Graduate School and Research Center in Digital Sciences

Seminar: Some thoughts on SSL/TLS from a (nearly) 6-year PhD student

Olivier Levillain, ANSSI

Corporate communication

Date: November 23, 2015

Location: Eurecom - Salle 101

Abstract: SSL/TLS is one of the major security mechanism of Internet. Initially designed to protect HTTP connections to allow for secure e-commerce transactions, it has now become, 20 years later, a universal security layer for all kinds of protocols (e.g. POP, IMAP, SMTP, LDAP), to establish secure VPN or to handle WiFi authentication (EAP TLS). Since 2011, a lot has happened in the SSL/TLS world: structural flaws were discovered, cryptographic attacks deemed untractable were implemented, implementation bugs were shown to be pervasive and the WebPKI trust model was shown to be far from perfect. In this talk, I will present an overview of the protocol and of what could go (and has actually gone) wrong. Bio: Olivier Levillain is Head of ANSSI Cybersecurity Training Centre (CFSSI, centre de formation a la SSI). He has previously been working in ANSSI research laboratories, on various topics, ranging from low-level architecture (SMM/ACPI) to PKI. More recently, his work has been more focused on secure network protocols (especially SSL/TLS) and on programming languages.

Some thoughts on SSL/TLS from a (nearly) 6-year PhD student