LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS - PowerPoint PPT Presentation

Feb 25, 2024 •14 likes •244 views

LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS Con fi dentiality Data Integrity Authentication NO PRIVACY: HTTP Public-only communication (Possibly?) Tampered messages Of

LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com
PRIVACY MATTERS
PRIVACY MATTERS: HTTPS • Con fi dentiality • Data Integrity • Authentication
NO PRIVACY: HTTP • Public-only communication • (Possibly?) Tampered messages • Of dubious origin
PUBLIC COMMUNICATIONS
PUBLIC COMMUNICATIONS • Firesheep
PUBLIC COMMUNICATIONS • Firesheep • Google
PUBLIC COMMUNICATIONS • Firesheep • Google • AT&T
TAMPERING
TAMPERING • Verizon Perma-Cookies
TAMPERING • Verizon Perma-Cookies
TAMPERING • Verizon Perma-Cookies • Comcast ad injection
TAMPERING • Verizon Perma-Cookies • Comcast ad injection • China - GitHub
OF DUBIOUS ORIGIN
OF DUBIOUS ORIGIN • Turk Telecom
OF DUBIOUS ORIGIN • Turk Telecom • China Netcom
OF DUBIOUS ORIGIN • Turk Telecom • China Netcom • AT&T
PRIVACY MATTERS: HTTPS • Encryption (Private communication) • Data Integrity (Certainly untampered) • Authentication (Certain of origin)
HTTPS FOR YOU • Remove industrial espionage vector • No customer hijacking • No impersonation
HTTP DEPRECATION • Firefox: non-secure website won’t have access to new features • Chrome: display websites over HTTP as non- secure
UPCOMING FUNCTIONALITY • HTTP/2 (TLS-only on Firefox, Chrome and IE) - bandwidth + latency gains • Advanced Caching (ServiceWorkers)
POSSIBLE UPGRADE PATH • Referrer Policy   http://www.w3.org/TR/referrer-policy • Upgrade Insecure Requests   http://www.w3.org/TR/upgrade-insecure-requests/
THANKS oyiptong@mozilla.com

Recommend

Several possibilities for combination: So far: had cryptographic algorithms to achieve

Several possibilities for combination: So far: had cryptographic algorithms to achieve Encrypt-then MAC: encrypt message, then compute MAC of Privacy: use encryption ciphertext. Integrity: use MAC MAC-then-encrypt: First compute MAC, and then

203 views • 3 slides

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020 Whats Close lid to encrypt? Project by Jonas Meurer and me Freelancing systems engineers living in Germany Full-disk encryption

397 views • 16 slides

Why Encrypt Data? We have already discussed authentication and access control as means to

Security in Outsourced Databases II Outsourced Databases II (Query Processing on Encrypted Data) Disks replaced Data worthless if encrypted Customer Credit for maintenance Card Number Laptops stolen Backups lost p 1 Why Encrypt Data?

759 views • 19 slides

Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25

Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark | Travis Goodspeed | Perry Metzger Zachary Wasserman | Kevin Xu | Matt Blaze Usenix 2011 P25 Modulates voice

147 views • 14 slides

Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt

Exercise: Encrypting and Decrypting with RSA In this exercise, you will encrypt and decrypt numbers using a simple version of the RSA algorithm. Each team should have two members. Each team-member should complete the exercise as Bob, then pass

229 views • 4 slides

No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2

. . . . . . . . . . . . . . No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2 , G. Moura 3 1 National Cyber Security Centre The Netherlands 2 Delft University of Technology The

293 views • 18 slides

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin License : CC-BY-SA 4.0 Introduction What is TLS and why do I need it? TLS stands for Transport Layer Security Difference between https and

360 views • 23 slides

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Bck https://hboeck.de 1 INTRODUCTION Hanno Bck, freelance journalist and hacker. Writing for Golem.de and others. Fuzzing Project , funded by Linux Foundation's Core

1.09k views • 46 slides

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej Korczy nski 2 , Giovane C. M. Moura 3 , Samaneh Tajalizadehkhoob 2 , Jan van den Berg 2 1 National Cyber Security Centre The Netherlands 2 Delft

423 views • 21 slides

Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel

Lets Encrypt as a Startup Success Story Security and Ops and Encrypting the web Daniel Jeffery Linux Foundation Why HTTPS? As our dependency on the internet has grown, the risk to users' privacy and safety has grown along with it.

