Some thoughts on SSL/TLS from a (nearly) 6-year PhD student

Olivier Levillain, ANSSI -
Corporate communication

Date: -
Location: Eurecom

Abstract: SSL/TLS is one of the major security mechanism of Internet. Initially designed to protect HTTP connections to allow for secure e-commerce transactions, it has now become, 20 years later, a universal security layer for all kinds of protocols (e.g. POP, IMAP, SMTP, LDAP), to establish secure VPN or to handle WiFi authentication (EAP TLS). Since 2011, a lot has happened in the SSL/TLS world: structural flaws were discovered, cryptographic attacks deemed untractable were implemented, implementation bugs were shown to be pervasive and the WebPKI trust model was shown to be far from perfect. In this talk, I will present an overview of the protocol and of what could go (and has actually gone) wrong. Bio: Olivier Levillain is Head of ANSSI Cybersecurity Training Centre (CFSSI, centre de formation a la SSI). He has previously been working in ANSSI research laboratories, on various topics, ranging from low-level architecture (SMM/ACPI) to PKI. More recently, his work has been more focused on secure network protocols (especially SSL/TLS) and on programming languages.