| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Modern encryption techniques provide several important security properties, well known to most practitioners. Or are they? What are in fact the guarantees of, say, HTTPS TLS cipher suites using authenticated encryption, VPNs, Property Preserving Encryption, or token vaults? We live in an era of embedded Hardware Security Modules that cost less than $1 in volume, and countless options now exist for encrypting streaming network data, files, volumes, and even entire databases. Let's take a deep dive into the edge of developed practice to discuss real-world threat scenarios to public cloud and IoT data, and look closely at how we can address specific technical risks with our current encryption toolkits. Advanced math not required. Kenneth White is a security researcher whose work focuses on networks and global systems. He is Director of the Open Crypto Audit Project (OCAP), and recently completed a large-scale audit of OpenSSL on behalf of the Linux Foundation's Core Infrastructure Initiative. Previously, he led the engineering team that designed and ran global Ops and security for the largest clinical trial network in the world, with research centers in over 100 countries. White co-founded CBX Group which provides public cloud security services to major organizations including World Health, UNICEF, Doctors without Borders, the US State Department, and BAO Systems. White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software. His work on network security and forensics and been cited by media including the Wall Street Journal, Forbes, Reuters, Wired and BBC. White has served as a technical reviewer for the Software Engineering Institute, and publishes and speaks frequently on cloud ops, security engineering, and trust.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast