[oshug] OSHUG #31 — Privacy and Security, 20th February 2014.
arback at computer.org
Wed Jan 22 10:31:31 UTC 2014
Registration is now open for the first OSHUG meeting of 2014! Details below.
Event #31 — Privacy and Security (Security protocols in constrained
environments, RFIDler, Indie Phone)
20th February 2014, 17:30 - 20:30 at BCS London, 1st Floor, The
Davidson Building, 5 Southampton Street, London, WC2E 7HA.
The thirty-first OSHUG meeting is dedicated to privacy and security,
with talks on implementing security protocols in constrained
environments, an SDR RFID reader/writer/emulator, and a new initiative
that will use design thinking and open source to create a truly
empowering mobile phone.
— Security protocols in constrained environments
Implementation of security protocols such as TLS, SSH or IPsec come
with a memory and compute overhead. Whilst this has become negligible
in full scale environments it's still a real issue for hobbyist and
embedded developers. This presentation will look at the sources of the
overheads, what can be done to minimise them, and what sort of
hardware platforms can be made to absorb them. The benefits and
potential pitfalls of hardware specific implementations will also be
Chris Swan is CTO at CohesiveFT where he helps build secure cloud
based networks. He's previously been a security guy at large Swiss
banks, and before that was a Weapon Engineering Officer in the Royal
Navy. Chris has tinkered with electronics since pre-school, and these
days has a desk littered with various dev boards and projects.
— RFIDler: A Software Defined RFID Reader/Writer/Emulator
Software Defined Radio has been quietly revolutionising the world of
RF. However, the same revolution has not yet taken place in RFID. The
proliferation of RFID/NFC devices means that it is unlikely that you
will not interact with one such device or another on a daily basis.
Whether it’s your car key, door entry card, transport card,
contactless credit card, passport, etc. you almost certainly have one
in your pocket right now!
RFIDler is a new project, created by Aperture Labs, designed to bring
the world of Software Defined Radio into the RFID spectrum. We have
created a small, open source, cheap to build platform that allows any
suitably powerful microprocessor access to the raw data created by the
over-the-air conversation between tag and reader coil. The device can
also act as a standalone ‘hacking’ platform for RFID
manipulation/examination. The rest is up to you!
Adam “Major Malfunction” Laurie is a security consultant working in
the field of electronic communications, and a Director of Aperture
Labs Ltd., who specialise in reverse engineering of secure systems. He
started in the computer industry in the late Seventies, and quickly
became interested in the underlying network and data protocols.
During this period, he successfully disproved the industry lie that
music CDs could not be read by computers, and wrote the world’s first
CD ripper, ‘CDGRAB’. He was also involved various early open source
projects, including ‘Apache-SSL’ which went on to become the de-facto
standard secure web server. Since the late Nineties he has focused his
attention on security, and has been the author of various papers
exposing flaws in Internet services and/or software, as well as
pioneering the concept of re-using military data centres (housed in
underground nuclear bunkers) as secure hosting facilities.
Andy Ritchie has been working in the computer and technology industry
for over 20 years for major industry players such as ICL, Informix,
British Airways and Motorola. Founding his first company, Point 4
Consulting at the age of 25, he built it into a multi-million pound
technology design consultancy. Point 4 provided critical back end
technology and management for major web sites such as The Electronic
Telegraph, MTV, United Airlines, Interflora, Credit Suisse,BT,
Littlewoods and Sony. Following Point 4 he went on to found Ablaise, a
company that manages the considerable intellectual property generated
by Point 4, and Aperture Labs. In his spare time he manages the worlds
largest and longest running security conference, Defcon. Andy's
research focuses on access control systems, biometric devices and
embedded systems security, and he has spoken and trained at
information security conferences in Europe and the US publicly and for
private and governmental audiences. He is responsible for identifying
major vulnerabilities in various access control and biometric systems,
and has a passion for creating devices that emulate access control
tokens either electronic physical or biometric. Andy has been
responsible both directly and indirectly for changing access control
guidelines for several western governments. Andy is currently a
director of Aperture Labs Ltd, a company that specialises in reverse
engineering and security evaluations of embedded systems.
— Indie: a tale of privacy, civil liberties, and a phone
Can a phone really help protect our civil liberties? Aral Balkan
thinks so. And he’s embarked on an audacious journey to make one. Join
us to hear the introduction of a two-year story that is only just
Aral Balkan is is founder and designer of Indie Phone, a phone that
empowers mere mortals to own their own data.
Note: Please aim to by 18:15 as the first talk will start at 18:30 prompt.
More information about the oshug