Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Data as a New Security Boundary - Cryptography and Supporting Controls

OWASP Foundation via YouTube

Overview

Explore a comprehensive keynote on data security and cryptography as the ultimate security control. Delve into various encryption approaches, including end-to-end encryption for NoCode platforms, DRM-like protection for ML models, and encrypted message exchange for CRDT-based real-time syncing apps. Examine the supporting security controls necessary for effective cryptography implementation, such as API protection, anti-fraud systems, mobile device attestation, and authentication/authorization. Gain insights into how "strong cryptography" evolves into a "real-world security boundary around sensitive data" across different contexts. Learn about application-level encryption, Zero Trust Architecture, and Zero Knowledge Architecture. Discover privacy-enhancing cryptographic techniques like SMPC, PSI, FHE, and OPAQUE. Investigate practical implementations, including proxy-side field-level encryption, key hierarchies for databases, and cryptographic solutions for NoCode and fintech platforms. Understand the pros and cons of various approaches and the importance of full compartmentalization and transparency in data security.

Syllabus

Intro
Things we won't talk about
Data security depends on a data flow
Data security 101
Encryption is an ultimate data security measure
A02:2021-Cryptographic Failures. Focused mostly on crypto usage and implementation.
A04:2021-Insecure Design. Focused on design, missing or wrong security controls.
Application-level encryption (ALE)
End-to-end encryption
Zero Trust / Zero Trust Architecture
Zero Knowledge Architecture (ZKA) - system where no one has access to unencrypted data, except the user (node, service, person). Also known as No Knowledge Systems
Other exciting crypto terms Privacy enhancing cryptography: SMPC, PSI, PIR, FHE, PAKE, OPAQUE.
Security controls to support crypto
Pros & Cons
Proxy-side field-level encryption Acra
Key hierarchy Database
ALE for NoCode platform
Crypto + supporting controls 1. Key management, separate key per customer (BYOK). 2. Full compartmentalization: customer's data is located in different DBs, encrypted by different key, each app uses its own DAO. 3. Full transparency - the platform doesn't have access to customer's
ALE for fintech platform

Taught by

OWASP Foundation

Reviews

Start your review of Data as a New Security Boundary - Cryptography and Supporting Controls

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.