Merken

Encryption At Scale

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
a long long enjoyed in the womb
warm Bill
theft thanks very much so 1st of all can I get a quick show of hands who hears English only in terms of language OK bifida lube addicted which behind the more so Vicuna later you can pick a language and then we'll pick a language to from subset of context it would be very tempting to just have a talk about encryption algorithms and symmetric key lines and things like that but fundamentally when you build systems of the scale that we do it's very important to think slightly unconventionally and so
1 of my favorite questions that I attend opposed to people who ask how does Google approach security as I tend to enquire of an audience such as you who would like to hazard a guess as to who is the world's largest tire manufacturer by unit volume anybody the mom deafening silence is in
fact Lego 318 million tires a year and so it's very important to think ever so slightly askew because that's what gives you a general idea of how an attacker might be pondering how to do unpleasant things to systems now I'm just 1 guy up there the Google core security and privacy Timor over 500 people worldwide and I stand on the shoulders of these giants I'm just 1 part of an extremely large team that includes cryptographers and code auditors and software engineers in a wide mixture of skill sets of nationalities and locations all over the place noun
often overlooked aspect to security is the human factor and after all encryption is something that the tool intended to be used by humans yet to date we have not been terribly successful at making encryption usable for ordinary mortals
this is our daily reality people reuse passwords all the time and if people cannot follow even relatively basic data hygiene practices how can we expect them to understand the importance of careful key management and so we have to constantly remind ourselves that it is straightforward to teach other engineers about high technology but the people who were really building systems for are the ones who
intuitively will just choose to reuse their passwords because it's the most convenient thing to do 1 of the ways that we applied cryptography to this particular problem is by working on a set of technologies that ultimately became the final alliances you 2 of protocol and this is a device uh the categories holy you to have authenticated this 1 happens to be produced
uh by Yumiko but there are multiple other companies in the world making these a French company called plug that makes them as well and even though it looks like a very innocuous little piece of plastic with some metal on it we actually think that this is going to break the economics of fishing fairly substantially because if you think about how fishing works it's a scale attack is high-volume low-margin the attackers only need relatively few successful fishes in order to monetize those were successfully attacked once they have these credentials that they've stolen from users they will we use them at a time of their choosing so of we can limit the ability of the attacker to use these credentials we break the scalability of the attack and that's why that circle in the middle is so important that a touch sensor so in order to authenticate yourself all you have to do is touch that little circle it's not parametric it's not a fingerprint and as long as you as conductive as a typical human being it will register as somebody in front of this machine was physically present and shows to authenticate that time in something that simple 1 touch is actually significant security
innovation there's all kinds of cryptography inside that devices secure element it does keep her generation there's a bunch of protocols involved some of which in the browser some of which are in the server side there's a lot of complexity but if we do our job right all that complexity is hidden from the user the and it's this kind of complexity that
the typical user feels confronted with every day when we allege security professionals tell them this is we have to do to stay safe online this is the flight deck of the space shuttle Endeavour it takes a little while to learn how to fly 1 of these ideally we should be in a
position as practitioners to make the learning curve has flattened as short as it possibly can be to allow people to use the internet as a whole as secure as possible and indeed this is the ideal outcome if we do our job we are invisible there's nothing going on and the only time people tend to notice us is when we demonstrate that we're humans and make mistakes now 1 of the important human factors aspects is how do you communicate complex technical information to a non-technical user and my colleague Adrian Porter felt is a top researcher in the field of security you act specifically and she pondered whether it was possible to
fix SSL warnings within our Chrome browser and this is the old as a so warning you get this sentence that explains to you and technically comprehensible English what's going on what you ideally should do but it's kind of down in the middle and of a small point-size we then give you 2 options they're visually identical so we provide no visual cue whatsoever for what the user would ideally do it so we decided to redesign that's with the goal of guiding the user and providing an opinion about what the user should be doing to stay safe so in this case we very clearly highlighted the thing that we should be doing that the user should be doing is the most visual prominent element other than the big red lock with the axis with an offer a smaller option the advanced
choice which is what the user would need to do if they did want to proceed despite this warning and if you click on that you get more explanation what's actually going on something that you don't get by default because we found that users don't be it anyway and we say the very bottom you may proceed and we even say in parentheses it's on sale these are relatively straightforward changes reduce the click-through rate of these warnings by over half and we are now well below 10 per cent click-through rate in the presence of an SSL warning the other slightly
