Video from OSHUG #31 — Privacy and Security
Follow article
Dave from DesignSpark
How do you feel about this article? Help us to provide better content for you.
Dave from DesignSpark
Thank you! Your feedback has been received.
Dave from DesignSpark
There was a problem submitting your feedback, please try again later.
Dave from DesignSpark
What do you think of this article?
The February 2014 Open Source Hardware User Group (OSHUG) meeting featured talks on three very different aspects of privacy and security in computer systems.
Security protocols in constrained environments
First up was Chris Swan, CTO at CohesiveFT and an IoT hacker in his spare time, with a talk on the challenges of implementing security protocols such as TLS, SSH and IPsec, in embedded platforms.
Chris started off by looking at security protocol handshaking and noting how the negotiated parameters are often case of “the lowest common denominator”, resulting in a very poor level of security. He explained that Linux-based platforms are typically much easier to work with thanks to packaged software, but how it can get much more difficult with more deeply embedded systems which may have only an 8-bit processor and a few kilobytes of memory.
RFIDler: a software-defined RFID reader/writer/emulator
Adam Laurie and Andy Ritchie are well known in security circles and provided a background to RFID systems, before introducing their Kickstarter-funded hardware platform, RFIDler.
Between them Adam and Andy covered the hardware and software implementation of RFIDler. They then went on to give a demonstration in which they effortlessly cloned an RFID tag and used it to successfully identify to a reader, showing just how insecure many of these systems are!
Indie: a tale of privacy, civil liberties, and a phone
Aral Balkan gave the final talk of the evening and immediately captured everyone's attention with a graph of Facebook status update frequency, which can be used to ascertain a change in relationship status. Aral went on to chart the evolution of computers from being very large and very much external, to being integral to everyday life and increasingly embedded, and noting how the data they produce is owned by a handful of powerful companies.
Aral's talk meticulously unravelled many of the drivers behind online services which pose a real threat to privacy and, in some cases, civil liberties. Also explaining how most open source technologies in their current form are great for technical users, but a non-starter for most people. In closing, Aral outlined his vision for an alternative to both that is deeply empowering and which brings back ownership of data: experience-driven open source — and in particular Indie Phone, a project that he is currently bootstrapping.
The above summary doesn't give anything like justice to Aral's talk, or the previous summaries to the other two talks, and watching the videos is highly recommended!