SlideShare a Scribd company logo

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

V
vpnmentor

Tibor Jager, Jörg Schwenk, Juraj Somorovsky Horst Görtz InsFtute for IT Security Ruhr-University Bochum 1st BIU Security Day: The Current Status of TLS Security May 1, 2016 Bar-Ilan University, Israel - Sponsored by vpnMentor.com

Internet
1 of 44
Download to read offline
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 EncrypFon Tibor Jager, Jörg Schwenk, Juraj Somorovsky Horst Görtz InsFtute for IT Security Ruhr-University Bochum 1st BIU Security Day: The Current Status of TLS Security May 1, 2016 Bar-Ilan University, Israel
TLS and SSL Versions 2 SSL 1.0 and 2.0 (Netscape) 1994 1995 SSL 3.0 (Netscape & Microsob PCT) 1999 TLS 1.0 (=SSL 3.1) (IETF standard) 2006 2008 TLS 1.2 TLS 1.1 2016? TLS 1.3
Support of TLS versions in pracFce 3 SSL Labs, hgps://www.trustworthyinternet.org/ssl-pulse/, Jan 5, 2016 TLS v1.3 (2016?) (1999) (1995) (1994) (2006) (2008)
Support of TLS versions in pracFce 4 SSL Labs, hgps://www.trustworthyinternet.org/ssl-pulse/, Jan 5, 2016 TLS v1.3 (2016?) (1999) (1995) (1994) (2006) (2008) Support of more than one version is very common
Support of TLS versions in pracFce 5 SSL Labs, hgps://www.trustworthyinternet.org/ssl-pulse/, Jan 5, 2016 TLS v1.3 (2016?) (1999) (1995) (1994) (2006) (2008) Support of more than one version is very common Standardized in 1999!
Support of TLS versions in pracFce 6 SSL Labs, hgps://www.trustworthyinternet.org/ssl-pulse/, Jan 5, 2016 TLS v1.3 (2016?) (1999) (1995) (1994) (2006) (2008) Support of more than one version is very common Standardized in 1999! Update of security protocols is a very slow process à Requires careful design and thorough analysis!
RSA-PKCS#1 v1.5 EncrypFon •  Most frequently used key transport mechanism in TLS before v1.3 – “Textbook-RSA encrypFon” with addiFonal randomized padding – A ciphertext is “valid”, if it contains a correctly padded message 7
RSA-PKCS#1 v1.5 EncrypFon •  Most frequently used key transport mechanism in TLS before v1.3 – “Textbook-RSA encrypFon” with addiFonal randomized padding – A ciphertext is “valid”, if it contains a correctly padded message •  Deprecated in TLS 1.3 – Vulnerable: Bleichenbacher’s aCack (CRYPTO `98) – Sufficient to protect against its weaknesses? 8
Bleichenbacher’s Agack (CRYPTO 1998) 9 CPKCS
Bleichenbacher’s Agack (CRYPTO 1998) 10 CPKCS‘ „valid“ / „invalid“ CPKCS‘‘ „valid“ / „invalid“ ... CPKCS
Bleichenbacher’s Agack (CRYPTO 1998) 11 CPKCS‘ „valid“ / „invalid“ CPKCS‘‘ „valid“ / „invalid“ ... CPKCS M = Dec(CPKCS)
Bleichenbacher’s Agack (CRYPTO 1998) •  Oracle usually provided by a server: – Error message if ciphertext is invalid – Other side channels, like Iming •  Allows to perform RSA secret key operaIon – Decrypt RSA-PKCS#1 v1.5 ciphertexts – Compute digital RSA signatures 12 CPKCS‘ „valid“ / „invalid“ CPKCS‘‘ „valid“ / „invalid“ ... CPKCS M = Dec(CPKCS)
Bleichenbacher’s Agack (CRYPTO 1998) •  Oracle usually provided by a server: – Error message if ciphertext is invalid – Other side channels, like Iming •  Allows to perform RSA secret key operaIon – Decrypt RSA-PKCS#1 v1.5 ciphertexts – Compute digital RSA signatures 13 CPKCS‘ „valid“ / „invalid“ CPKCS‘‘ „valid“ / „invalid“ ... CPKCS M = Dec(CPKCS)
Bleichenbacher agacks over and over 14 •  Bleichenbacher (CRYPTO 1998) •  Klima et al. (CHES 2003) •  Jager et al. (ESORICS 2012) •  Degabriele et al. (CT-RSA 2012) •  Bardou et al. (CRYPTO 2012) •  Zhang et al. (ACM CCS 2014) •  Meyer et al. (USENIX Security 2014) •  … Many different techniques to construct the required oracle
Bleichenbacher agacks over and over •  Bleichenbacher (CRYPTO 1998) •  Klima et al. (CHES 2003) •  Jager et al. (ESORICS 2012) •  Degabriele et al. (CT-RSA 2012) •  Bardou et al. (CRYPTO 2012) •  Zhang et al. (ACM CCS 2014) •  Meyer et al. (USENIX Security 2014) •  … AssumpIon: Bleichenbacher-like agacks remain a realisFc threat 15 Many different techniques to construct the required oracle