unconventional part of encryption is the applied economic aspect to
it we have been working very steadily and putting http as everywhere throughout our infrastructure providing as much of our services to users in HTTP TPS form this goes all the way back Gmail when it 1st launched on April 1st 2004 had she GPS but it was the default option in 2 thousand 8 we actually created a sticky preference because we've heard so clearly from my users that they wanted to have that be the default and ultimately in 2010 we said http as as the default for the user as a result so we have evolved over time some of this evolution was bounded by technology it used to be the case that providing services overaged GPS was slower was high latency cause more CPU burden on the server side over time all these problems have gone away and if you still have questions about whether or not you can produce a performant website that delivers way she TPS I encourage you to visit is TLS fast yet . com which is a site together by some of my colleagues the now the other thing that making HTTP is pervasive allows us to do is to lead by example and it has the benefit of allowing us then to compare ourselves and use the data available to us and produce transparency reports like this last June we release the safe for e-mail transparency report and you'll notice that when it started via amount of e-mail that he sent to other servers that could accept start TLS or standard SMTP email over TLS was on a sharp upward climb and the number of very prominent e-mail providers worldwide after we launched this report suddenly enabled TO
last because they noticed that it was being noticed that they didn't provided and in some cases their uses also told them very clear that this stuff matters it's been a very slow arc since then we wish it were higher and we're going to continue working with their peers in the industry worldwide to try get this number up as high as possible both on the outbound from Gmail and on the inbound in terms of what we're 1st received and for those of you wondering what the sawtooth pattern is in terms of inbound that's weekends there's less being sent we also announced late last year that we would use HTTP as as a search ranking signal thereby providing economic incentive for site operators to actually increase the traffic even if they initially felt that that
may not be necessary to the business this is some data those put together by built with . com and this was the last data point before we announced they were using as a ranking signal and ever since then with 1 small dip that I can't explain at the moment the progression of the top 1 million sites of the internet has been very very consistent and going straight up ultimately so we also are aware of the fact
that until we can deliver ads 5 http yes we run the risk of generating mixed content warnings and browsers if ads are unencrypted but content is corrupted so we announced in January that we were beginning to vary systematically update all of our systems to deliver everything including ads GPS and the big milestone that we set for ourselves is made year this year on June 30th other ways that we apply our own
economic facets to this problem is by providing money to encourage researchers and engineers out in the world to tell some bugs our stuff the vulnerability rewards program has been around since 2010 it was initially somewhat controversial is now accepted as an industry best practice so much so that there's actually a company hacker 1 that manages vulnerability rewards programs on behalf of firms who don't necessarily have the staffing or the desire to manage their own so to something that is so useful
that's now provided as a service the patch awards program allows us to pay out in situations where some provides a secure related patch to a widely used open source project it need not necessarily be a Google project we also offer vulnerability research grants and we also have a separate from Awards program in 2014 alone we paid out over a million and a half US dollars to over 200 researchers for
over 500 bucks this is then a very successful program and it has change the economics of discovery and reporting false security vulnerabilities after
a final facets of how we approach security is attention detail because a lot of this is very non-obvious
1st and foremost the math is solid no matter what you hear about the number of vulnerabilities out there about whether or not a given entity can or cannot brute force a given algorithm the math is provable
trust the man at the same time implementation does matter humans are very good at generating box they also write code but they're very good at the box the partly it was a very prominent vulnerability in the widely used open SSL
library of the world similarly poodle was another vulnerability there are researchers found once we started spending more and more time thinking about what are the subtle all implementation issues in some of these widely used crypto libraries and how could we make them better as a result we've chosen to create boring SSL with the aspirational hope that we will generate a whole lot of very easily marketable and nameable vulnerabilities and we're slowly but surely rewriting our own crypto and providing it as open source so that everybody benefits not just us it's important to
bear in mind that there are a great number of interconnected parts that all the dependencies and we saw in the summer of 2011 an attack that we hadn't previously encountered in the wild but began to be reported by Chrome users in Iran this was ultimately known as additional terror incident it turns out that a legitimate root seein integer note our have been issuing certificates on behalf of Google even though they were not authorized to do so in any way the certificates were being used in Iraq on and chrome was configured at the time to take
