End-to-end data turnover: slides and notes

At Cossack Labs, one of the main things we’re interested in is building data protection tooling, which is resistant to infrastructure breaches. Previously, I’ve outlined our vision in a talk Everything will be broken, given at Security BSides 2016: it is only a question of time, when your infrastructure is going to let intruders in.

But what should we do about it?

Such trust model gives ground for ‘zero knowledge software’:

Zero knowledge software is software, that operates with client data without having unencrypted access to it.

This talk reviews common ZKS strategies in three domains — data in motion, data in process and data at rest. ZKS itself is not a hard goal to achieve — yet, achieving decent level of usability and functionality on top of zero-knowledge data turnover is a challenge that is yet only starting to interest people around data security.

Hermes

Hermes is one of core building blocks of zero knowledge software solutions we’re working on at Cossack Labs. This talk explains core methodology (it’s extremely simple) and some use-case considerations.

Seems like the future? So are today’s threats

Don’t want to be pwned? Stay tuned and watch how modern techniques evolve. We’re living in exciting times.

Wanna learn more about what we do? There’s a lot more in Cossack Labs Blog.

Rants and musings in risk, technology and odd human behavior. www.cossacklabs.com / www.ivychapel.ink.

Rants and musings in risk, technology and odd human behavior. www.cossacklabs.com / www.ivychapel.ink.