Bleichenbacher agacks over and over •  Bleichenbacher (CRYPTO 1998) •  Klima et al. (CHES 2003) •  Jager et al. (ESORICS 2012) •  Degabriele et al. (CT-RSA 2012) •  Bardou et al. (CRYPTO 2012) •  Zhang et al. (ACM CCS 2014) •  Meyer et al. (USENIX Security 2014) •  Aviram et al. (DROWN 2016) •  … AssumpIon: Bleichenbacher-like agacks remain a realisFc threat 16 Many different techniques to construct the required oracle
Typical use of TLS 1.3 in pracFce 17 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA TLS 1.0 TLS 1.3
Typical use of TLS 1.3 in pracFce 18 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA TLS 1.0 TLS 1.3 AssumpFon Secure?
Server S TLS 1.3 RSA A closer look at TLS 1.3 TLS 1.3
Server S TLS 1.3 RSA A closer look at TLS 1.3 ECDH share ClientKeyShare ClientHello 1. Cipher Suite Agreement 2. Key Exchange TLS 1.3
Server S TLS 1.3 RSA A closer look at TLS 1.3 ECDH share ECDH share ClientKeyShare ServerKeyShare ServerHello ClientHello Certificate 1. Cipher Suite Agreement 2. Key Exchange TLS 1.3
Server S TLS 1.3 RSA A closer look at TLS 1.3 ECDH share ECDH share RSA Signature over all previous messages ClientKeyShare CertificateVerify ServerKeyShare ServerHello ClientHello Certificate 1. Cipher Suite Agreement 2. Key Exchange TLS 1.3
Server S TLS 1.3 RSA A closer look at TLS 1.3 ECDH share ECDH share RSA Signature over all previous messages S-Finished ClientKeyShare C-Finished CertificateVerify ServerKeyShare ServerHello ClientHello Certificate 3. Finished messages 1. Cipher Suite Agreement 2. Key Exchange TLS 1.3
High-level Agack DescripFon 24 TLS 1.3 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA
High-level Agack DescripFon 25 TLS 1.3 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA SKeyShare ServerHello ClientHello Certificate ClientKeyShare
High-level Agack DescripFon 26 TLS 1.3 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA CertVerify SKeyShare ServerHello ClientHello Certificate ClientKeyShare
High-level Agack DescripFon 27 TLS 1.3 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA Bleichenbacher‘s Agack CertVerify SKeyShare ServerHello ClientHello Certificate ClientKeyShare
High-level Agack DescripFon 28 TLS 1.3 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA Bleichenbacher‘s Agack CertVerify SKeyShare ServerHello ClientHello Certificate ClientKeyShare S-Finished C-Finished
High-level Agack DescripFon 29 TLS 1.3 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA Bleichenbacher‘s Agack CertVerify SKeyShare ServerHello ClientHello Certificate ClientKeyShare S-Finished C-Finished TLS 1.3 may be vulnerable to Bleichenbacher‘s agack, even though PKCS#1 v1.5 encrypIon is not used!
PracFcal Impact 30 •  PracFcal impact on TLS 1.3 rather limited –  Typical Bleichenbacher-agacks take hours or days –  Machine-to-machine communicaFon? •  Nevertheless: –  Backwards compaIbility must be considered (cf. Jager, Paterson, Somorovsky, NDSS 2013) –  Future improvements of Bleichenbacher’s agack? •  DROWN techniques: compute signature in one minute on a single CPU –  Leverages new vulnerability in openSSL –  All openSSL versions from 1998 to early 2015: –  26% of HTTPS servers were vulnerable
PracFcal Impact 31 •  PracFcal impact on TLS 1.3 rather limited –  Typical Bleichenbacher-agacks take hours or days –  Machine-to-machine communicaFon? •  Nevertheless: –  Backwards compaIbility must be considered (cf. Jager, Paterson, Somorovsky, NDSS 2013) –  Future improvements of Bleichenbacher’s agack? •  DROWN techniques: compute signature in one minute on a single CPU –  Leverages new vulnerability in openSSL –  All openSSL versions from 1998 to early 2015: –  26% of HTTPS servers were vulnerable
