Breaking and Fixing the TLS Cryptographic Protocol
Karthik Bhargavan, independent researcher, India

The Transport Layer Security (TLS) protocol is widely used to protect web transactions, mail services, and Wi-Fi networks. On the web, for example, TLS is used to protect all connections between a web browser and any "https://" website. The goal of the protocol is to correctly identify the website and to ensure that the data sent between the browser and the website cannot be read or modified in-transit even by someone who controls, for example, the user's Wi-Fi network. Despite a long history of security analyses, the TLS protocol and its implementations are still subject to devastating attacks, such as the recent HeartBleed and GotoFail bugs in TLS implementations and the Triple Handshake attack on the protocol.

The talk will discuss the protocol in some depth, and try to explain where these attacks come from. We will see new attacks on TLS and HTTPS found by our group. We will also discuss ways in which these attacks can be prevented, both by modifying the protocol,and by formally verifying TLS implementations. For more details, source code, and research papers, see: http://mitls.org .