note of any certificate claiming to be from Google and how it ultimately chained up to a root and if a chained up in a way that was the way we thought it should work chain of to the 1 that we use for our certificates and when this for the 1st time it happened not to be the case the users got this error message so we believe this attack was plausible enough to put some code into Chrome to detect it and to report that we've never seen it today if you look into the chromium open source repository you will see that certificate pinning has a lot more code dedicated to because we now know this is something that does happen in the real world and indeed it's happen on multiple occasions it happen with the genotype 2011 there's an incident was Turk trust see in Turkey in 2012 the French government agency and see had an incident in 2013 and we effectively have 1 pretty much every year where we discover a problem with issuance on the part of a root CA every single time this happens
we publicize it because transparency is very important to the overall herd immunity of the internet there's no benefit to keeping this type of thing quite and there's a great deal of benefit to making sure everyone is aware of the risks we also announced last year that we're working on end-to-end encryption and integrating it into Gmail we released it as open source on day 1 and we've been very encouraged not only by the Office of collaboration from organisations like Yahoo but also by
the bug reports that we've gotten To date there have been any serious crypto bugs in the crypto library that we developed nor in the OpenPGP implementation but there have been very valid reports that in some cases have actually resulted in payouts from the vulnerability rewards program we believe end-to-end encryption is a very relevant and important tool and that's why we're working on it and we'll continue to work on other random crypto related things in 2008 when Chrome was 1st announced we introduce this notion of auto update it was initially very unpopular particularly in enterprises but this is by far the fastest way to get softer updates to users who might not otherwise take them including crypto related ones we announced
Chromebooks in Chrome OS in 2010 providing a lot of encryption on what's a little local storage there was but also degree of assurance to the environment we enabled forward secrecy in until spider Fulton 2011 we also after 12 years of shot to being out finally decided to announce that we're also sunsetting support for sure 1 certificates in 2014 and most recently we've seen a number of items of software out there that engage in AD injection but what's worse is that they do so by fundamentally breaking the trust of TLS in the local browser in a way that allows a user to get all of the TLS information and all the data travels over TLS intercepted without any warnings so the unintended consequences of some of this type of unwanted software fundamentally we believe you have to be holistic
about security you can't over focus on just the encryption you have to look at the authentication you will have to look at how they play together you have to look at all the facets of the system in order to make sure that is secure and of all these facets encryptions of course an important 1 and with that I'm going to ask you to come up women have a child about various the
encryption related matters they're like for the 1st question that came up when you were talking is like how is like the in the structure like in case of use if over 500 people the team and the group of firms and engineers but other like a psychologist the leg to make this user the test floated to the says like the people need or you interface designers or hold the quality of the percentage of people can you from
within that I don't know the exact breakdown percentage but we certainly have teams that have used express researchers
as well as user experience designers so we do have people who were formally trained in understanding how user interface works and all the 1 that I can think of
right now at some point decided to specialize in the security privacy aspects of this so we actually have user experience researchers focused specifically on the security privacy related outcomes and then there's several handfuls of that we have a large number of engineers to develop code we also have a large number engineers who ordered code because 1 of the best ways of assuring their own infrastructure secure is to actually have that could be ordered it's very labor-intensive it's real detail-oriented work and have a fair number of people who do that and we have an assortment of people who manage these various programs such as the vulnerability Awards program and then we have them all over the world because for us given that we have a global audience we have to be operational 24 7 365 and you also have like many
projects on get help in the new like you say that people you can collaborated liberated you can contribute lake to the projects that have you can ensure that its can trust Murphy insecure if you have they contributed notes like what is like the internal process even if you like commit something to those of you that oppose it audited like what the three-stage process the whatever typically you can't just as a single individual match any code changes has to go through a code of you somebody else has to review its check it and prove it and as a 2 common practice the way chromium works
and I don't know in detail but also it takes a while until somebody is allowed to be a committer and this is very similar to a standard open-source type project I you don't overnight become a Debian Camara for a given to commit or whatever but the systems aren't actually fundamentally that much difference OK so now how many can you like for a Google and to and that you get many external commits to many people tried to commit errors kind of the such solutions and we don't we actually the moment in terms of external committers we've made had
