All Articles

OAuth 2.0 is at the heart of OpenID Connect, Mobile Connect, UMA and many other popular standards. Understanding the threat landscapes in OAuth 2.0 is essential in building a secured identity infrastructure. This talk will guide you through multiple

The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy

In the age of the data breach there are no more secrets. Name, address, date of birth and Social Security number have been the de facto identity attributes for years. But as this information has become more exposed it’s time for organizations to reth

Blockchain continues to gain traction in the market place as a compelling solution for making identity and access management (IAM) more cost effective by harnessing the power of distributed members in order to “crowdsource” identity services. This se

What happens when you need to create an open API ecosystem with robust security requirements, in a short period of time, implemented by conservative entities and mandated across the entire EU? Enter the complex world of Open Banking. In this talk, Pa

If you want your information risk program to be taken seriously by the business, you have to do more than just throwing around a few business terms. You need to embrace enterprise risk techniques. See how the engagement changes when you start talking

Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and it’s getting harder in a cloud-enabled world. Despite this struggle there’s a plethora of APIs and publicly available data to g

It’s important to establish the balance sheet for security leadership to measure, monitor and report. Insurance is an important component to protecting the balance sheet. Don’t believe all of the fake news about cyber-insurance. This session will tak

Decision-makers need reliable data in order to understand risk and determine value of investments. With the amount of data available in a multinational company, one would assume that answers would be easy to find. But how does one identify which data

Companies working to design security in desperately need expertise to guide engineering teams, giving rise to product security leaders as a new discipline. As coach, cop, caretaker, contributor and counselor, it challenges in both technical and soft

COBIT, ISO/IEC 27001, NIST 800.53, PCI, oh my. The path to compliance is not a yellow brick road. IT professionals face a variety of security standards that they must meet simultaneously. This talk will present the NIST Open Security Controls Assessm

As growth and impact of open source in security-critical environments is on the rise, trends in open-source communities are making them more attentive to security issues and best practices. This session will cover best practices for using open-source

DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. D

DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. D

The era of technology as a limiting factor of business innovation is at an end. For years security teams have struggled with basic security hygiene and practices such as asset inventory, secure configurations and secure development. Learn how your se

Methods for securely outsourcing storage are discussed.

Topic 1: Composable and Robust Outsourced Storage Authors: Christian Badertscher; Ueli Maurer

Topic 2: Secure Deduplication of Encrypted Data: Refined Model and New Constructions Authors: Jian Liu

A usability study of OpenSSL and a factorization method for moduli with two prime factors are discussed. Topic 1: Why Johnny the Developer Can’t Work with Public Key Certificates: An Experimental Study of OpenSSL Usability Authors: Martin Ukrop; Vash

Protocols related to key rotation and hidden service discovery are discussed.

Topic 1: Practical Revocation and Key Rotation Authors: Steven Myers; Dr. Adam Shull

Topic 2: Asynchronous Provably Secure Hidden Services Authors: Philippe Camacho; Fernando

Post-Quantum cryptography is discussed in relation to symmetric key and hash-based schemes.

Topic 1: Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations Authors: Akinori Hosoyamada; Yu Sasaki

Topic

Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography.

Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Don