High level cryptography
Maintaining cryptographic library for 12 languages
Maintaining cross-platform cryptographic library is a journey full of unexpected bugs, language-specific hacks, difficult decisions and the endless struggle to make developer-facing APIs easy-to-use and hard-to-misuse. Anastasiia described the four years journey of designing and supporting Themis: from shaping cryptosystems, writing language wrappers to CICD pipelines, autotests and interactive documentation.
10 lines of encryption, 1500 lines of key management
Watch a story behind implementing end-to-end encryption for Bear application. Anastasiia explained the security engineering flow: protocol design, selecting cryptographic library, cryptocoding techniques, building defence-in-depth and preparing for incidents. Learn how to build an encryption engine for the app with 6M users.
Marrying usability and security in large-scale infrastructures
Usability is often thought of as the opposite of security. However, most of the security controls inside operating systems and most of the security tools that run there are designed for being operated by humans. This talk is a summary of Eugene’s experience in building and seeing engineers integrate the security tooling β how security controls and tools are mis-designed and fail once used, how poorly integrated controls decrease the overall security of a system, and how lessons learned in reliability/infrastructure engineering apply to security tooling to fix that.
Protecting sensitive data in modern multi-component systems
A talk for solution architects and technical leads, in which we took a deep look into data lifecycle, risk, trust, and how they affect security architecture, encryption, and key management techniques. We illustrated typical SDL patterns: narrowing trust, monitoring intrusions, zero knowledge architectures, distributing trust. The goal of the talk was to provide a general thinking framework and enough ideas about tools for senior engineers for them to be able to plan their solutions securely, in relation to the sensitive data inside.
Encryption without magic, risk management without pain
An in-depth technical inquiry about cryptography in a wider context: how it helps to narrow more significant risks to controllable attack surfaces, enables efficient and elegant risk management, and how tools and algorithms sit in a broader context of managing infrastructure-wide risks associated with handling the sensitive data.
Zero-knowledge architectures for mobile applications
The talk focused on real-world problems that ZKA counters, typical cryptographic designs and progress in different spheres of ZKA. The talk also explained the practical approaches useful for mobile developers (implementing data sharing and user collaboration on data in a cloud in a way that makes a mobile app provably secure).
End-to-end data turnover: building Zero-knowledge software
Our CTO’s talk on the evolution of end-to-end software, survival within the “everything will be broken” model with the help of employing proper cryptography and trust management, plus a disclosure of some ideas and concepts behind Hermes.
Everything will be broken
Our CTO’s talk about the classic and emerging threat models, a proper understanding of security risks, perception of technical infrastructures ranging from idealistic to realistic, and adopting stronger techniques in the face of the vanishing perimeter and the (sadly) lowering standards of security tools and overall quality of the produced software.