Long term study on SSL/TLS certificates

Abstract

The amount of encrypted communication is constantly increasing but nobody can really say if the encrypted data is secure or not. Every time data has to be encrypted, an encryption key has to be created and used to secure the channel, but no information is available regarding the security or the quality of the key itself.

In this presentation we will review how cryptographic keys have been collected across a wide range of protocols, how tests led to the identification of a large numbers of vulnerable and insecure keys, and how the results allowed the discovery of valuable insights and intelligence from our data.

Talk

slides, recording

Enrico Branca

Enrico Branca is an experienced researcher with specialist knowledge in Cyber Security. He has been working in Information Security for over a decade with experience in Software Security, Information Security Management, and Cyber Security R&D. He has been trained and worked in various roles during his career, including Senior Security Engineer, Security Architect and Disaster Recovery Specialist, always looking for new exciting opportunities.