Stephan Overbeek, Managing Security Consultant
Stephan Overbeek is Former National Chair of AISA and he is Managing Security Consultant for Shearwater Solutions’ consulting business in Australia. For Shearwater Solutions, Stephan is responsible for helping Australian customers identify information risks and security threats to their business, as well as developing and implementing security management solutions. Stephan is a PCI QSA, meaning he is accredited to conduct PCI on-site reviews for merchants and service providers. Stephan Overbeek supports the information security profession in his role as Director of Special projects for AISA (Australian Information Security Association). Until September 2008 he was the National Chair of AISA.Stephan has over thirteen years’ information security experience, particularly in strategic information security, risk management and compliance within telecoms, financial institutions, retail, government and enterprises. He combines practical experience and theoretical knowledge with strong customer focus.
Stephan is a talented and seasoned speaker, who clearly positions difficult and counter-intuitive subjects and explains these to a varied audience. Stephan’s presentations are informative, interactive, entertaining and sometimes controversial.
Abstract of the talk "Precious"
Cryptographers consider cryptography as a stand-alone topic and field of expertise. Interesting as it may be, it does not operate in a void. The enveloping field of interest is information security. Cryptographers need to understand information security to deliver better cryptographic results.
Cryptography and information security are related; they try to solve similar problems. In this presentation, Stephan will show the relationship between cryptography and information security and both the differences and commonalities between the two.
End-users are not interested in information security in general and cryptography specifically. It is the job for information security specialists and cryptographers to take this lack of interest into account and create solutions that are user-proof.
Cryptography relies on the concept of a “secure environment”. Today, users do not have anything close to a “secure environment”. Yet, people treat their desktops, laptops and other end-user technology as their sanction. This must be the cryptographer’s worst nightmare.
Both cryptography and information security are concerned with valuable information and valuable communication, with confidentiality, integrity and availability of that valuable information and with identifying attacks, threats, vulnerabilities and risks and how to prevent, detect, avoid and protect against those risks. There is too much focus on the negative side and too little on the positive side. We propose a change of focus towards the positive, of course without forgetting the negative. Stephan will take us through this paradigm shift.
In this presentation, Stephan will first provide an information-security-industry-specific look on cryptography, then a society-wide perspective and finally a philosophical view on information security as well as cryptography. The common theme is the paradigm shift from negative to positive, from protection to preciousness:
- Precious is the information that we want to protect, the valuable information for which we need to take all those security measures and apply all those cryptographic tricks.
- Precious is the love for the field of cryptography as well as for information security, both as a field of expertise and as a working environment.
- Last, but certainly not least, precious is the love that Alice and Bob share and that cryptography allows them to share. Bob has the secret key to Alice’s happiness.
- Cryptography versus information security: commonalities and differences
- Information security industry view on cryptography
- Society’s view on information security and cryptography
- Philosophical view on information security and cryptography
Craig Gentry, IBM T.J. Watson Research Center, USA
Craig Gentry is in the cryptography group at IBM T.J. Watson Research Center. His research tends towards the mathematical side of applied cryptography, both constructive (designing efficient and/or highly-functional cryptosystems) and destructive (cryptanalysis).
Before obtaining his Ph.D. in computer science from Stanford under Dan Boneh, he was a senior research engineer at DoCoMo USA Labs on the security and cryptography project.
Abstract of the talk " How the Cloud Can Process Data without Seeing it"
What if you want to query a search engine, but don't want
to tell the search engine what you are looking for? Is
there a way that you can encrypt your query, such that the
search engine can process your query without your
decryption key, and send back a response that (concisely)
encrypts the answer your are looking for? Or, suppose that
you want to store your data in the cloud, encrypted to
maintain privacy, but later want to retrieve only those
files that contain a particular combination of keywords.
Can the cloud server send back encryptions of exactly those
files, even though it cannot "see" the data that is
encrypted? The answer to both of these questions is yes,
if your query or data is encrypted under a "fully
homomorphic" encryption (FHE) scheme.
I'll discuss some recent FHE schemes and their applications. I'll also discuss performance issues, and our ongoing efforts to implement and optimize FHE.