Post-Snowden Cryptography

Brussels, December 9 & 10, 2015


Nathan Freitas, Lessons from Five Years of Building Free, Open-Source, Secure Apps on Android

While the state of the art in cryptography and security practices has continued to advance, the reality of bringing that progress to consumer-grade smartphones is just as foreboding and treacherous as ever. This is particularly true for low-cost, ubiquitous Android devices that are becoming the "first computers" for billions of people in Asia and Africa. Still we must endeavor to provide meaningful solutions, and potentially alternatives, to those who are primarily computing and communicating on compromised-by-design platforms.

In this talk, I will review the work we have done at the Guardian Project to help bring Tor, Tor Browser, OTR, GnuPG, SQLCipher and other free software to millions of Android users around the world. From there, I will consider, especially in a Post-Snowden context, what real impact that has had, whether it is enough, and what other possible directions forward for secure mobile computing there might be.

Ian Goldberg, DP5: Privacy-preserving Presence Protocols

Users of social applications like to be notified when their friends are online. Typically, this is done by a central server keeping track of who is online and offline, as well as of the complete friend graph of users. However, recent NSA revelations have shown that address book and buddy list information is routinely targetted for mass interception. Hence, some social service providers, such as activist organizations, do not want to even possess this information about their users, lest it be taken or compelled from them.

In this talk, we present DP5, a suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom. DP5 accomplishes this using an implementation of private information retrieval (PIR), which allows clients to retrieve information from online databases without revealing to the database operators what information is being requested.

Christian Grothoff, The Architecture of the GNUnet: 45 Subsystems in 45 Minutes

The goal of the GNUnet project is to provide a strong free software foundation for a global network that provides security and in particular respects privacy. But what does it actually do? In this talk, I will provide an overview of WHAT the various components do, sometimes elaborate on WHY, but entirely skip the HOW. The goal is thus to offer an idea of what researchers, developers and users can expect GNUnet to provide today as a foundation for the future Internet. The audience is expected to get an overall idea of the architecture and the shiny interfaces, but will have to ask questions to glance behind the curtain.

Kenny Paterson, Countering Cryptographic Subversion

In this talk, I'll survey what we've learned from the Snowden revelations about cryptographic subversion - the deliberate undermining of cryptographic algorithms, protocols and standards. I'll explain how the community has reacted and where we might focus our efforts next.

Joanna Rutkowska, Qubes OS: towards reasonably secure & trustworthy personal computing

Why we need secure and trustworthy personal computers more than anything? And what's the difference between "secure" and "trustworthy" in this context? How Qubes OS tries to bring reasonable security to desktop computing using compartmentalization? And why isolation alone, however strong, hardly solves any problem here? How does Qubes OS tries to also be trustworthy? And what are the current limits to achieve reasonable trustworthiness today?

Jon A. Solworth, Networking in the Ethos Operating System

Traditionally, the initial design and construction of an application ignores security requirements. Later, security is added, but this is fundamentally too late. The result is a design in which both functionality and security are compromised.

We describe the Ethos operating system in general and its networking in particular. Ethos is designed to make it far easier to build robust applications because Ethos' semantics integrates strong security services with higher level semantics. This eliminates many of the pitfalls that result in security holes. Ethos' networking is encrypted, cryptographically authenticated, and authorized. The integration of security from the start enables non-security properties such as very low latency, mobility of connections, and simplified application code. Applications built on Ethos derive many security properties from Ethos, thus achieving the early security integration which is atypical in other OSs.

Last modified: 2015.12.02