A Retrospective and Prospective on Trust

Abstract

Over the last two decades we have seen ssh keys, certificate authorities, active directory servers and identity provider servers all get compromised. When an attacker is able to comprise the root of trust they can elevate privileges, impersonate users and take down entire businesses. In this talk we will take a look at some prominent hacks of the 21st century and see what lessons can be learned about authentication and authorization. Then we will take a look at emerging architectures that aim to alleviate the trust factor, dubbed zero-trust systems. We will cover the principles of zero-trust as well as some examples of what a zero trust system looks like.