{"id":769,"date":"2016-09-16T15:52:00","date_gmt":"2016-09-16T13:52:00","guid":{"rendered":"https:\/\/samovar2022.int-evry.fr\/index.php\/2016\/09\/16\/une-etude-lecosysteme-tls\/"},"modified":"2020-09-04T18:46:11","modified_gmt":"2020-09-04T16:46:11","slug":"une-etude-lecosysteme-tls","status":"publish","type":"post","link":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/2016\/09\/16\/une-etude-lecosysteme-tls\/","title":{"rendered":"\u00ab\u00a0Une \u00e9tude l&rsquo;\u00e9cosyst\u00e8me TLS\u00a0\u00bb"},"content":{"rendered":"<p>Quand: le 23\/09\/2016 \u00e0 10h00 &#8211;<br \/>\nO\u00f9: Salle B312 \u00e0 T\u00e9l\u00e9com ParisTech, 46 rue Barrault, 75013 PARIS<\/p>\n<p>Le jury sera compos\u00e9 de :<\/p>\n<p><strong>Directreur de th\u00e8se<\/strong><\/p>\n<p>M. Herv\u00e9 Debar, Professeur &#8211; T\u00e9l\u00e9com SudParis<br \/>\nRapporteurs<\/p>\n<p>BHARGAVAN Karthikeyan &#8211; Directeur de recherche INRIA<\/p>\n<p>LAFOURCADE Pascal &#8211; Ma\u00eetre de conf\u00e9rences HDR Universit\u00e9 d&rsquo;Auvergne<\/p>\n<p><strong> Examinateurs<\/strong><\/p>\n<p>CHAILLOUX Emmanuel &#8211; Professeur HDR UPMC<\/p>\n<p>PATERSON Kenny &#8211; Professor of Information Security Royal Holloway, University of London<\/p>\n<p>FRANCILLON Aur\u00e9lien &#8211; Ma\u00eetre de conf\u00e9rences Eurecom<\/p>\n<p>ARAUJO Jos\u00e9 &#8211; Responsable de la division scientifique et technique ANSSI<br \/>\n<strong><br \/>\nCo-encadrant<\/strong><\/p>\n<p>MORIN Benjamin &#8211; Adjoint au responsable de la division scientifique et technique ANSSI<\/p>\n<p><em>R\u00e9sum\u00e9 de th\u00e8se :<\/em><\/p>\n<p>SSL\/TLS, un protocole de s\u00e9curit\u00e9 datant de 1995, est devenu aujourd&rsquo;hui une brique essentielle pour la s\u00e9curit\u00e9 des communications, depuis les sites de commerce en ligne ou les r\u00e9seaux sociaux jusqu&rsquo;aux r\u00e9seaux priv\u00e9s virtuels (VPN), en passant par la protection des protocoles de messagerie \u00e9lectronique, et de nombreux autres protocoles. Ces derni\u00e8res ann\u00e9es, SSL\/TLS a \u00e9t\u00e9 l&rsquo;objet de toutes les attentions, menant \u00e0 la d\u00e9couverte de nombreuses failles de s\u00e9curit\u00e9 et \u00e0 des am\u00e9liorations du protocole. Dans cette th\u00e8se, nous commen\u00e7ons par explorer l&rsquo;\u00e9cosyst\u00e8me SSL\/TLS sur Internet en \u00e9num\u00e9rant les serveurs HTTPS sur l&rsquo;espace IPv4; nous proposons pour cela des m\u00e9thodologies de collecte et d&rsquo;analyse permettant d&rsquo;obtenir des r\u00e9sultats reproductibles et comparables entre diff\u00e9rentes campagnes de mesure. Au-del\u00e0 de ces observations, nous nous sommes int\u00e9ress\u00e9s en d\u00e9tail \u00e0 deux aspects essentiels de la s\u00e9curit\u00e9 TLS: comment parer les attaques sur le Record Protocol, et comment impl\u00e9menter des parsers s\u00fbrs et efficaces. Finalement, en se basant sur les nombreuses failles d&rsquo;impl\u00e9mentation qui ont affect\u00e9 presque toutes les piles TLS ces derni\u00e8res ann\u00e9es, nous tirons quelques enseignements concernant les difficult\u00e9s li\u00e9es \u00e0 l&rsquo;\u00e9criture d&rsquo;une biblioth\u00e8que TLS de confiance.<\/p>\n<p><em>Abstract :<\/em><\/p>\n<p>SSL\/TLS, a 20-year old security protocol, has become a major component securing network communications, from HTTPS e-commerce and social network sites to Virtual Private Networks, from e-mail protocols to virtually every possible protocol. In the recent years, SSL\/TLS has received a lot of attentions, leading to the discovery of many security vulnerabilities, and to protocol improvements. In this thesis, we first explore the SSL\/TLS ecosystem at large using IPv4 HTTPS scans, while proposing collection and analysis methodologies to obtain reproducible and comparable results across different measurement campaigns. Beyond these observations, we focused on two key aspects of TLS security: how to mitigate Record Protocol attacks, and how to write safe and efficient parsers. Finally, building on the numerous implementation flaws in almost all TLS stacks in the last years, we propose some thoughts about the challenges in writing a secure TLS library.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Quand: le 23\/09\/2016 \u00e0 10h00 &#8211; O\u00f9: Salle B312 \u00e0 T\u00e9l\u00e9com ParisTech, 46 rue Barrault, 75013 PARIS Le jury sera compos\u00e9 de : Directreur de th\u00e8se M. Herv\u00e9 Debar, Professeur &#8211; T\u00e9l\u00e9com SudParis Rapporteurs BHARGAVAN Karthikeyan &#8211; Directeur de recherche INRIA LAFOURCADE Pascal &#8211; Ma\u00eetre de conf\u00e9rences HDR Universit\u00e9 d&rsquo;Auvergne Examinateurs CHAILLOUX Emmanuel &#8211; Professeur [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":768,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[350],"tags":[],"class_list":["post-769","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-theses-2016-fr","entry","has-media"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=769"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/769\/revisions"}],"predecessor-version":[{"id":1665,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/769\/revisions\/1665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media\/768"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}