Close
InfoSec Seminar: Are we there yet? HTTPS security 7 years after DigiNotar
31 May 2018, 4:00 pm–5:00 pm
In this talk, Prof. Ralph Holz from University of Sydney will discuss HTTPS security 7 years the meltdown of the Certification Authority DigiNotar, the alleged attack on connections to Google, and the subsequent removal of DigiNotar from all browsers.
Event Information
Open to
- All
Organiser
-
Vasilios Mavroudis
Location
-
Room 421Robert's Engineering BuildingMalet PlaceLondonWC1E 7JEUnited Kingdom
About
The year 2011 was highly interesting for the security community: the meltdown of the Certification Authority DigiNotar, the alleged attack on connections to Google, and the subsequent removal of DigiNotar from all browsers sparked a strong interest how HTTPS and our web PKI can be reinforced. Since then, many other incidents have become known, and new security features have been added to TLS, HTTPS, and the web PKI. These include Certificate Transparency (CT) for making the CA system auditable; HSTS and HPKP headers, to harden the HTTPS posture of a domain; the DNS-based extensions CAA and TLSA, for control over certificate issuance and pinning; and SCSV, for protocol downgrade protection. In this talk, we will discuss the advantages and disadvantages of these technologies based on empirical evidence of their deployment. We put our findings into context and explain which ones are a great defence and which ones are hard to configure and may even carry risks to the operator. Our insights are not theoretical: they are based on a months-long data gathering campaign, where we investigated the deployment of these improvements to the HTTPS ecosystem at Internet scale, explicitly accounting for their combined usage.
Visitors from outside UCL please email in advance.
About the Speaker
Prof. Ralph Holz
Lecturer at University of Sydney
Ralph Holz is Theme Leader in Communications, Security and Computing at the Sydney Nano Institute. As Lecturer in Networks and Security at the School of IT at the University of Sydney, he leads the Node for Cybersecurity in the Human-Centered Technologies cluster. He is Contributed Staff at Data61|CSIRO, Australia's prime innovation body, and a Visiting Fellow at the University of New South Wales. Ralph's primary research interest is empirical security. He led the research efforts that culminated in the world’s first large-scale, long-term analysis of the deployment of encryption on the Web. Most recently, he has turned his attention to analyzing the security and dependability of blockchain networks.