SSL man-in-the-middle secure solution

Wednesday 30 September 12:00 - 12:30, Small talks

Mark Kennedy (Symantec)
Righard Zwienenberg (ESET)
Prof. Igor Muttik (Intel Security)

More and more HTTP traffic is being encrypted (HTTPS). This increases security by preventing listening into the conversation, but it also creates a problem for security products that need access to that information as well. To address this, many security companies implement a 'man-in-the-middle' protocol, where they broker the keys from both ends of the conversation, and thus are able to inspect the content.

For some websites now — and perhaps many more in the future — the client is checking to verify that the SSL certificate is routed to the server. However, these checks will fail because the certificate returned by the security product will not match the server's domain. We see some of these failures in the field today, and more will likely follow.

The IEEE Industry Connections Security Group is working on a secure solution to this growing problem. We will show where we are, and discuss how we will move forward towards an industry solution.

Mark Kennedy

Mark Kennedy

Mark is a Distinguished Engineer with Symantec, where he has been for the last 24 years. Apart from his work with Symantec, Mark also serves on the Board of Directors of the AMTSO, as well as the Chairman of several IEEE committees. He has spoken at numerous conferences around the world, including several appearance at Virus Bulletin.

Righard Zwienenberg

Righard Zwienenberg

Righard J. Zwienenberg is a Senior Research Fellow at ESET, and began dealing with computer viruses in 1988 after encountering the first virus problems at the Technical University of Delft. He has been a member of CARO since late 1991, and is now President of AMTSO, Vice-President of AVAR and on the Technical Overview Board of the WildList. He is a popular speaker at industry conferences, including Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS and CFET.

Prof. Igor Muttik

Prof. Igor Muttik

Prof. Igor Muttik (Ph.D.) works for Intel Corporation. He started researching computer malware in the 1980s when the anti-virus industry was in its infancy. He is based in the UK and worked as a virus researcher for Dr. Solomon's Software where he later headed the anti-virus research team. From 1998 he was running McAfee's malware research in EMEA and switched to his architectural role in 2002. He was a Senior Principal Research Architect with McAfee Labs, which became part of Intel in 2011. He takes particular interest in applied security research and the design of new security software and hardware. Igor holds a Ph.D. degree in physics and mathematics from the Moscow University. He is a regular speaker at major international security conferences and is a co-author of three books, more than 100 publications and more than 25 patents.



twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.