4      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1841312 - Inspecting TLS


Oct 20, 2021 11:45am ‐ Oct 20, 2021 12:45pm



Credits: None available.

Description

Cryptography is commonly used to protect the secrecy and integrity of data. It is a good thing that secure transportation is now commonly used. However, usually the owner of the data does not know with certainty which of their data is transferred. The transportation is guarded by cryptographic techniques so it is impossible for the owner to inspect the data-stream. The only way to inspect this process is to inspect the source code and to verify that the used program matches the inspected code. Not all parties are willing to have their code inspected. We are presenting the early findings for possibilities and feasibilities for the data owner to temporarily inspect the encrypted transportation for a limited time and we will demonstrate the prototype.

Learning Objectives:
  • At the end of this session participants will be understand the initial phase of TLS in particular "key exchange".
  • At the end of this session participants will be understand how "the shared secret" can be obtained by auditing parties.
  • At the end of this session participants will be understand how this mechanism has only impact on a few connections (restricted in time)). So the general protection of TLS is not compromised.

Speaker(s):

Tags: Intermediate

Credits

  • 1.25 - CPE

You must be logged in and own this session in order to post comments.

Dawnell Claessen
10/20/21 5:23 pm

Excellent technical presentation.