YoVDO

Data as a New Security Boundary - Cryptography and Supporting Controls

Offered By: OWASP Foundation via YouTube

Tags

Cryptography Courses Encryption Courses End-to-End Encryption Courses Data Security Courses Key Management Courses Secure Multi-Party Computation Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive keynote on data security and cryptography as the ultimate security control. Delve into various encryption approaches, including end-to-end encryption for NoCode platforms, DRM-like protection for ML models, and encrypted message exchange for CRDT-based real-time syncing apps. Examine the supporting security controls necessary for effective cryptography implementation, such as API protection, anti-fraud systems, mobile device attestation, and authentication/authorization. Gain insights into how "strong cryptography" evolves into a "real-world security boundary around sensitive data" across different contexts. Learn about application-level encryption, Zero Trust Architecture, and Zero Knowledge Architecture. Discover privacy-enhancing cryptographic techniques like SMPC, PSI, FHE, and OPAQUE. Investigate practical implementations, including proxy-side field-level encryption, key hierarchies for databases, and cryptographic solutions for NoCode and fintech platforms. Understand the pros and cons of various approaches and the importance of full compartmentalization and transparency in data security.

Syllabus

Intro
Things we won't talk about
Data security depends on a data flow
Data security 101
Encryption is an ultimate data security measure
A02:2021-Cryptographic Failures. Focused mostly on crypto usage and implementation.
A04:2021-Insecure Design. Focused on design, missing or wrong security controls.
Application-level encryption (ALE)
End-to-end encryption
Zero Trust / Zero Trust Architecture
Zero Knowledge Architecture (ZKA) - system where no one has access to unencrypted data, except the user (node, service, person). Also known as No Knowledge Systems
Other exciting crypto terms Privacy enhancing cryptography: SMPC, PSI, PIR, FHE, PAKE, OPAQUE.
Security controls to support crypto
Pros & Cons
Proxy-side field-level encryption Acra
Key hierarchy Database
ALE for NoCode platform
Crypto + supporting controls 1. Key management, separate key per customer (BYOK). 2. Full compartmentalization: customer's data is located in different DBs, encrypted by different key, each app uses its own DAO. 3. Full transparency - the platform doesn't have access to customer's
ALE for fintech platform


Taught by

OWASP Foundation

Related Courses

Asymmetric Cryptography and Key Management
University of Colorado System via Coursera Introduction to Applied Cryptography
University of Colorado System via Coursera Applied Cryptography
University of Colorado System via Coursera Designing for Advanced Security within AWS
Pluralsight Creating Security Baselines in Microsoft Azure
Pluralsight