Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

Oh, yes! I’m speaking at DefCon again… The topic this time is Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust. And as an added bonus, unlike last year, it looks I won’t be speaking opposite General Alexander, head of the NSA, in the next room.

My new talk builds on the previous one, Hacking Measured Boot and UEFI (video here), by demonstrating how data protection can be bound to the security disposition of the user device. Using tamper-resistant hardware and government-class crypto we can:

  • Control the release of sensitive data in such a way that only a specific, trusted device, free of rootkits and other malware, can decrypt it
  • Force the application to reacquire the data if and when the security disposition of the underlying device changes. If the device is compromised, the ability to decrypt previously downloaded data is permanently lost.

…even on consumer-class phones and tablets.

But don’t worry, I’ll talk about the fine print, too: what’s the threat model, where are the weak points, and what are the risks.

See you in Vegas!

Update – here’s my deck from the DefCon presentation:

Leave a Reply