746 views • 40 slides

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by default, all the time? Crypto 101: Encryption without authentication is useless. Encryption without authentication is like meeting a stranger in a

813 views • 31 slides

On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G.

Motivation The Attacks Concluding Remarks On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G. Paterson Information Security Group Royal Holloway, University of London CCS 2010 Jean Paul

930 views • 68 slides

Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU

Why Can't Online Social Networks Encrypt? Ero Balsa , Filipe Beato, Seda Grses KU Leuven NYU W3C Workshop on Privacy and UserCentric Controls 1 20-21 November 2014, Berlin << Facebook has been able to deploy end-to-end encryption

429 views • 10 slides

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan telework-related security policies and controls based on a zero-trust model. Encrypt client devices storage, encrypt all sensitive data stored on

371 views • 9 slides

Shai Halevi IBM CRYPTO 2011 Wouldnt it be nice to be able to Encrypt my data before

Shai Halevi IBM CRYPTO 2011 Wouldnt it be nice to be able to Encrypt my data before sending to the cloud While still allowing the cloud to search/sort/edit/ this data on my behalf Keeping the data in the cloud in encrypted form

956 views • 60 slides

How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin Orange Labs

How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin Orange Labs ICALP 2008 July 9, 2008 intro LPN problem LPN-C security parameters conclusion the context the authentication protocol HB + by Juels and

708 views • 21 slides

Responsible Behavior http://xkcd.com/364/ Lab: Alternate CTR mode Suppose we use encrypt

Responsible Behavior http://xkcd.com/364/ Lab: Alternate CTR mode Suppose we use encrypt using the following formula: C i = P i E(K, IV+i) Is this secure? Why or why not? If so, how does this relate to CTR mode? If not, what

935 views • 48 slides

Lets Encrypt October 11, 2018 Justin Sun Padlock icon Your browser is communicating

Introduction to Lets Encrypt October 11, 2018 Justin Sun Padlock icon Your browser is communicating securely with the nejug.org through an encrypted channel Your browser trusts nejug.org because the NEJUG website has a certificate

270 views • 15 slides

Encrypt or Decrypt ? To Make a Single-Key BBB Secure Nonce-Based MAC Nilanjan Datta 1 , Avijit

Encrypt or Decrypt ? To Make a Single-Key BBB Secure Nonce-Based MAC Nilanjan Datta 1 , Avijit Dutta 2 , Mridul Nandi 2 and Kan Yasuda 3 1. Indian Institute of Technology, Kharagpur, India 2. Indian Statistical Institute, Kolkata, India 3. NTT

580 views • 45 slides

Encrypt All The Things: Implementing App Mobile Security Nathan Freitas @n8fr8 @guardianproject

Encrypt All The Things: Implementing App Mobile Security Nathan Freitas @n8fr8 @guardianproject https://guardianproject.info INTENTION vs. EXECUTION The Guardian Project https://guardianproject.info Secure Your Mobile Life Apps &

816 views • 60 slides

Meet in the Middle March 13, 2019 1 / 25 My optimizations F : 4 Sbox : 26 Sbox 8 b i t

Meet in the Middle March 13, 2019 1 / 25 My optimizations F : 4 Sbox : 26 Sbox 8 b i t : 12 Sbox 16 b i t : 12 Round f u n c t i o n : 14 Next roundkey : 6 Encrypt : 318 Encrypt u n r o l l e d : 314 2 / 25 Last

405 views • 28 slides

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov Outsourced Applications Today Server data data Encrypt the data! Encrypt the Data App functionality no App functionality no longer works :( longer

1.42k views • 58 slides

Meet in the Middle March 18, 2020 1 / 24 My optimizations F : 4 Sbox : 26 Sbox 8 b i t

Meet in the Middle March 18, 2020 1 / 24 My optimizations F : 4 Sbox : 26 Sbox 8 b i t : 12 Sbox 16 b i t : 12 Round f u n c t i o n : 14 Next roundkey : 6 Encrypt : 318 Encrypt u n r o l l e d : 314 2 / 24 Sbox

470 views • 27 slides

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast Encryption Encrypt to a subset of users in the system Broadcast Encryption Encrypt to a subset of users in the system e.g., subscribers who haven t

1.62k views • 113 slides