external bug reports from people were downloading the source looking through trying to get it to run of the primary external committers right now to end to end are Yahoo and and they actually they have their own repo
we reconcile them at various intervals because they certainly have had contributions into our core code and certainly they take a bunch of the changes that we have I'm and that's how we work in terms of individual contributors would actually like to encourage more of an you also say like you do a lot of the
yourself so there is like 1 philosophy to you use a lot of stuff that is quite well known although quite used so it's kind of test that we can assume with tested Jose like decision to have a desire like that humans do most of the property of a lot
of the development that we do realize an infrastructure that is unique to group that's how we do stuff at the scale that we do when we can use existing open source software we do and we also very frequently contribute back to an open source software in instances where we cannot find an open source tool to do what is that we want to do new or that does it in a way that we want it to happen then we inevitably wine of riding around and as often as we can and will make it open source which is exactly what we did with intent as well we at the time that we started development were unable to find a job script crypto library with the characteristics that we wanted so we decided to write our own and then we made open source and now we have a bunch of extra people also beginning to integrate into their tools and how we see the European kind of responsibility because you like serve services tool of people so you have to be like a big point of
failure of there's security flaw in your software and how do you manage of like you have we try to
create the incentive for people to notify us by the the European so I guess that's 1 way of trying to manage that particular risk we have internal mechanisms including code reviews that try to manage the risk along a different access and we also have a
lot of standard engineering practices that in aggregate are designed to try to minimize the risk of something actually launching with a security vulnerability as much as possible with the then like to another topics the how do you wave like user control that like the user can choose by himself make not influenced by anyone like this neutral way of giving and choices to kind of equal to like playing the parent and telling the user what he should do look kind of like entrusting him so he doesn't even know that he's doing what you want to do and we have also had this maybe even in these and were system we talked already about that previously you had like the right to manage which rights eruption should get and this feature disappeared and there was a lot of criticism I think and think people didn't understand why it went away because I gave you a lot of more controlled but you turn to give live the user like a
simple choice and how you the we try and do as much applied user researchers is we can we do as much a b testing is we
can we do generally as much testing as we can in situations specifically around security where we know that there is a more correct path on absolutely correct path if we know there's something fundamentally wrong with an SSL server that is as simple as the local clock is wrong we feel it entirely appropriate to guide the user as forcefully as we can which is what you some a contrastive those 2 designs makes sense that if you can't trust the SSL it's our responsibility to let you know we give you the option of choosing the far less secure path but most people don't have the technical debt to really understand the subtleties they don't even know what a cryptographic certificate is they don't know what it means to be entrusted they don't know what the various technical terms are so in those situations where we
are the experts and we do know we can guide them in the right direction it's a much trickier proposition when it's a value judgment we you really do need the user's input and that's why we're trying to make the types of decisions
whether an Android or the Chrome Web Store has a similar types of permissions model where you want to provide enough information for the user to make a choice but it turns out it is also very easy to overwhelm the user and they stop reading these choices and they start looking at the permissions and very often on the set I want this and I don't care and they click through so I don't think that we have the ultimate answer yet for how to communicate best this type of risk to the user 4 or certainly continuing to try to work in that direction and we'd like to keep getting better you told that users try to click through but
if you like if this from slightly more difficult version of clicking through the years he can of induction effect because as soon as you like found the Buccaneers to click to like get rid of this the inner-ring warning we see that like after some weeks you released this version that there are some of the decline in the percentage of users which just like you right options not to
date I'm also these types of warnings are infrequent it would be very depressing if people encounter the sorts of things daily or even weekly to
then maybe you serve to a lot of sites with self-signed certificates I don't know so you get really I uh so I suppose if you accounted for very a very frequently then maybe yes there's a certain amount of habituation velocity click-through but then there's the question of what is the majority of the world see after the world and the majority the world shouldn't see those warnings on a daily basis OK well the thing to like
