DeepSec Talk 2015: Cryptographic Enforcement of Segregation of Duty within Work-Flows – Thomas Maus
Encryption is great. Once you have a secret key and an algorithm, you can safeguard your information. The trouble starts when you communicate. You have to share something. And you need to invest trust. This is easy if you have a common agenda. If things diverge, you need something else. Thomas Maus will explain in his talk cryptographic methods that can help you dealing with this problem. Meet Alice and Bob, who might not be friends at all.
Workflows with segregation-of-duty requirements or involving multiple parties with non-aligned interests (typically mutually distrustful) pose interesting challenges in often neglected security dimensions. Cryptographic approaches are presented to technically enforce strict auditability, traceability and multi-party-authorized access control and thus, also enable exoneration from allegations.
These ideas are illustrated by challenging examples – constructing various checks and balances for telecommunications data retention, a vividly discussed and widely known issue.
Sometimes it doesn’t hurt not to know everything. In case you are interested in a slightly more complicated crypto reality, we recommend attending Thomas’ presentation. There are more challenges ahead than post-quantum crypto.
Thomas Maus holds a graduate in computer science. He is consulting in the areas of system security, the analysis, tuning, and prognosis of system performance, as well as the management of large, heterogenous, mission-critical installations since 1993. Projects range from architecture, implementation and operation of large application clusters over technical project management, organisational and technical trouble-shooting, security assessments, establishing of security governance processes, security policies and analysis for trading rooms and the like to training of international police special forces for combatting cyber-crime.
He started his computing career 1979, at the age of sixteen, when winning the computing equipment for his school in a state-wide competition. Soon followed the teamworked development of a comprehensive SW for school administration on behalf of the federal state – here a long lasting affection for questions of system security, performance and architecture started. Around 1984 he fell in love with UNIX systems and IP stacks and embraced the idea of Free Software.