Calgary UNIX User’s Group (CUUG) – PKI Encryption: More Vulnerable Than Most Imagine, June 26

About the conference:

Speaker: Andrew Ginter, Director of Industrial Security, Waterfall Security Solutions

Encryption based on the Public Key Infrastructure (PKI) is the workhorse of e-commerce. It ensures transaction confidentiality and authenticity, even in the face of sophisticated man-in-the-middle (MIM) attacks. Its Achilles heel though, is “key management” — the system of certificate authorities that try to ensure that public keys are authentic. This presentation introduces PKI concepts, vulnerabilities and a variety of attacks possible when key management is compromised, including several recent compromises of and vulnerabilities in the certificate authority system. The presentation winds up with a discussion of what this all means for industrial control system security, where there have been long-standing calls for greater use of strong encryption to defend critical infrastructures from cyber-sabotage. 

Andrew is the Director of Industrial Security at Waterfall Security Solutions. He is a long-time Calgarian who’s had UNIX/Linux on the brain for way too long. Early on he settled into building industrial control systems. After that he helped build a middleware product that connected up a lot of control system networks to business networks, which seemed like a good idea at the time. Even later, he wound up building security products, trying to plug the kinds of security holes he created by connecting up those networks. Nowadays he talks a lot and writes a bit — about cool security stuff if possible.

Conference links:

Conference Website