the economy of the user and what you're doing is like this is Google Cloud Storage which you announce that in 2013 a thing that it would be no in capitals the reside and they call already there was criticism again
because like you keep the private keys and you have the private keys to decrypt and include the user's data and then like it's transport a security interest the description to get it to him and I think like in my experience the user doesn't know that you only use
the the user really has no idea of whom you have to trust our come make like really conscious decision of from his address so why do you do this but you choose like to save the user doesn't like keep the keys for decrypting the data before it is sent
over the wire and yeah way I think much depends on what the threat model it's in order for a virtual machine to run an iPod infrastructure it has to have access to the data what we know from our cloud customers as they value reliability they value the security against external threats and to date it
hasn't been a significant customer requirements to get into the gory details of precisely what kind of key management is done that adds a degree of complexity that if customers really wanted that level of control they might very well by their own infrastructure there they're using and taking the of court infrastructure because they're trying to simplify the lives I think ultimately as the products evolves we're going to provide as many options for more finely grained security as we can but for the moment we're aiming for the largest number of people the majority of cloud users right now seem to be entirely contend with the fact that we provide storage encryption by default but beyond that they're not burdened with a whole lot of key management yeah
that may change would therefore managed here if you mention key management like there's end to end you mention already in the presentation and they're like it would be kind of universe of Google users like of Google male users because you have
some separate key server infrastructure of how would you like integrated end-to-end into this normal PGP key roles so it turns out that a
really the hardest part about using OpenPGP anywhere is the key match of a local key management AS Willsky distribution we haven't actually announced how a going to do that yet because we're still working on that because we realize that we don't want to make the same mistakes we've made historically so our intent is not only to make it
easy for Gmail users to use and tend to send e-mail to other Gmail users but of course we want operate with the outside world if we didn't want operate we would've chosen OpenPGP to begin with so given that it's a matter of public knowledge and young was our collaborator I think it's very clear that clearly some kind of system has to be devised that allows cool uses of end to end to exchange keys with young users event and and this must not be a painful process
because then we're back to where we started with the MIT key server that has an infinite number of extremely ancient keys that no 1 else has the password to anymore and 1 last question
from my side it's was really big include lake can spend a lot of money on security and for should gives a good image and we always say like the long privacy to be like a market advantage of to be an incentive for companies to adapt like best practices and privacy and protect the data they yeah they have in store and do things this wire because for you it's like Google real large player we think that privacy could be a market advanced in general or is it's like kind of you your position or the position of the companies who can earn trust they already have but like make extolled the more closely I
think making sure that you burn user trust and keep user trust is 1 of the most important characteristics of any company regardless of size I I spend some of my time with start ups and they frequent asked me how big do I need to be until I need a security team what do I need to do is secure important early on should I not be spending my resources on something more important and ultimately
trust is a positive brand characteristic of any successful brand and maintaining user data in a secure way is part of that trust I agree were very fortunate that we can hire this many people to secure all of Google's services and that puts us in a great position but it doesn't mean we're the only ones able to do that if you're a start up think about what your threats I think about where risks are and figure out what the appropriate amount security it's what type of information you have about users and how much do they care about is a trivial information is a collection of cat pictures verses is it's much more sensitive information and depending on the answer to that the rest of the securely question sort of of the rest the answers to the fall out from that this kind of
like a solution how to bring this incentive of naked playing really good security to your products like is that molecules so regulating question of people I get more aware that make the security is important and choose services of provider which provide security or the to be like a kind of a political solution or home you think you can we bring this into reality the I don't
think that there is a single pass but we seen certain things work if you can make the consumer care about security companies will listen so for example
Starting with I believe it was jelly bean Android hardware manufacturers started explicitly saying that they would keep their hardware up to date with the latest Android released within some period of time because suddenly this became something that they could compete against other handset manufacturers on and it seemed to be something that the users did in fact care about because users did want to always have the latest and greatest because they had become accustomed to having these updates so that's the case where the marker decided that there was value to software currency were previously that value wasn't as obvious to people that's why software updates are really really important
not just for currency but also because security updates so I think it's a combination of things that individually as long as the users of the products of the devices care they will find a way to communicate that to the technology providers that were receiving
my questions that we like to open up the discussion between the thank
alright thank you very much for the interesting talk and also for the interview session that you did we have fortunately another 20 minutes working a so if
you have a question what the speaker of a step on just raise your hand and I will bring you the microphone and I'm
I really think go because a lot of good in terms of I. T. security but then there are also situations where things that are contradictory to that of 1 small example would be that the will security team
block is not AGPS by default which is kind of weird but and that there may be a bigger issue is a lot of people have and rate forms with a bullet and would go that don't get any security updates which is I think very very big problem and I don't see you will be working on a solution for that and I don't have the solution and who know how it would look like but something like providing updates for a longer time of providing more possibilities to update rate code for I think is a very obvious very big security issue that kind of cool because responsible for because it's and route and there's no solution for so those are 2 things the 1st thing blogger no
TPS yet we know it makes a sad and we look forward to the future as far as the ended question and it is an open
ecosystem and so with that Google is not a position of control there are many users of Android to take the Android open source project build it add their own specific facets and put it on to their hard work we will provide software updates and decrease carry patches for as long as it's practical to do so but over time we've also realized that it is very burdensome for the Android hardware producers to do full bills of the you know last update so over the last couple of releases you will have noticed that there's been much modularization of the services delivered on Android so for example lollipop for the 1st time we've delivered a version of Web view which is that HTML system render that can be updated independently of the last so it's very clear that were aware of exactly the problem that you describe and in the vast majority of the cases we actually do provide the security patches but it is up to the various other participants in this ecosystem to actually implement them in for a lot of these vendors it is fairly burdensome to do an entire OS spilled versus support just a relatively modular update so as time goes on I think things are going to get a lot better I think if we had perfect hindsight and a time machine we maybe could've made things a lot better you know 5 years ago 10 years ago when a lot of the infrastructure for this was billed but at the same time there also comes a point beyond which it is not practical for Google to continue to work on this nothing stops harbor
manufacture from continuing to update the base so as if that's what it is that they feel their customers demand all right any other questions his resurrection you can come apart from the beginning so at the end the case of and so it's it's kind of a two-part question and the 1st is the hypothetical but considering
the who controls the entire stack of the browser in this case the extension apps for and automatic update change of both the browser and the and since the security of Indian PGP encryption lives in the browser extension In
theory that could be uh not compromise but if Google were compelled by state level after that they had a gag order in such such as in say they
could be compelled to insert a vulnerability that allows that person's keys be compromised all without the user being aware of it is that in theory correct were my missing some part of an extension so a couple different things 1st all antennas designed to
keep the private key material local to the machine Google does not have a predicate material so short of compromising that uses
endpoint your scenario won't work but the flip side to part of that is also we have in many ways the luxury of having some fairly insurable platforms so if you are a truly at risk user and you want to be as careful as you possibly can you would probably be running end to
end in crawl monochrome book or any other cross-device because the Chrome OS device gives you assurance of the integrity of the OS effectively from the metal or not and so you have various assurances the cryptographic signatures applied both in terms of the Buddha image the updates they get pushed out from Google are also signature checked and then any extensions against the prom webstore again are also verified so you can feel very good about the integrity of the softer the intrinsically the software isn't compromised and in terms of the public key as I said the public stored locally this sounds like a constant type up so by all means now the question in the
comment there yeah now he's a he's helping answer the question is alright I let it pass the the at the gross also from a Google security I think I understood your question which is what the of the government ordered
us to go back to work into that extension that lead the keys back some way end of that's been a part of our threat model since the dawn of that project I insisted that the project cannot proceed unless they have a solid the answer to that because we know you know from male case and that's exactly what would happen so with all that source code is in get help and we assume and the the part that is operating on this is kept so sufficiently separate from the rest of the browser with the part you have to inspect is just that part that's and get help report and so that's our best effort at showing that yes we could be compelled to put a back door in but it would be visible to the world and and they're never gonna suppose for that when they want us to do something in secret if they can see that it's extremely visible but there's a back door that they don't even that that's our and intended events from any other questions