PracFcal Impact 32 •  PracFcal impact on TLS 1.3 rather limited –  Typical Bleichenbacher-agacks take hours or days –  Machine-to-machine communicaFon? •  Nevertheless: –  Backwards compaIbility must be considered (cf. Jager, Paterson, Somorovsky, NDSS 2013) –  Future improvements of Bleichenbacher’s agack? •  Use DROWN technique to forge signature in one minute on a single CPU –  Leverages vulnerability in openSSL –  All openSSL versions from 1998 to early 2015 –  26% of HTTPS servers were vulnerable
Agack on the QUIC protocol Server S QUIC TLS 1.0 RSA QUIC Agacker A
Agack on the QUIC protocol Server S QUIC TLS 1.0 RSA QUIC Bleichenbacher‘s Agack Full QUIC protocol Agacker A
Agack on the QUIC protocol Server S QUIC TLS 1.0 RSA QUIC Bleichenbacher‘s Agack Full QUIC protocol •  A can run Bleichenbacher’s agack before Lisa connects to S •  One signature is equivalent to the secret key of S •  PracIcal, even if agack takes weeks! Agacker A
Limited Impact on TLS 1.3 TLS 1.3 CertVerify Server S TLS 1.3 TLS 1.0 RSA Bleichenbacher‘s Agack •  A can impersonate S only in a single TLS session •  Only pracFcal with very fast Bleichenbacher agack “Hello” “Finished” Agacker A
The difficulty of prevenFng such agacks (example) 37 TLS 1.3 RSA1 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA1 RSA2 Bleichenbacher‘s Agack
The difficulty of prevenFng such agacks (example) 38 TLS 1.3 RSA2 Server S TLS 1.3 TLS 1.0 (Backwards compaFbility) RSA1 RSA2 •  X.509 cerFficates do not contain protocol version Bleichenbacher‘s Agack
Further difficulFes •  Key separaFon not supported by major servers/browser implementaFons •  CerFficates cost money (extended validaFon) •  X.509 supports “sign/encrypt-only” certs – “Sign-only” certs for “signing” cipher suites (incl. TLS 1.3) – “Encrypt-only” keys for TLS-RSA cipher suites – Do browsers really check this? •  Mozilla developer: “No. And no intenIon to change this, because of usability/compaIbility.”
Further difficulFes •  Key separaFon not supported by major servers/browser implementaFons •  CerFficates cost money (extended validaFon) •  X.509 supports “sign/encrypt-only” certs – “Sign-only” certs for “signing” cipher suites (incl. TLS 1.3) – “Encrypt-only” keys for TLS-RSA cipher suites – Do browsers really check this? •  Mozilla developer: “No. And no intenIon to change this, because of usability/compaIbility.”
Further difficulFes •  Key separaFon not supported by major servers/browser implementaFons •  CerFficates cost money (extended validaFon) •  X.509 supports “sign/encrypt-only” certs – “Sign-only” certs for “signing” cipher suites (incl. TLS 1.3) – “Encrypt-only” keys for TLS-RSA cipher suites – Do browsers really check this? •  Mozilla developer: “No. And no intenIon to change this, because of usability/compaIbility.”
Further difficulFes •  Key separaFon not supported by major servers/browser implementaFons •  CerFficates cost money (extended validaFon) •  X.509 supports “sign/encrypt-only” certs – “Sign-only” certs for “signing” cipher suites (incl. TLS 1.3) – “Encrypt-only” keys for TLS-RSA cipher suites – Do browsers really check this? •  Mozilla developer: “No. And we have no intenIon to change this, because of usability/compaIbility.”
Summary and recommendaFons •  Removing RSA-PKCS#1 v1.5 from TLS is an excellent decision –  Not sufficient to protect completely against weakness •  TLS 1.3 is more “robust” than QUIC –  But not immune –  Signing ephemeral values is a good idea •  Proper key separaIon is difficult in pracFce –  Support in future versions of X.509? –  Support by browsers? 43
Summary and recommendaFons •  Removing RSA-PKCS#1 v1.5 from TLS is an excellent decision –  Not sufficient to protect completely against weakness •  TLS 1.3 is more “robust” than QUIC –  But not immune –  Signing ephemeral values is a good idea •  Proper key separaIon is difficult in pracFce –  Support in future versions of X.509? –  Support by browsers? 44 Thank you!

