Un-f*$#ing Cloud Storage Encryption

ShmooCon XV - 2019

Presented by: Adam Everspaugh
Date: Sunday January 20, 2019
Time: 11:00 - 11:50
Location: Belay It room
Track: Belay It

Individuals, enterprises, and government agencies encrypt information before uploading to commodity cloud storage systems like Box or Amazon’s S3 to gain strong security in the event the storage provider is compromised. Regulations like HIPAA and PCI (and good security hygiene) require that encryption keys be rotated periodically. The current schemes in use for rotating encryption keys are either infeasible or insecure as we discuss in this presentation. We describe attacks against the current scheme and present two new encryption schemes that improve the security of key rotation offering different security and performance trade-offs.

Adam Everspaugh

Dr. Adam Everspaugh (@AdamEverspaugh) is a cryptographer and software engineer. He researches and presents on topics including oblivious password hardening, secure random number generators, and updatable encryption. Adam is a security engineer for Coinbase, and a cryptographic advisor to Keeper Security (password management service), and the distributed app platform Mainframe.com.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats