Bringing Usable Crypto to 7 Million Developers

Monday, January 27, 2020 - 2:30 pm3:00 pm

Kenn White, MongoDB


Most databases in use today have an implicit central trust model—the idea being that system operators have full privilege to access and manage the information being processed in order to perform their work. This poses a problem in at least two particular cases: one, when the workload contains highly sensitive or confidential information, and two, when data are being processed and stored on third-party infrastructure such as a public cloud provider. In a central (or server-side) trust model, a live database breach or leak from publicly-exposed backups or logs can be catastrophic. One approach to protect both data-at-rest and data-in-use is client-side end-to-end encryption, in which sensitive data are encrypted at the application level before ever being sent to the server. Unfortunately, for mature modern databases, few options for native client-side encryption have existed for developers, particularly in the open-source world.

This talk will present lessons learned from nearly two years of engineering work spanning every major programming language, hardware platform, and operating system, to bring simple, usable authenticated encryption as a first-class citizen to the most widely deployed NoSQL database in the world. Insights from simple use cases of small stand-alone servers to some of the most demanding global distributed mission systems will be discussed. We'll review promising emerging cryptography and discuss the practical impact to developers and system designers.

Kenn White, MongoDB

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC. He tweets about security, privacy, cryptography, and biscuits: @kennwhite.

@conference {244698,
author = {Kenn White},
title = {Bringing Usable Crypto to 7 Million Developers},
year = {2020},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = jan

Presentation Video