As part of our USENIX Security '22 paper, we just released TLS-Anvil, our new blackbox TLS test suite built to uncover even the most subtle bugs within implementations. Let me show you how it works. A 🧵:
FOLLOW US ON BLUESKY! We found a new vulnerability in TLS. It's a variant of the ALPACA attack that bypasses current countermeasures. Relatively low impact - but great insight! Check it out: https://t.co/2ZLCeXTynM // via https://t.co/i6vjm3TohA
[1/4] If you've ever tried finding timing side channels by actually measuring, you probably know that this can be incredibly frustrating. But it does not have to!
While major side-channels are easy to detect, more subtle ones, especially when the measurements are noisy, are not!
In our newest USENIX paper, @XoIMEX, @snachti, @marcelmaehren, @nerinola1, @ic0nz1, @JoergSchwenk, and me took a look at the TLS session ticket deployment in the wild and found diverse vulnerabilities: https://t.co/8UvZzFBflF (1/12)
As part of our USENIX Security '22 paper, we just released TLS-Anvil, our new blackbox TLS test suite built to uncover even the most subtle bugs within implementations. Let me show you how it works. A 🧵:
If you are interested in our project, you can find more information on https://t.co/ZDSd5L6ae2 and on https://t.co/iNB6m5kygM
TLS-Anvil is a joint work by @Kavakuo, @XoIMEX, @ic0nz1, @jurajsomorovsky, and @JoergSchwenk