Secure tunnel framework for Erlang and mobile apps

This will likely be a small talk, with room for additional mini talks.

The Secure Remote Password Cryptor (SRPC) addresses mobile app security in a post web-app world. SRPC provides HTTPS quality security without the explicit transfer of trust inherent in using HTTPS with PKI. SRPC is immune to HTTPS Man-in-the-Middle issues and also provides many features out-of-scope for HTTPS.

SRPC requires a pair of libraries, one on the client device and one on the server. To create an easy way for mobile app developers to try SRPC, I've built a Erlang OTP system that acts as an SRPC tunnel to an "unaltered" HTTP server. The system is comprised of:

• srpc_lib: Low-level functionality
• srpc_srv: The SRPC protocol
• srpc_elli: An Elli layer to expose srpc_srv to an elli app

There are two optional pieces:

• srpc_elli_proxy: Proxies request to the "unaltered" HTTP server
• srpc_elli_lager: Lager module

Finally, I have a test system for testing the iOS framework (Android is underway):

• srpc_elli_test: Test implementation

Presented by Paul Rogers, an independent software engineer with many years of development experience across multiple platforms using a number of different computer languages. He has a Master of Science in Mathematics, which helps him dig into the internals of cryptography, and a Master of Science in Physical Oceanography.