Abstract:
TLS 1.3 is just about here ! This talk will cover the more notable attacks against prior versions of TLS and examine their applicability to TLS 1.3. In doing so, important security related design decisions of TLS 1.3, which thwart these attacks, will be highlighted. We will also highlight the new protocol handshakes and how they can give rise to 0-RTT resumption. Finally, potential pitfalls of deploying TLS 1.3 and ways to avoid them will be discussed.

Alex Balducci is a Principal Security Consultant at NCC Group's Cryptography Services. His experience includes security research, source code auditing, application security assessments, and software development - but his expertise is in cryptographic security including analysis and design of cryptographic protocols. Alex has given numerous presentations at several industry conferences. In 2015-2017 he delivered NCC Group's "Beyond the Beast: Deep Dives in Cryptography" course at Blackhat USA as well as at Blackhat EU in 2015. This two day course examines modern issues affecting cryptographic implementations and protocols and delves into the nitty gritty implementation details. At BlackHat USA 2014 he spoke on the topic of practical cryptographic vulnerabilities in application software covering RSA padding oracles and subgroup confinement attacks on elliptic curve Diffie-Hellman.

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...