Data is a new security boundary
As a keynote speaker of this flagship event by OWASP, Anastasiia explains how developers and companies use cutting-edge cryptography and data security approaches when no perimeters and trusted zones exist anymore. In this talk, she starts with data security 101 and gets you through peculiarities of application level encryption (ALE), end-to-end encryption (E2EE), searchable encryption, zero knowledge architectures and zero trust. She demonstrates real-world cases of integrating application level encryption and supporting traditional security controls to protect customers' data. By the end of the talk, you can have a whole picture how “strong cryptography” becomes “real-world security boundary around sensitive data” and what it takes in different contexts.
Cryptographic protection of ML models
The security challenge is to protect ML models from leakage and massive accumulation, which leads to reverse engineering of unique IP. In this talk, Anastasiia explains building DRM-like protection with application level encryption using HPKE-like approach on ephemeral keys. She discusses risks, threats, dataflow, cryptographic layer, key management and integration with traditional application security controls for defense-in-depth approach.
Use cryptography, don’t learn it
Anastasiia gave a small hardcore cryptographic session and covered usable cryptography and the scenarios which can help app developers to right up their ship in case of cryptography or data security tools misuse. Get in details why boring crypto is actually better than “fun” crypto.
Security engineering: from encryption to software architecture patterns
Public training on security and cryptography engineering conducted jointly by Anastasiia and Jean-Philippe. We focused on solving practical security engineering challenges rather than academic cryptography. We talked about SSDLC and risk management, cryptography and typical cryptographic mistakes, using and misusing APIs, building defence-in-depth for distributed applications.
Evolution of password-based authentication systems
These are the slides that accompanied the talk of our core scientific contributor. The talk is focused on on evolving from regular authentication to Zero-Knowledge Proofs (including with Secure Comparator) at DefCon Crypto Village.