Presentation: How to Use Encryption for Defense in Depth in Native and Browser Apps

Track: Trust, Safety & Security

Location: Pacific DEKJ

Duration: 11:50am - 12:40pm

Day of week: Wednesday

Share this on:

Abstract

Encryption is one of the most effective technical security measures. It massively reduces the impact and cost of a data breach. But encryption is typically focused on “infrastructure-level” elements like TLS and full-disk encryption. These are important tools, but they rely on assumptions about the infrastructure instead of the application code.    

As developers, infrastructure isn’t our strength, and sometimes it’s not even our job, so encryption takes a back seat to application-level features. But adding encryption to the application itself can insulate our systems from infrastructure-level failures, adding an important element of defense in depth.  

In this talk, we will discuss the pros and cons of application-level and end-to-end encryption. Since browsers are a nearly unavoidable element of modern application development, we will also cover the attack surface of application-level encryption in the browser, how it is very different from native clients, and how WebAssembly and WebCrypto help.

Speaker: Isaac Potoczny-Jones

Founder @Tozny & Authentication and Privacy Specialist

Isaac is the founder and CEO of Tozny, LLC, a privacy and security company specializing in easy to use cryptographic toolkits for developers. Isaac’s work in cybersecurity spans open source, the public sector, and commercial companies. His projects have included end-to-end encryption for privacy in human subject research, secure cross-domain collaboration, identity management, anonymous authorization, mobile password-free authentication, anti-forgery in hardware devices, and privacy-preserving authentication. He has worked with agencies including DARPA, the Navy, Air Force Research Laboratory, the Department of Homeland Security, the National Institute of Standards and Technologies, and other elements of the DoD and intelligence communities.  Isaac is an active open source developer in the areas of cryptography and programming languages. Education: B.S. in computer science, M.S. in Cybersecurity.

Find Isaac Potoczny-Jones at

Tracks

Monday, 11 November

Tuesday, 12 November

Wednesday, 13 November