The world of security research is fraught with ethical dilemmas, and open research on how to backdoor and subvert systems certainly brings its fair share. Releasing code for an intentionally flawed encryption implementation or a design for a system that appears to be secure, but in fact allows an attacker to easily recover secret data - this pushes the limits of doing more harm than good, yet is critically important for defenders. Without solid research into how systems could be effectively and efficiently backdoored, defenders quickly fall behind, giving clever attackers a strong upper hand. Defenders, those charged with reviewing code and designs may be able to easily detect the cliched sending emails with credit card numbers, but how prepared are they for a better class of attacker? This talk seeks to cover both the need for the information gained, especially through events such as the Underhanded Crypto Contest, and the risks that it presents.
Adam Caudill is an independent security researcher and software developer with more than 15 years of experience. He primarily focuses on application security, secure communications, and cryptography, though also works with hardware, embedded systems, and related technologies. His research and writing has been cited by media outlets and publications around the world. Active blogger, open source contributor, and advocate for user privacy and protection. Adam is also the founder of the Underhanded Crypto Contest.