Technical Level: Intermediate
Speaker: Seth Hardy
Key and Identity Management With PGP
There are many introductory tutorials out there on PGP (and its open source equivalents), but few seem to touch on one of the most important aspects of it, why many people choose to use it: key and identity management. It’s been said that key management is the hardest (and worst) part of cryptography; trust is hard to manage because it’s both very important and completely intangible. There’s a reason why some companies can make so much money off of managing a PKI (public key infrastructure) for you.
This talk will start by covering the concepts of public key cryptography, and from there move into the realm of key and identity management in PGP. First, we’ll look at the advantages and disadvantages of the decentralized PKI that PGP uses, called the “Web of Trust,” especially as compared to more centralized alternatives. From there, we’ll cover how to manage the web of trust in PGP, and how that same method can be used for other applications, such as managing SSL certificates. To wrap up, we’ll look at some interesting identity management problems and common mistakes made by PGP users.
Seth has been involved in cryptography research, academically and professionally, for the last eight years. Some of these areas of research include elliptic curves, combinatorial cryptography, random number generation, and trust networks. He’s presented his work at a number of conferences, including Black Hat, DEF CON and the CCC Congress. He currently works for Spirent Communications, doing vulnerability research.
Seth’s Presentation: Key and Identity Management with PGP
Speaker: Leigh Honeywell, Paul Wouters
As traditional telephony gives way across the enterprise to VOIP, mobile devices, and other disruptive technologies, new security and privacy issues are emerging. Leigh and Paul will look at the role of devices linked to the corporate network such as the Blackberry, and discuss different techniques for securing mobile phone conversations over the GSM network.
Paul Wouters is often involved with crypto, digital rights, and cypherpunks projects. He co-founded the Dutch ISP “Xtended Internet” back in 1996, where he became known for surviving the wrath of Scientology for hosting xenu.net. In 2003 he co-founded Xelerance, a company specialised in VPN technology that develops and maintains the Linux IPsec software, assists in the deploment of DNSSEC worldwide and offers training courses for IPsec, DNS/DNSSEC, Radius and Xen. In 2006 he published “Building and integrating Virtual Private Networks with Openswan”. He currently maintains various cryptographic software packages for Windows and Fedora Linux, including the popular Instant Messenger encryption software “Off the Record”.
Leigh Honeywell is an independent security and VOIP consultant, specializing in the Asterisk Open Source PBX. She studied Computer Science at the University of Toronto and worked in the Emerging Technologies Group at Bell Canada before starting her own consultancy, Adanix Solutions.
Leigh and Paul’s Presentation: Mobile Phone Call Encryption