Previous month Previous day Next day Next month
By Year By Month By Week Today Search Jump to month

SBA Security Meetup: End-to-end File Encryption in the Web Browser, A Case Study

Download as iCal file
 
Thursday, 13. February 2020, 18:00 - 21:00
Category: Lectures & Presentations | created by This email address is being protected from spambots. You need JavaScript enabled to view it.

End-to-end File Encryption in the Web Browser, A Case Study

Ever thought that encrypting uploaded files in the web browser before it hits the server? Most web browsers nowadays offer encryption modules via the Web Crypto API for the encryption itself, but we’ll soon see that this isn’t enough. What about the correct cipher modes? How can we ensure confidentiality, integrity and authenticity? What about big files and limited memory availability?

In this talk, we’ll cover the following topics:

  • Issues you’ll face when implementing end-to-end file encryption in the browser
  • The crypto basics behind file and metadata encryption
  • The Web Crypto API
  • The FileReader API for chunked uploads
  • The ReadableStream API for chunked downloads
  • Service Workers and how they’ll help us
  • Browser compatibility of the mentioned APIs
  • What we can do to support older browsers
  • The hardest part: key distribution

Speaker:

Thomas Konrad, SBA Research
Talk language: English

About the Speaker:

Thomas Konrad is Principal Security Consultant at SBA Research and has been part of software security team since 2010. He focuses on secure software development, web application security, penetration testing, secure software design, architecture, and process, and trains software development teams in those areas.

Location SBA Research, 1040 Vienna
Contact Bettina Jaber