© 2020 Strange Loop
There is no cloud — it's just someone else's computer. And you're storing all sorts of sensitive data on it, blindly trusting that this computer will only allow access to authorised users. What if it is compromised?
End-to-end encryption avoids having to trust the servers. Although PGP/GPG encrypted email never went mainstream, secure messaging apps like WhatsApp, Signal and iMessage have shown that it is feasible for millions of people to use end-to-end encryption without being security experts.
But how do these protocols actually work? In this talk, we will dig into the details of secure messaging protocols — to understand the threats against which they defend, and how cryptographic operations are combined to implement those defences in the protocol. If you have ever wondered what "forward secrecy" means, how key exchange works, or how protocols can ensure you're communicating with the right person (not an impostor like a "man in the middle"), this talk will clear things up.
We will also look at taking end-to-end encryption to other areas beyond instant messaging. What would it take to build an end-to-end secure version of Google Docs, for example?
Martin is a researcher at the University of Cambridge, working on the TRVE DATA project, and author of the O'Reilly book “Designing Data-Intensive Applications” (http://dataintensive.net), which analyses the data infrastructure of internet companies. He previously founded and sold two startups, and worked on data infrastructure at LinkedIn.
Diana is currently a PhD candidate at the University of Cambridge Computer Laboratory. Her research focuses on finding ways to decentralise the process of establishing trust, and she is currently experimenting with gossiping as a means of providing key transparency. In her spare time, she's worked at Flexiant, a cloud computing startup based in Scotland, but now spends most of that time with her family and her 2 year old son.