Securing Network Communications: An Investigation into Certificate Authorities on Mobile

Tech 1 (718A) October 18, 2016 10:15 am - 11:15 am Feedback     

Bookmark and Share

Andrew Blaich

This talk will take an in-depth look at the certificate authorities (CAs) found on mobile devices today. The CAs included in our mobile devices make up the roots of trust that our secure network transactions rely on to validate that the servers we are talking to are who they say they are. Focusing specifically on mobile devices, but also addressing non-mobile, this talk will look at the current state of and the changes happening with the CAs, including who is there, who is being added, and who is being removed. Additionally, this talk will look at the technical changes happening for mobile app developers in the latest mobile operating systems to help take control of the trust chain via techniques like certificate pinning and the trusting (or not trusting) of specific certificate authorities. Furthermore, it will offer a case-study of how some app developers are already actively limiting the CAs they trust.