Trial Lecture of Dr Felix Härer as part of a habilitation procedure.

Summary: Which protocols keep our data safe and private today, and which will do so tomorrow? This lecture examines the security-critical protocols that underpin modern information networks, within organizations and across the public Internet.

Part 1: Internet Protocols and TLS
We begin with a brief orientation to the Internet protocol stack (IP, TCP/UDP, DNS, HTTP) and identify the protocol most relevant to security and privacy today: Transport Layer Security (TLS). We will examine the role of TLS in the protocol stack and how it delivers confidentiality, authentication, as well as properties such as forward secrecy. We wil conclude the first part by discussing TLS and its role in protecting web and application traffic at scale.

Part 2: Evolution of Internet Protocols
We then turn to the question: how does this stack need to evolve to provide security now and in the near term? We explore TLS 1.3 and QUIC, focusing on how these protocols function, in particular by integrating transport and security. We then look at modern application delivery, including HTTP/3. Given this modern protocol stack, still privacy exposures remain. We will identify where leaks might occur, e.g., DNS queries or Server Name Indication, and discuss additional protections in the stack.

Outlook
As an outlook, we assess the post-quantum readiness of the protocols covered and discuss the next steps required for future security and privacy.
Note: The lecture will be given in German.