The encryption vs. inspection debate

Presented at VB2017, Oct. 5, 2017, 2 p.m. (90 minutes)

There is a tension in the security industry right now between the proponents of end-to-end encryption and those who use network inspection as a core tool to understand threats and information flows. This debate is particularly relevant to the web, where HTTPS adoption passed 50 per cent this year. Recent research also shows that a large percentage of this traffic is not end-to-end encrypted from the browser to the server, and that both intercepting proxies and anti-virus software can reduce the security of encrypted connections significantly. In this presentation, I will explore the various angles of this debate and entertain ways to relieve the tension.

Presenters:

• Nick Sullivan - Cloudflare
  Nick Sullivan Nick Sullivan is a leading cryptography and security technologist. As Head of Cryptography at Cloudflare, a top Internet performance and security company, he is responsible for overseeing all cryptographic products and strategy. He was instrumental in building Cloudflare's security engineering team and led major projects including Keyless SSL and TLS 1.3. Prior to joining Cloudflare, he was a digital rights management pioneer, helping build and secure Apple's multi-billion dollar iTunes store. He holds an M.Sc. in cryptography, is the author of more than a dozen computer security patents, and regularly speaks at major security conferences.

Links:

• https://www.virusbulletin.com/conference/vb2017/abstracts/encryption-vs-inspection-debate

Similar Presentations:

• HOPE 2020 Virtual Rescheduled / Beyond End-to-End
• Still Hacking Anyway (SHA2017) / Olmogo - because it's your data!: A cryptographically secure social network platform
• 31C3 (2014) / Why is GPG "damn near unusable"?: An overview of usable security research