Now back in HD: the CloudFlare Cryptography Meetup series. A while back, CloudFlare hosted a pair of Meetups focused on encryption and cryptographic technology. Now that CloudFlare HQ has moved into our beautiful new home at 101 Townsend in San Francisco, we’ve decided to bring the crypto back.
In this series, we’ve invited experts from academia and industry to talk about the cryptographic protocols they are working on and to share experiences around deploying cryptographic applications in the real world. This is the place to geek out on crypto!
These talks are intended to explore interesting new crypto topics in an accessible way. It aims to be informative and thought provoking, and practical examples are encouraged.
We’ll start the evening at 6:00p.m. with time for networking, followed up with short talks by leading experts. Pizza and beer are provided!
Whether you're a cryptography hobbyist, an industry expert or just interested in the subject, come visit CloudFlare’s world headquarters at 6:00pm on April 21st.
RSVP here on Meetup.com.
The confirmed speakers for April 21st are Brian Warner, Zakir Durumeric and Whitney Merrill.
"magic-wormhole" is a simple tool to move files from one computer to another, like "scp" but without the setup. By telling the recipient just a few secret words, the file is safely encrypted and delivered directly to the correct machine. The talk will explain the security mechanics, the cryptography (NaCl and SPAKE2), and how to use the underlying open-source library in your own applications.
Brian Warner is a security engineer and software developer, having worked at Mozilla on Firefox Sync, the Add-On SDK, and Persona. He is co-founder of the Tahoe-LAFS distributed secure filesystem, and develops secure storage and communication tools.
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
Is your email being sent in the clear? While PGP and S/MIME provide end-to-end encrypted mail, most users have yet to adopt these practices, and for users who have, metadata, such as the subject, sender, and recipient, remain visible everywhere along a message’s path. SMTP—the ubiquitous mail transport protocol—has evolved over the years to add encryption and authentication, both of which take place behind the scenes and help guard against surveillance and spam. While these features are being increasingly deployed, our research shows that they are almost always configured in vulnerable ways—the details of which are hidden from the users sending and receiving mail. Even more disturbingly, these vulnerabilities are being widely exploited in the wild: in seven countries, more than 20% of inbound Gmail messages are downgraded to cleartext by network-based attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext. In this talk, I’ll introduce protocols used to protect SMTP and and describe the current state of mail security on the Internet. I'll describe several commonly occurring attacks, weaknesses in the protocols we're using and recent proposals for helping secure email transport.
Zakir Durumeric is a Ph.D. Candidate in Computer Science and Engineering at the University of Michigan and Google Ph.D. Fellow in Computer Security. His research focuses on network security, particularly how global network measurement can improve the security of heterogeneous distributed systems. Zakir is widely known for creating ZMap—the Internet-wide network scanner capable of scanning the entire public IPv4 address space in minutes—and Censys—the search engine that allows researchers to analyze the devices that compose the public Internet. His work has been awarded numerous distinctions, including the IRTF Applied Networking Research Prize and best paper awards from USENIX Security, ACM Conference on Computer and Communications Security, and ACM Internet Measurement Conference. He was named one of this year's MIT Technology Review’s 35 Innovators under 35.
Encrypt All the Things!
How does encryption, the user, and the law function? I'll break down the interesting issues surrounding the law and encryption. I'll briefly discuss the 1st, 4th, and 5th Amendments and break down why the All Writs Act is everything anyone wants to talk about.
Whitney Merrill is an attorney at the Federal Trade Commission in San Francisco, California where she works on consumer protection issues involving false advertising, deception, privacy, and data security. She received her Masters in Computer Science from the University of Illinois at Urbana-Champaign and her law degree from the University of Illinois College of Law. She specializes in information security, computer crime, privacy, surveillance, and Internet law. Her graduate research focused on Android privacy, digital forensics, and the legal issues surrounding encryption. While at UIUC, she was a member of the Illinois Security Lab, and in her spare time Whitney runs the Crypto & Privacy Village at DEF CON. She loves solving and creating puzzles.
Whitney Merrill is speaking in her personal capacity and not as a representative of the Federal Trade Commission. These are the views of the individual and do not represent the views of the Federal Trade Commission or any one Commissioner.
To whet your appetite, check out some videos from previous CloudFlare Crypto meetups.
Steve Weis: Crypto Projects that might not suck.
Adam Langley: Fun with hashes.
Jonathan Matson: U.S. Controls on Open Source Cryptographic Code.