SecAppDev 2023 lecture details
Entity authentication and key establishment
This session explains the principles of entity authentication, authenticated key establishment and Public Key Infrastructure. The lecture is illustrated with the protocols used in 3G, SSH, TLS, and Signal.
Wednesday June 14th, 11:00 - 12:30
Room Lemaire
Download handoutsAbstract
Entity authentication is a crucial component to establish secure communication channels. In this session, we explore how to use cryptography to authenticate a user or a device. We investigate how protocols used in 3G, SSH, TLS, and Signal use these concepts to establish a secure channel by combining authentication with agreement of a cryptographic key. Finally, we expand the scope to include certificates and Public Key Infrastructures (PKI), and identify how they help to establish secure channels.
Key takeaway
This session will explain how entity authentication and authenticated key establishment protocols work and will help you to choose the right protocol
Content level
Deep-dive
Target audience
Anyone developing applications that require secure communication channels
Prerequisites
A basic understanding of cryptographic algorithms is useful
Related lectures
An intro to cryptographic algorithms
Introductory lecture by Bart Preneel in room Lemaire
Monday June 12th, 16:00 - 17:30
In this session, you will learn about the security properties of various cryptographic building blocks, such as stream & block ciphers, hash functions, MAC algorithms, authenticated encryption schemes, public key encryption, and digital signatures.
Key takeaway: Understanding which algorithm to choose for which application
Analysis of authentication: deciding on "good enough"
Deep-dive lecture by Avi Douglen in room West Wing
Tuesday June 13th, 09:00 - 10:30
In this session, we start by threat modeling an authentication system. We analyze the risks of secret-based authentication and guide you in building usable password policies. We'll dive into the math, and investigate secure password storage.
Key takeaway: Analyze the security of user authentication, make the right trade-offs, and strengthen the security of password-based authentication
The security model of the web
Introductory lecture by Philippe De Ryck in room Lemaire
Monday June 12th, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications