Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy, a competitive advantage.

Mrinal Wadhwa
November 18, 2020
Technology
0
83

Privacy, a competitive advantage.

Mrinal Wadhwa

November 18, 2020
Tweet

More Decks by Mrinal Wadhwa

See All by Mrinal Wadhwa
End-to-End Encryption in Elixir with Ockam
mrinalwadhwa
0
250
End-to-End Encryption
mrinalwadhwa
0
130
Identiverse 2021 - Cryptographic Protocols for Machine Identities and Credentials
mrinalwadhwa
0
29
End-to-end encryption with BEAM and Elixir
mrinalwadhwa
1
59
Cryptographic Protocols for a Secure and Private IoT
mrinalwadhwa
0
31
Trust Architectures in IoT
mrinalwadhwa
0
120
Fighting Complexity in Elixir
mrinalwadhwa
0
200
IoT needs Secure Messaging and How Rust Can Help
mrinalwadhwa
1
180
Just Enough Math to Understand Elliptic Curve Cryptography
mrinalwadhwa
1
420

Other Decks in Technology

See All in Technology
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.3k
LayerXにおけるLLMプロダクト開発の今までとこれから
layerx
PRO
1
370
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
110
生産性向上チームの紹介
cybozuinsideout
PRO
1
870
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
530
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
210
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
310
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
1
280
Além do else! Categorizando Pokemóns com Pattern Matching no JavaScript
wmsbill
0
640
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
260
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
360

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
6
1.5k
A Philosophy of Restraint
colly
197
16k
Navigating Team Friction
lara
178
13k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Why Our Code Smells
bkeepers
PRO
331
56k
The Language of Interfaces
destraynor
151
23k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
Typedesign – Prime Four
hannesfritz
36
2.1k
Thoughts on Productivity
jonyablonski
58
3.8k

Transcript

  1. Privacy, a competitive advantage. Mrinal Wadhwa CTO, Ockam @mrinal

  2. Privacy. The ability of an individual or group to control

    the f l ow of information about themselves.

  3. Security. The degree of resistance to encountering an unfortunate event.

  4. The degree of resistance to encountering an unfortunate event.

  5. To maximize this degree of resistance, we need to understand

    the possible set of unfortunate events, your threat model.

  6. THREAT DESIRED PROPERTY S Spoo f i ng identity Identi

    f i cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con f i dentiality D Denial of service Availability E Elevation of privilege Authorization The STRIDE threat model.

  7. THREAT DESIRED PROPERTY S Spoo f i ng identity Identi

    f i cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con f i dentiality D Denial of service Availability E Elevation of privilege Authorization The STRIDE threat model.

  8. The tool that system architects use to guarantee data integrity,

    authenticity and con f i dentiality. Cryptography.

  9. Content Systems & Apps Commerce Everything useful on Internet relies

    on Cryptography.

  10. The willingness of one party to rely on the actions

    of another party. Trust.

  11. 3845 8855 2663 2213 3845 8855 2663 2213 Initially the

    focus was on client-server trust. 0x217c5111…

  12. Hello 0x217c5111… 0x8621f842… Hello Hello

  13. Hello 0x217c5111… Hello

  14. Designed for Signal, now used in WhatsApp, Skype, Facebook Messenger,

    Allo etc.

  15. 0x217c5111… 0x8621f842… 80 bpm 80 bpm 80 bpm

  16. 80 bpm 80 bpm 0x217c5111…

  17. Gateway Flood Warning Sensor Flood Monitoring System Sensors Vendor’s Service

    LPWAN TLS TLS Usually has different security properties, compared to TLS, often not as well designed. Various protocols have various different secure channel designs.

  18. D D D … Devices … … Gateways … Lighting

    HVAC Water Monitoring Elevators Access Control Fire Safety Waste Parking … Vendor IoT Backends … System Integrator 1 Building Management System … SI IoT Backends … System Integrator 2 G G D D D D D D D D D D D D D D D D D D D D D G G G G G G G G G G G G G G Complexity & attack surfaces grow to be unmanageable. Proprietary data is leaked. Security becomes untenable.

  19. Remove backend infrastructure from an end users threat model. The

    end user may be an individual or a business.
  20. None
  21. None
  22. None
  23. None
  24. None

  25. Ockam

  26. github.com/ockam-network/ockam