End-to-end File Encryption in the Web Browser: A Case Study

Security Meetup by SBA Research
Security Meetup by SBA Research
Öffentliche Gruppe

SBA Research

Floragasse 7 · Wien

Wie du uns findest

Take the elevator to the 5th floor, and ring the doorbell at SBA Research.

Bild des Veranstaltungsortes

Details

*** AT THE MEETUP, WE ARE GIVING AWAY A FREE CONFERENCE TICKET TO SEC4DEV (https://sec4dev.io)! ***

Ever thought of encrypting uploaded files in the web browser before they hit the server? Most web browsers nowadays offer encryption modules via the Web Crypto API for the encryption itself, but we’ll soon see that this isn’t enough. What about the correct cipher modes? How can we ensure confidentiality, integrity and authenticity? What about big files and limited memory availability?

In this talk, we’ll cover the following topics:

• Issues you’ll face when implementing end-to-end file encryption in the browser
• The crypto basics behind file and metadata encryption
• The Web Crypto API
• The FileReader API for chunked uploads
• The ReadableStream API for chunked downloads
• Service Workers and how they’ll help us
• Browser compatibility of the mentioned APIs
• What we can do to support older browsers
• The hardest part: key distribution

Speaker:
Thomas Konrad, SBA Research
Talk language: English

About the Speaker:
*********************

Thomas Konrad is Principal Security Consultant at SBA Research and has been part of software security team since 2010. He focuses on secure software development, web application security, penetration testing, secure software design, architecture, and process, and trains software development teams in those areas.

Agenda
*********
18:00: Gathering
18:15: Talk "End-to-end File Encryption in the Web Browser: A Case Study" by Thomas Konrad
19:00: Q&A
19:15: Drinks, snacks, discussions, socializing!

Looking forward to seeing you there!

Photo by Markus Spiske on Unsplash