Encryption without magic, risk management without pain

Encryption without magic, risk management without pain

In-depth technical inquiry about application-level encryption. How crypto helps to narrow down significant risks to controlled attack surfaces, enables managing the risk efficiently and elegantly, how tools and algorithms sit in a broader context of managing infrastructure-wide risks associated with handling sensitive data.

Narrowing attack surface

We discuss client-side, middleware-side and proxy-side encryption. End-to-end encryption, Zero knowledge, Zero trust systems.

Click to read slides.

Points we cover

  1. What is attack surface, how cryptography helps to narrow it.
  2. Simple crypto-systems, but significant downsides.
  3. Middleware-side encryption: protecting data in web-based infrastructures.
  4. Client-side encryption: trust to mobile apps and code execution. E2EE. ZKA. ZKP.
  5. Echelonization, and traditional techniques.

Read talk transcript on Codemotion site.

Watch ENG 📺 [QCon London]

Watch on InfoQ site.

Watch RU 📺 [Security BSides]

Click to read slides.

Presented at ✨