PPT-Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS

Chad Brubaker 1 Suman Jana 1 Baishakhi Ray 2 Sarfraz Khurshid 1 Vitaly Shmatikov 1 1 University of Texas at Austin 2 University of California at Davis Internet . on the web. Dr. István Zsolt Berta. www.berta.hu. . opinions expressed here . are strictly those of my own. Alternatives to PKI-based SSL. . on the web. A https connection means you are communicating with the website in the URL, the connection is encrypted and no one else can tamper with it. Karen P. . Lewison. , MD – CEO. kplewison@pomcor.com. Francisco Corella, PhD – CTO. fcorella@pomcor.com. 5/29/2014 -- Updated 5/31 to add link to white paper. 1. Outline. Brief history and usage of SSL, TLS and DTLS. In)Security. Why Eve & Mallory Love Android. Android Apps. Android is the most used Smartphone OS in the world with 48% market share. Over 400,000 apps in the Google Play Market. Android apps have been installed over 10 billion . Brian A. McHenry, Security Solutions Architect. bam@f5.com. @. bamchenry. . Global SSL Encryption Trends and Drivers. A Few “Best” Practices. Solutions. What’s Next?. Agenda. Worldwide spending on information security will reach $71.1 billion in 2014. Nets. İlke Çuğu 1881739. NIPS 2014 . Ian. . Goodfellow. et al.. At a . glance. (. http://www.kdnuggets.com/2017/01/generative-adversarial-networks-hot-topic-machine-learning.html. ). Idea. . Behind. not on tests, just for fun. SSH/SSL Should Be Secure. Cryptographic operations are secure. SSL uses certificates to authenticate servers. How can one attack such strong protocols?. Misconfiguration. Vulnerabilities in server code. Presenters: Pooja Harekoppa, Daniel Friedman. Explaining and Harnessing Adversarial Examples. Ian J. . Goodfellow. , Jonathon . Shlens. and Christian . Szegedy. Google Inc., Mountain View, CA. Highlights . Joshua Davies. Director of Architecture – 2Xoffice. Author of “Implementing SSL/TLS Using Cryptography and PKI”. Outline. Cryptographic concepts. Symmetric Cryptography. Public-key cryptography. ML Reading . Group. Xiao Lin. Jul. 22 2015. I. . Goodfellow. , J. . Pouget-Abadie. , M. Mirza, B. Xu, D. . Warde. -Farley, S. . Ozair. , A. . Courville. and Y. . Bengio. . . "Generative adversarial nets." . for . edge detection. Z. Zeng Y.K. Yu, K.H. Wong. In . IEEE iciev2018, International Conference on Informatics, Electronics & Vision '. June,kitakyushu. exhibition center, japan, 25~29, 2018. (. 1. Securi. ty protocol requirements. Authentication. Proving identity to each . other. Confidentiality. Prevent eavesdropping. Integrity. Avoid content inflight modification. Key exchange, establishment or agreement . Use . adversarial learning . to suppress the effects of . domain variability. (e.g., environment, speaker, language, dialect variability) in acoustic modeling (AM).. Deficiency: domain classifier treats deep features uniformly without discrimination.. Jan . Žorž. , Internet Society. zorz@isoc.org. . Acknowledgement. I would like to thank Internet Society to let me spend some of my ISOC working time in go6lab and test all this new and exciting protocols and mechanisms that makes Internet a bit better and more secure place. Antoine Delignat-Lavaud. Cédric Fournet, Markulf Kohlweiss,. Bryan Parno. X.509. V.C.. with the Magic of Verifiable Computation. The X.509 Public Key Infrastructure (1988). Endpoint certificate. Intermediate Certificate Authority certificate.