A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Crypto defenses for real-world system threats - Kenneth White BSides Indy 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Crypto defenses for real-world system threats
Kenneth White
kennwhite
BSides Indy 2017

Modern encryption techniques provide several important security properties, well known to most practitioners. Or are they? What are in fact the guarantees of, say, HTTPS TLS cipher suites using authenticated encryption, VPNs, Property Preserving Encryption, or token vaults? We live in an era of embedded Hardware Security Modules that cost less than $1 in volume, and countless options now exist for encrypting streaming network data, files, volumes, and even entire databases. Let's take a deep dive into the edge of developed practice to discuss real-world threat scenarios to public cloud and IoT data, and look closely at how we can address specific technical risks with our current encryption toolkits. Advanced math not required.

Kenneth White is a security researcher whose work focuses on networks and global systems. He is Director of the Open Crypto Audit Project (OCAP), and recently completed a large-scale audit of OpenSSL on behalf of the Linux Foundation's Core Infrastructure Initiative. Previously, he led the engineering team that designed and ran global Ops and security for the largest clinical trial network in the world, with research centers in over 100 countries. White co-founded CBX Group which provides public cloud security services to major organizations including World Health, UNICEF, Doctors without Borders, the US State Department, and BAO Systems. White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software. His work on network security and forensics and been cited by media including the Wall Street Journal, Forbes, Reuters, Wired and BBC. White has served as a technical reviewer for the Software Engineering Institute, and publishes and speaks frequently on cloud ops, security engineering, and trust.

Back to BSides Indy 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast