The Tale Of SSL Invasion

2k13 - Version 0.36 - Last change on 01 September 2013 10:30:00
Jump to: navigation, search

The Tale Of SSL Invasion by Divyanshu Shekhar

Cryptographic encryption techniques such as SSL & TLS have been employed to provide a secure environment for the most delicate and private transactions and information exchange over the internet in an encrypted manner. But the question is, are we really playing safe with our transactions under TLS?
In this talk I will be discussing about the cryptographic protocols and the attack mechanisms that can be deployed by an attacker to retrieve our personal information from HTTPS channel during the information exchange with the server, like credit card numbers, confidential e-mails and other secret and highly private data. These vents in the HTTPS channel can be exploited to gain access to the session IDs, e-mail addresses, CSRF tokens, OAuth tokens etc. Major vulnerabilities and attack vectors have arose till date like BEAST, Lucky 13, CRIME, TIME, FORCE, BCBA, SSLstrip, performing MITM and many more are prevailing on the PKI platform and are required to be dealt with, in order to be in a secure pathway for unpwnable information exchange. Are the trusted root CA store in browsers highly reliable ? Are the handshake protocols pretty secured? Everything will be discussed and supported with significant POC demonstrations.