Keynote - Cryptography in the age of Heartbleed

Presented at AppSec USA 2016, Oct. 14, 2016, 8 a.m. (60 minutes).

The past decade has seen an unprecedented number of high-profile data breaches. To address this threat, businesses have begun to invest heavily in encryption technologies, both to protect data and to reduce liability in the event of a breach. However, the widespread deployment of encryption has placed a new burden on application developers, a burden that is made worse by the fact that many of our existing protocols and software libraries are themselves flawed. In this talk I will discuss the problems facing both cryptographers and application developers who implement cryptography. I will focus on where we stand with making cryptography easy to use; recent vulnerabilities in some of the protocols that power the secure web; and the challenging problem of securing cryptographic software against sophisticated nation-state attackers.


Presenters:

  • Matthew Green
    Dr. Matthew Green, a respected cryptographer and security technologist, has over fifteen years of industry experience in computer security. Dr. Green is an Assistant Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced storage systems, and anonymous cryptocurrencies. Dr. Green led the team that developed the first anonymous cryptocurrencies, Zerocoin and Zerocash. His research team has exposed flaws in more than one third of SSL/TLS encrypted web sites as well as vulnerabilities in encryption technologies, including RSA BSafe, Exxon/Mobil Speedpass, EZpass, and automotive security systems.Dr. Green led the team that developed the first anonymous cryptocurrencies, Zerocoin and Zerocash. His research team has exposed flaws in more than one third of SSL/TLS encrypted web sites as well as vulnerabilities in encryption technologies, including RSA BSafe, Exxon/Mobil Speedpass, EZpass, and automotive security systems. Dr. Green writes the Blog "A Few Thoughts on Cryptographic Engineering".

Links:

Similar Presentations: