Security

Fighting back against Libra - Decentralizing Facebook Connect

Nym Anonymous Authentication Credentials
Curie
Harry Halpin
The power of Facebook derives from its control over your digital identity. However, the fundamental technologies behind anonymous (attribute-based) authentication credentials have existed since the mid-90s. This talk will cover new advances in anonymous authentication credentials, how the work was nearly killed by Facebook, and their real-world implementation, including their use in the Nym project's mix-net, cryptocurrency, and decentralized messaging applications.
How do we pratically defeat Facebook and build an anonymous internet? Let's start with the building blocks: Getting rid of Facebook Connect using decentralized and privacy-enhancing technologies, then using that as a lever to build the rest of the system. Anonymous authentication credentials have existed since early blind signature schemes, but have historically been both inefficient and required centralized (if often blind!) trusted third parties. New advances such as UnlimitID and the Coconut signature scheme have allowed the creation of "Nym credentials" that are both decentralized and privacy-preserving. We'll go into three use-cases: Mix-networks Credentials allow mix-nets, which provide anonymity at the network level in even a stronger manner than Tor, to both avoid spam (sybil) attacks and grow in a robust, decentralized manner, avoiding the need of proof of work algorithms. Messaging In combination with the new IETF MLS (Message Layer Security) protocol to replace Signal, anonymous authentication credentials can enable a more privacy-preserving messenger. Cryptocurrency If Facebook is building Libra, we'll show how we can take their fundamental design and make it - or any other cryptocurrency - privacy--preserving using Nym credentials Lastly, we'll review how we build the initial work using European Commission funding from NEXTLEAP and PANORAMIX, how Facebook nearly killed the project, and now how we are building from both non-profit and private sector sources, including hiring ex-Facebook employees to work on privacy.

Additional information

Type lecture
Language English

More sessions

8/21/19
Security
Thomas Fricke
Curie
The talks shows the security model of Kubernetes and how to detect and fight security weaknesses with a few lines of scripting.
8/21/19
Security
Carsten Strotmann
Meitner
Seldom have DNS protocol changes sparked such fierce debate as happen in the case of DNS-over-HTTPs (Doh) and it's little cousin, DNS-over-TLS (DoT). While for many people it is a matter of black and white, the reality out there is various shades of grey ;) This talk will discuss the technical and political aspects of these DNS privacy protocols, where they come from, who is implementing DoH/DoT (both in the browser space and otherwise) and why it is a [good|bad] idea to support these protocol ...
8/21/19
Security
Egor
Meitner
Typical home networks use a closed-source Internet Service Provider supplied router/firewall and contain no restrictions on communications between clients within the network. The widespread deployment of network-connected appliances, control systems, lighting, etc, means that this design is insecure. This talk will cover the basics of networking, including why and how segregation of different types of network clients and traffic can be achieved to increase privacy and security.
8/21/19
Security
Meitner
We have learned that Math might be our last defence line against a real existing all-encompassing surveillance. One central challenge in this conflict is to combine authentication and anonymity. Number theory provides us many tools to create really surprising technologies for social communication. A lot of these technologies have not yet been brought to the world of concrete implementations. This has the implication that some ideas which have been presented years ago are not covered by patents ...
8/21/19
Security
Dennis Giese
Meitner
Remember the good old fun sport, where people bought random hard drives from ebay and did forensics on them? Did you know you can do the same thing with used IoT devices too? Most end-users have no idea what kind of information their devices are storing and how to securely clean their devices (if that even is possible). Lets explore together what the risks are and how we can extract that data.
8/22/19
Security
Eileen Wagner
Curie
This case study of NoScript’s UX redesign showcases tried and true design principles that make security tools usable to a wider range of audiences.
8/22/19
Security
cy
Curie
i'll show how the average developer (like me) can secure their software and systems by automatically checking for known vulnerabilities and security issues as part of their CI-Toolchain. The Talk will introduce basic security knowhow, then show how you can use Open Source Frameworks to check for vulnerable dependencies, containers and (web-)APIs in a live demo