The thirty-first OSHUG meeting is dedicated to privacy and security, with talks on implementing security protocols in constrained environments, an SDR RFID reader/writer/emulator, and a new initiative that will use design thinking and open source to create a truly empowering mobile phone.
Security protocols in constrained environments
Implementation of security protocols such as TLS, SSH or IPsec come with a memory and compute overhead. Whilst this has become negligible in full scale environments it's still a real issue for hobbyist and embedded developers. This presentation will look at the sources of the overheads, what can be done to minimise them, and what sort of hardware platforms can be made to absorb them. The benefits and potential pitfalls of hardware specific implementations will also be examined.
Chris Swan is CTO at CohesiveFT where he helps build secure cloud based networks. He's previously been a security guy at large Swiss banks, and before that was a Weapon Engineering Officer in the Royal Navy. Chris has tinkered with electronics since pre-school, and these days has a desk littered with various dev boards and projects.
RFIDler: A Software Defined RFID Reader/Writer/Emulator
Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution has not yet taken place in RFID. The proliferation of RFID/NFC devices means that it is unlikely that you will not interact with one such device or another on a daily basis. Whether it’s your car key, door entry card, transport card, contactless credit card, passport, etc. you almost certainly have one in your pocket right now!
RFIDler is a new project, created by Aperture Labs, designed to bring the world of Software Defined Radio into the RFID spectrum. We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over-the-air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination. The rest is up to you!
Adam “Major Malfunction” Laurie is a security consultant working in the field of electronic communications, and a Director of Aperture Labs Ltd., who specialise in reverse engineering of secure systems. He started in the computer industry in the late Seventies, and quickly became interested in the underlying network and data protocols.
During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world’s first CD ripper, ‘CDGRAB’. He was also involved various early open source projects, including ‘Apache-SSL’ which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.
Andy Ritchie has been working in the computer and technology industry for over 20 years for major industry players such as ICL, Informix, British Airways and Motorola. Founding his first company, Point 4 Consulting at the age of 25, he built it into a multi-million pound technology design consultancy. Point 4 provided critical back end technology and management for major web sites such as The Electronic Telegraph, MTV, United Airlines, Interflora, Credit Suisse,BT, Littlewoods and Sony. Following Point 4 he went on to found Ablaise, a company that manages the considerable intellectual property generated by Point 4, and Aperture Labs. In his spare time he manages the worlds largest and longest running security conference, Defcon. Andy's research focuses on access control systems, biometric devices and embedded systems security, and he has spoken and trained at information security conferences in Europe and the US publicly and for private and governmental audiences. He is responsible for identifying major vulnerabilities in various access control and biometric systems, and has a passion for creating devices that emulate access control tokens either electronic physical or biometric. Andy has been responsible both directly and indirectly for changing access control guidelines for several western governments. Andy is currently a director of Aperture Labs Ltd, a company that specialises in reverse engineering and security evaluations of embedded systems.
Indie: a tale of privacy, civil liberties, and a phone
Can a phone really help protect our civil liberties? Aral Balkan thinks so. And he’s embarked on an audacious journey to make one. Join us to hear the introduction of a two-year story that is only just beginning.
Note: Please aim to by 18:15 as the first talk will start at 18:30 prompt.