All our online activities today heavily depend on various trust assumptions of the TLS encryption ecosystem, be it for private use, e-health applications, business affairs, or e-commerce. Trust is typically expressed by accepting a PKI's public root keys, on top of which a trust chain to an entity's key is constructed. These trust chains, however, have a number of problems: If any of the elements on a trust chain is compromised, the final authentication statement is meaningless, that is, impersonation and man-in-the-middle attacks occur, hence our online activities are not secure.
In the talk, we show numerous weaknesses of the world’s largest encryption ecosystem and present a blockchain-based PKI enhancement that offers fixes by automatic responses to CA misbehavior and incentives for those who help detect misbehavior. The decentralized nature and smart contracts allow for open participation, offer incentives for vigilance over CAs, and enable financial recourse against misbehavior.
Raphael Reischuk is a member of several international program committees for information security; he is a frequent and passionate speaker at international conferences and appears regularly on topics of network, web and cyber security. Raphael Reischuk is the author of numerous scientific publications in various fields of IT security and cryptography, for which he has received several (international) awards.
After studying computer science with a focus on information security, Raphael Reischuk received his PhD with distinction in web and cloud security at the Information Security and Cryptography Group at CISPA (the Center for IT-Security, Privacy, and Accountability) at Saarland University and Cornell University. Before joining Zühlke Engineering AG, he worked as Senior Information Security Researcher at ETH Zürich, where he has done research and teaching on secure Internet architectures and co-developed SCION.
|4:45 pm||Arrive and grab first drink|
|5:00 pm||Talk by our cyber security specialist Raphael Reischuk, followed by discussion|
|~6:00 pm||Enjoy the Apéro|
|~7:00 pm||End of the event|
The event is open for everyone interested in the topic – whether internal or external. So feel free to bring colleagues!
Participation is free of charge.
Please note that photographs will be taken throughout the Tech Talk. These will be used for marketing and publicity in our publications, on our website and in social media or in any third party publication. Please contact the event organizer if you have any concerns or if you wish to be exempted from this activity.