ISAC Cambodia (InfoSec)
Video

Defcon 21 – Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

Description: The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.

And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.

What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?

The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using ‘measurement-bound’ encryption. This talk will describe how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I will demonstrate measurement-bound encryption in action. I will also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.

This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Come learn how your government plans to keep its own secrets and how you can protect yours.

Dan Griffin (@JWSdan) is the founder of JW Secure and is a Microsoft Enterprise Security MVP. Dan is the author of the books Cloud Security and Control, published in 2012, and The Four Pillars of Endpoint Security, to be published in 2013, and is a frequent conference speaker. Dan holds a Master’s degree in Computer Science from the University of Washington and a Bachelor’s degree in Computer Science from Indiana University.

Show More

Phannarith

Mr. OU Phannarith is one of the well-known cybersecurity experts in Cambodia and the region. He is the founder of the first leading information security website (www.secudemy.com) in Cambodia. He has been invited to present in global conferences, forums, and seminars and he was awarded in Information Security Leadership Achievements (ISLA) in 2016 by (ISC)2 and in December 2012 as one of the top 10 Chief Information Security Officers (CISO) in ASEAN by the International Data Group (IDG). Mr. OU has been the Professor specializing in Cybersecurity.

Related Articles

Back to top button