8      0


1841312 - Inspecting TLS


‐ Oct 20, 2021 11:45am

Cryptography is commonly used to protect the secrecy and integrity of data. It is a good thing that secure transportation is now commonly used. However, usually the owner of the data does not know with certainty which of their data is transferred. The transportation is guarded by cryptographic techniques so it is impossible for the owner to inspect the data-stream. The only way to inspect this process is to inspect the source code and to verify that the used program matches the inspected code. Not all parties are willing to have their code inspected. We are presenting the early findings for possibilities and feasibilities for the data owner to temporarily inspect the encrypted transportation for a limited time and we will demonstrate the prototype.

Learning Objectives:

  • At the end of this session participants will be understand the initial phase of TLS in particular "key exchange".
  • At the end of this session participants will be understand how "the shared secret" can be obtained by auditing parties.
  • At the end of this session participants will be understand how this mechanism has only impact on a few connections (restricted in time)). So the general protection of TLS is not compromised.

Speaker(s):

Tags:

Intermediate

You must be logged in and own this session in order to post comments.

Dawnell Claessen
10/20/21 4:23 pm

Excellent technical presentation.