come encryption is crazy if you
have a 3rd to threats but it doesn't protect me from you he doesn't protect the user from the provider
so just wondering whether you're threat modeling include yourselves as a threat to the users i'm because that would be a massive step forward and a 2nd I I can't help being a bit skeptical about Google's commitment to privacy because when we submitted access requests which is 1 of the basic on data protection rights in Europe we have a right to ask the company or a government what they did have on you and what they do with that data I am you would not only send this to the West was question which goes against the law but then the US never back to us so we've you cannot even tell me what he had 1 me comply with basic EU law how am I to believe that you care about my privacy
so 1st of all I'm not an attorney so is very difficult for me to respond to issues specifically around EU law despite being EU citizens as far as a threat models trust models and tender specifically designed in a way that a trusts Google as little as
possible in the current implementation that's been
out there since June and which was updated in December we don't even trust around on so we actually go to free significant lengths provably so because it's open source to not trust our on infrastructure because that was the design goal for this particular tool but at some point you also need to consider using individual what is your threat model and what is your trust among what are you trying to do maybe for you on the right track model involves keeping all of your systems local all your data local but then you contrast that to How much assurance do you have a you can keep up to date with all the software patches and updates that you need to operate a cost associated with that and that's the decision I can make for you that's a decision everyone makes themselves in various of us on the global security run our own servers at home for a variety of reasons to do a variety of different things across a wide range of platforms across what if analysis and for whatever reason some hobby projects or not so do we include ourselves in general as part of the threat model we look at is making sure that the systems operate as designed that access controls to data internally are correctly defined and that no unauthorized internal users have access to particular data but I'm not really going to get into whatever information access request you submitted to some Google subsidiary in Europe with then refer to it just because I'm simply not familiar with that particular case and it would be foolish of me to try and comment without a great deal more information and another not even and all right we still have time for more
questions that they are in the you'll get you flight the more questions when that's the case please give another 1 run of advances that and they do very much for the talk and the type of feeling right here uh
a
Private-key-Kryptosystem
Zentrische Streckung
Formale Sprache
Besprechung/Interview
Physikalisches System
Kontextbezogenes System
Term
Kontextbezogenes System
Computeranimation
Teilmenge
Hypermedia
Chiffrierung
Chiffrierung
Maßstab
Vorlesung/Konferenz
Gerade
Datenmissbrauch
Computersicherheit
Hasard <Digitaltechnik>
Physikalisches System
Computeranimation
Zusammengesetzte Verteilung
Einheit <Mathematik>
Menge
Kryptologie
Mereologie
Codierung
Vorlesung/Konferenz
Speicherabzug
Spezifisches Volumen
URL
Software Engineering
Datenmanagement
Chiffrierung
Sterbeziffer
Benutzerfreundlichkeit
Computersicherheit
Passwort
Physikalisches System
Schlüsselverwaltung
Computeranimation
Eins
Maschinenschreiben
Zentrische Streckung
Kreisfläche
Protokoll <Datenverarbeitungssystem>
Kategorie <Mathematik>
Computersicherheit
Virtuelle Maschine
Skalierbarkeit
Menge
Kryptologie
Elektronischer Fingerabdruck
Passwort
Ordnung <Mathematik>
Generator <Informatik>
Protokoll <Datenverarbeitungssystem>
Prozess <Informatik>
Rechter Winkel
Kryptologie
Browser
Computersicherheit
Server
Vorlesung/Konferenz
Element <Mathematik>
Komplex <Algebra>
Server
Ortsoperator
Computersicherheit
Browser
Web Site
Kartesische Koordinaten
Information
Teilbarkeit
Internetworking
Konfiguration <Informatik>
Physikalisches System
Datenfeld
Datenverarbeitungssystem
Prozess <Informatik>
Computersicherheit
Benutzerführung
Digitales Zertifikat
Information
Kurvenanpassung
Benutzerführung
Chiffrierung
Mereologie
Mathematisierung
Vorlesung/Konferenz
Bitrate
Default
Auswahlaxiom
Resultante
Web Site
Zahlenbereich
E-Mail
Ranking
Term
Service provider
Computeranimation
Kreisbogen
Bildschirmmaske
Kippschwingung
Mustersprache
COM
Vorlesung/Konferenz
E-Mail
Default
Nichtlinearer Operator
Physikalischer Effekt
Peer-to-Peer-Netz
Ranking
TLS
Konfiguration <Informatik>
Teilmenge
Dienst <Informatik>
Evolute
Server
Verkehrsinformation
Standardabweichung
Web Site
Punkt
Momentenproblem
Arithmetische Folge
Browser
Mixed Reality
COM
Physikalisches System
Automatische Differentiation
Inhalt <Mathematik>
Computeranimation
Internetworking
Programm
Patch <Software>
Dienst <Informatik>
Softwareschwachstelle
Open Source
Softwareschwachstelle
Projektive Ebene
Patch <Software>
Optimierung
Hacker
Benutzerführung
Programmfehler
Algorithmus
Forcing
Softwareschwachstelle
Computersicherheit
Mathematisierung
Mathematisierung
Zahlenbereich
Vorlesung/Konferenz
Optimierung
Resultante
Quader
Kryptologie
Softwareschwachstelle
Open Source
Programmbibliothek
Codierung
Implementierung
Metropolitan area network
Addition
Server
Digitales Zertifikat
Kanonische Korrelation
Dokumentenserver
Open Source
Kegelschnitt
Zahlenbereich
Inzidenzalgebra
Computeranimation
Persönliche Identifikationsnummer
Verkettung <Informatik>
