Testing The Limits Of Ev Certificates presented at hashdays 2010

by Philippe Oechslin (Objectif Sécurité),

Tags: Security Exploitation Browser

URL : https://www.hashdays.ch/agenda-2010.html

Summary : Extended Validation certificates for TLS are more expensive and more difficult to obtain. In return they provide more trust. We want to explore the limits of this added trust. We will tie different scenarios into an attack tree and illustrate it by doing things like inserting malicious content into EV certified web sites or inserting fake EV certificates into browsers. We will also compare how different browsers react to these manipulations.

Philippe Oechslin: Philippe is the founder of Objectif Sécurité, a company specialized in security audits and consulting in the french part of Switzerland. He also lectures network security at the Swiss Federal Institute of Technology (EPFL). Philippe is the inventor of Rainbow Tables, an efficient time/memory trade-off for breaking unsalted hashes, as found in Microsoft operating systems.