Talk
Intermediate

The Internet Was Never Meant to Be Secure (But We Fixed It Anyway)

Approved

Contrary to what many believe, the internet is inherently not secure at all. Our data flows through a lot of routers, switches, and other devices that we don't control. These devices could be owned by virtually anyone (governments, private companies, bad actors, etc), so, this begs some really important questions.

  1. Can they read your password? (Confidentiality)

  2. Can they modify your bank transfer amount? (Integrity)

  3. How do you know you're actually talking to your bank and not an imposter? (Authentication)

Fortunately, the answer to all three is "no" – but the story of how we achieved this security is far more fascinating than most people realize.

I will talk about the elegant mathematical foundations and impressive engineering achievements that protect billions of internet users daily. And dive deep into the cryptographic protocols that power modern web security: RSA encryption, Diffie-Hellman key exchange, elliptic curve cryptography, and the intricate TLS handshake that occurs invisibly with every HTTPS request.

But here's the remarkable part: this global security infrastructure isn't controlled by tech giants or government agencies. It's powered by open source software. Projects like OpenSSL (securing two-thirds of the web), Let's Encrypt (providing free SSL certificates to 300+ million websites), and Certificate Transparency (Google's open solution to certificate authority failures) have democratized internet security. Without these FOSS initiatives, we'd likely be paying licensing fees to a handful of corporations for every secure message sent like we do for ATM cards.

I’ll also talk about the problems in internet security like the DigiNotar incident and the Chinese Post Office CA issue, and how FOSS is trying to solve it. And at the end, I’ll highlight some of the unsung OSS projects in the security space.

  • Understanding of core cryptographic protocols (RSA, ECDSA, Diffie-Hellman, TLS)

  • Insight into Public Key Infrastructure and certificate validation

  • Appreciation for open source software's role in global security

  • Practical knowledge applicable to software engineering and security careers

https://datatracker.ietf.org/doc/html/rfc5246
https://datatracker.ietf.org/doc/html/rfc8017
https://certificate.transparency.dev/
https://token.dev/
Knowledge Commons (Open Hardware, Open Science, Open Data etc.)
Other
Technology architecture
Security
Aryan Kumar
SDE
https://linkedin.com/in/ba3a
Speaker Image
100 %
Approvability
1
Approvals
0
Rejections
0
Not Sure

Any relevant events in the cryptography space in India? Would be great to raise awareness of that

Reviewer #1
Approved