Ganze Zahl
Mereologie
Codierung
Vorlesung/Konferenz
Benutzerführung
Wurzel <Mathematik>
Fehlermeldung
Kontrollstruktur
Selbst organisierendes System
Open Source
Default
Implementierung
TLS
Computeranimation
Programmfehler
Office-Paket
Internetworking
Eins
Kollaboration <Informatik>
Chiffrierung
Kryptologie
Softwareschwachstelle
Datentyp
Programmbibliothek
Vorlesung/Konferenz
Benutzerführung
Optimierung
Unternehmensarchitektur
Benutzerführung
Digitales Zertifikat
Spider <Programm>
Computersicherheit
Browser
Zahlenbereich
Physikalisches System
Malware
Fokalpunkt
TLS
Computeranimation
Minimalgrad
Chiffrierung
Software
Injektivität
Datentyp
Authentifikation
Vorlesung/Konferenz
Information
Ordnung <Mathematik>
Speicher <Informatik>
Programmierumgebung
Softwaretest
Chiffrierung
Gruppenkeim
Datenstruktur
Datenmissbrauch
Punkt
Benutzeroberfläche
Reelle Zahl
Softwareschwachstelle
Computersicherheit
Codierung
Zahlenbereich
Optimierung
Computeranimation
Versuchsplanung
Subtraktion
Prozess <Physik>
Matching <Graphentheorie>
Momentenproblem
Open Source
Mathematisierung
Physikalisches System
Term
Hinterlegungsverfahren <Kryptologie>
Computeranimation
Datentyp
Codierung
Projektive Ebene
Standardabweichung
Fehlermeldung
Softwaretest
Kategorie <Mathematik>
Mathematisierung
Besprechung/Interview
Quellcode
Term
Programmfehler
Entscheidungstheorie
Codierung
Vorlesung/Konferenz
Speicherabzug
Repository <Informatik>
Verkehrsinformation
Zentrische Streckung
Computersicherheit
Open Source
Gruppenkeim
Dienst <Informatik>
Prozess <Informatik>
Software
Kryptologie
Endogene Variable
Server
Programmbibliothek
Skript <Programm>
Charakteristisches Polynom
Softwareentwickler
Instantiierung
Kraftfahrzeugmechatroniker
Softwareschwachstelle
Rechter Winkel
Wellenlehre
Vererbungshierarchie
Gamecontroller
Codierung
Physikalisches System
Auswahlaxiom
Standardabweichung
Softwaretest
Digitales Zertifikat
Computersicherheit
Endogene Variable
Server
Term
Auswahlaxiom
Computeranimation
Konfiguration <Informatik>
Expertensystem
Aussage <Mathematik>
Ähnlichkeitsgeometrie
Ein-Ausgabe
Richtung
Entscheidungstheorie
Informationsmodellierung
Benutzerbeteiligung
Menge
Datentyp
Benutzerführung
Information
Speicher <Informatik>
Auswahlaxiom
Datentyp
Versionsverwaltung
Quick-Sort
Konfiguration <Informatik>
Geschwindigkeit
Web Site
Digitales Zertifikat
Basisvektor
Vorlesung/Konferenz
Computeranimation
Public-Key-Kryptosystem
Virtuelle Maschine
Deskriptive Statistik
Informationsmodellierung
Computersicherheit
Adressraum
Ordnung <Mathematik>
Schlüsselverwaltung
Streuungsdiagramm
Computeranimation
Momentenproblem
Computersicherheit
Zahlenbereich
Biprodukt
Komplex <Algebra>
Cloud Computing
Computeranimation
Konfiguration <Informatik>
Übergang
Minimalgrad
Chiffrierung
Datenmanagement
Gamecontroller
Speicher <Informatik>
Grundraum
Schlüsselverwaltung
Default
Trennungsaxiom
Distributionstheorie
Prozess <Physik>
Matching <Graphentheorie>
Stellenring
Physikalisches System
Ereignishorizont
Computeranimation
Kollaboration <Informatik>
Datenmanagement
Mereologie
Server
Normalvektor
E-Mail
Schlüsselverwaltung
Datenmissbrauch
Ortsoperator
Reelle Zahl
Computersicherheit
Server
Zahlenbereich
Passwort
Speicher <Informatik>
Schlüsselverwaltung
Bildgebendes Verfahren
Ortsoperator
Computersicherheit
Besprechung/Interview
Quick-Sort
Computeranimation
Eins
Dienst <Informatik>
Datentyp
Mereologie
Ultraviolett-Photoelektronenspektroskopie
Information
Charakteristisches Polynom
Computerunterstützte Übersetzung
Dienst <Informatik>
Hardware
Software
Computersicherheit
Vorlesung/Konferenz
Humanoider Roboter
Biprodukt
Frequenz
Message-Passing
Service provider
Computersicherheit
Schaltnetz
Biprodukt
Service provider
Bildschirmmaske
Web log
Computersicherheit
Endogene Variable
Güte der Anpassung
Codierung
Routing
p-Block
Bitrate
Default
Term
Punkt
Hardware
Sichtenkonzept
Ortsoperator
Computersicherheit
Open Source
Versionsverwaltung
Physikalisches System
Humanoider Roboter
Zeitreise
Service provider
Computeranimation
Methodenbank
Patch <Software>
Benutzerbeteiligung
Dienst <Informatik>
Software
Gamecontroller
Volumenvisualisierung
Projektive Ebene
Chiffrierung
Computersicherheit
Browser
Mathematisierung
Vorlesung/Konferenz
Maßerweiterung
Prädikat <Logik>
Virtuelle Maschine
Subtraktion
Softwareschwachstelle
Mereologie
Maßerweiterung
Ordnung <Mathematik>
Schlüsselverwaltung
Physikalische Theorie
Computeranimation
Aggregatzustand
Übergang
Public-Key-Kryptosystem
PROM
Spider <Programm>
Systemplattform
Term
Elektronische Unterschrift
Computeranimation
Integral
Arithmetisches Mittel
Software
Mereologie
Datentyp
Vorlesung/Konferenz
Benutzerführung
Maßerweiterung
Informationsmodellierung
Browser
Computersicherheit
Mereologie
Besprechung/Interview
Projektive Ebene
Quellcode
Maßerweiterung
Schlüsselverwaltung
Hilfesystem
Verkehrsinformation
Ereignishorizont
Bit
Informationsmodellierung
Datenmissbrauch
Chiffrierung
Rechter Winkel
Vorlesung/Konferenz
Gesetz <Physik>
Hilfesystem
Hinterlegungsverfahren <Kryptologie>
Service provider
Computeranimation
Subtraktion
Dicke
Punkt
Computersicherheit
Open Source
Stellenring
Implementierung
Physikalisches System
Systemplattform
Gesetz <Physik>
Computeranimation
Entscheidungstheorie
Patch <Software>
Weg <Topologie>
Spannweite <Stochastik>
Informationsmodellierung
Rechter Winkel
Software
Mereologie
Server
Gamecontroller
Projektive Ebene
Information
Varietät <Mathematik>
Hypermedia
Rechter Winkel
Datentyp
Computeranimation

Metadaten

Formale Metadaten

Titel Encryption At Scale
Serientitel re:publica 2015
Teil 72
Anzahl der Teile 177
Autor Somogyi, Stephan
Anna Biselli,
Lizenz CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.
DOI 10.5446/31877
Herausgeber re:publica
Erscheinungsjahr 2015
Sprache Englisch
Produktionsort Berlin

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Google’s efforts to increase use and usability of encryption, why it’s partly a human factors issue, and why we think it’s so important.

Ähnliche Filme

Loading...