10th International Conference on Security and Privacy in Communication Networks

September 24–26, 2014 | Beijing, People's Republic of China

Vitaly Shmatikov is an associate professor of computer science at the University of Texas at Austin and visiting scholar at Cornell NYC Tech. Prior to joining the UT Austin faculty, Vitaly was a computer scientist at SRI International. He obtained his Ph.D. in computer science and M.S. in engineering-economic systems from Stanford University.

Vitaly's research area is security and privacy. He received the PET Award for Outstanding Research in Privacy Enhancing Technologies twice, in 2008 and 2014, and was a runner-up in 2013. Having discovered more than 200 high-impact security and privacy vulnerabilities, Vitaly's research group designs, implements, and helps deploy new data protection technologies. Their work won the Best Practical Paper or Best Student Paper Awards at the 2012, 2013, and 2014 IEEE Symposiums on Security and Privacy ("Oakland"), as well as the 2012 NYU-Poly AT&T Best Applied Security Paper Award, NDSS 2013 Best Student Paper Award, and the CCS 2011 Test-of-Time Award. It has been cited in the popular media, rulings and reports by federal regulatory agencies such as the FTC and FCC, law review articles, and legal proceedings.

Title of talk: All Your SSL Belong To Us: Finding Security Holes in SSL/TLS Implementations for Fun and Profit

Abstract: SSL/TLS is the de facto standard for secure Internet communications. Deployed widely in Web browsers and non-browser software, it is intended to provide end-to-end security even against active, man-in-the-middle attacks. This security fundamentally depends on correct validation of X.509 certificates presented when the connection is established.

I will first demonstrate that many SSL/TLS deployments are completely insecure against man-in-the-middle attacks. Vulnerable software includes cloud computing clients, merchant SDKs responsible for transmitting payment information from e-commerce sites to payment processors, online shopping software, and many forms of middleware. Even worse, several popular SSL/TLS implementations do not validate certificates correctly and thus all software based on them is generically insecure. These bugs affect even common Web browsers, where minor validation errors such as recent certificate expiration can mask serious issues such as failure to authenticate the Web server's identity.

I will then analyze the root causes of these vulnerabilities and describe how we used "frankencerts," a new methodology for automatically testing SSL/TLS implementations, to uncover dozens of subtle certificate validation bugs in popular SSL/TLS implementations.