Recommended

On the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard ModelOn the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard Modelvpnmentor
 
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi AlamosOSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi AlamosNETWAYS
 
Amazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionAmazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionHayato Kiriyama
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3 Vedant Jain
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3n|u - The Open Security Community
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityNazmul Hossain Rakib
 
SSL VS TLS.pptx
SSL VS TLS.pptxSSL VS TLS.pptx
SSL VS TLS.pptxVignesh kumar
 

Recommended

On the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard ModelOn the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard Modelvpnmentor
 
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi AlamosOSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi AlamosNETWAYS
 
Amazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionAmazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionHayato Kiriyama
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3 Vedant Jain
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3n|u - The Open Security Community
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityNazmul Hossain Rakib
 
SSL VS TLS.pptx
SSL VS TLS.pptxSSL VS TLS.pptx
SSL VS TLS.pptxVignesh kumar
 
WebRTC security+more @ KamailioWorld 2018
WebRTC security+more @ KamailioWorld 2018WebRTC security+more @ KamailioWorld 2018
WebRTC security+more @ KamailioWorld 2018Lorenzo Miniero
 
CNS Solution
CNS SolutionCNS Solution
CNS SolutionNitin Kanzariya
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfHost It Smart
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security Ibrahiem Mohammed
 
Egor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of viewEgor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of viewSergey Arkhipov
 
IPsecurity.ppt
IPsecurity.pptIPsecurity.ppt
IPsecurity.pptShineStar21
 
IPsecurity.ppt
IPsecurity.pptIPsecurity.ppt
IPsecurity.pptwitscollege
 
IPsecurity (1).ppt
IPsecurity (1).pptIPsecurity (1).ppt
IPsecurity (1).pptssuserec53e73
 
On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter vpnmentor
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Hanvpnmentor
 
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet RoutingMichael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routingvpnmentor
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwarivpnmentor
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwarivpnmentor
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrenciesvpnmentor
 
Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part IIvpnmentor
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacksvpnmentor
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part Ivpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies vpnmentor
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3vpnmentor
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Futurevpnmentor
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 

More Related Content

Similar to On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

WebRTC security+more @ KamailioWorld 2018
WebRTC security+more @ KamailioWorld 2018WebRTC security+more @ KamailioWorld 2018
WebRTC security+more @ KamailioWorld 2018Lorenzo Miniero
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfHost It Smart
 
Egor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of viewEgor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of viewSergey Arkhipov
 

Similar to On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption (8)

WebRTC security+more @ KamailioWorld 2018
WebRTC security+more @ KamailioWorld 2018WebRTC security+more @ KamailioWorld 2018
WebRTC security+more @ KamailioWorld 2018
 
CNS Solution
CNS SolutionCNS Solution
CNS Solution
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdf
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
Egor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of viewEgor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of view
 
IPsecurity.ppt
IPsecurity.pptIPsecurity.ppt
IPsecurity.ppt
 
IPsecurity.ppt
IPsecurity.pptIPsecurity.ppt
IPsecurity.ppt
 
IPsecurity (1).ppt
IPsecurity (1).pptIPsecurity (1).ppt
IPsecurity (1).ppt
 

More from vpnmentor

On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter vpnmentor
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Hanvpnmentor
 
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet RoutingMichael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routingvpnmentor
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwarivpnmentor
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwarivpnmentor
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrenciesvpnmentor
 
Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part IIvpnmentor
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacksvpnmentor
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part Ivpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies vpnmentor
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3vpnmentor
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Futurevpnmentor
 

More from vpnmentor (13)

On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
 
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet RoutingMichael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwari
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrencies
 
Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part II
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacks
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part I
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Future
 

Recently uploaded

AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 

Recently uploaded (20)

AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption