Introduction to HTTPS: A Comedy of Errors

03:30 PM - 03:55 PM on August 16, 2015, Room 702

Ashwini Oruganti

Audience level:

novice

Watch:

http://youtu.be/XsLFLzx4Nq4

Description

Given recent increases in hostile attacks on internet services and large scale surveillance operations by certain unnamed government organizations, security in our software is becoming ever more important. Through this talk, I'll give you an idea of how modern crypto works in web services and clients, look at some of the common flaws in these crypto implementations, and discuss recent developments in TLS.

Abstract

In this talk I'll explain what happens behind the scenes when we try to establish a secure connection to a web site.

I'll cover the common security flaws in popular TLS implementations like OpenSSL, and see how these issues can be avoided if we have a good well-designed TLS implementation in a high level language like Python.

Finally, I'll discuss how the API design of OpenSSL leads to application bugs, and a lack of abstract secure defaults leads to insecure applications.