scott Institute for Energy Innovation
Advancing a clean environment and clean energy: Lessons from the trenches and a look ahead
5201 Scott Hall
January 23 2019
12:00 PM - 2:30 PM
Rangos Ballroom, Cohon University Center
January 25 2019
1:00 PM - 2:00 PM
Seminar with Dr. Marco Castaldi
100 Porter Hall
March 8 2019
March 11-15 2019