Transport Layer Security (TLS) is responsible for transmitting data in a secure and confidential way over an unsecured
network. It is the de-facto standard for secured communication in the Internet.
This workshop deals with the technical background of the cryptographic algorithms used in TLS as well as the existing attacks. First, the asymmetric cryptographic algorithms for establishing a TLS session are addressed. TLS supports asymmetric cryptographic algorithms for the authentication of the communicating parties and the secure key-exchange between them. If the algorithms are poorly chosen already this first phase of establishing a secured communication channel can be attacked. The concepts of Perfect Forward Secrecy and Elliptic Curve Cryptography are presented and explained in this context. Second, key exchange in TLS and authentication examples are covered. The exchanged keys are used for the symmetric encryption of the secure data exchange, which follows in a second phase. Even with securely exchanged keys a number of realistic attacks on the encrypted data exchange exist. Recent examples are BEAST, CRIME, BREACH and the Padding Oracle Attack Lucky 13. The workshop explains the mentioned attacks and presents strategies to prevent them.
The active participation of students is appreciated. A virtual work-environment will be provided for each student containing all necessary files and tools to participate in the live hands-on exercises. This workshop will to provide a profound knowledge and understanding of the algorithms used in TLS in order to circumvent the known pitfalls and weaknesses.
Structure: Presentation, exercises with laptops
Required Skills: Basic knowledge of network technologies and cryptography, no programming skills necessary, Linux User Basics, Basic knowledge of a programming language (exercises)
Required Equipment: Laptop required
Maximal number of participants: 25
Dr. César Bernardini professional focus lies on the research and development of secure network protocols. Since 2017 he
works with Barracuda Network AG and develops products for secure Internet communciation. This involves the design and
development of network protocols for the Barracuda CloudGen Firewall.
Before joining Barracuda Networks, Dr. Bernardini pursued his PhD diploma at INRIA in collaboration with the University of Lorraine (France) in the field of Future Internet Architectures. Later on, he worked as a Postdoc in the field of secure communications for Future Internet Architectures in the University of Trento (Italy), University of Innsbruck (Austria) and Aalto University (Finland) During these years he acquired valuable experience with professional software design and development.
Further, Dr. Bernardini did projects in collaboration with local startups in Innsbruck and worked as a lecturer at the University of Lorraine.
Dr. Harald Grossauer earned a MSc in Theoretical Physics and a PhD in Computer Science, both at the University of Innsbruck. As a postdoc he worked in a research group for Inverse Problems and Mathematical Image Processing. Afterwards he spent almost four years in different roles in various financial institutions.
In 2013 he joined Barracuda Networks, where he is responsible for layer 7 protocol analysis, inspection of SSL/TLS traffic and intrusion prevention.