sec-t 2024

This has been in my draft folder since September. Sorry! It's been a few months with ups and downs, mostly downs. Energy to spend time on blogging has been low. Hell, energy to do much of anything has been low. I'm trying to clean out the drafts folder and will post more stuff.

— — —

I attended the security conference sec-t 2024 in Stockholm the other week. I held a presentation during the Community Event, Wednesday September 11: "Verifying the Tillitis TKey".

The TKey uses a novel way of helping guarantee hardware supply chain security to the end-user. During the end-phase of production we at Tillitis run a device app, where the TKey automatically creates a unique identity inspired by TCG DICE and then sign and publish data about this identity. The identity and the signature can be independently verified at any time by a user to help verify that the TKey hasn't been tampered with.

Here's the repo to the tool we use during signing and that users can use for verification:

https://github.com/tillitis/tkey-verification/

As always, it's open source.

A recording of my talk is available on Youtube:

https://www.youtube.com/watch?v=qWjj-yoz90M

You should also go watch my friend Joel's very nice talk "Demystifying confidential computing":

https://www.youtube.com/watch?v=vdj9Pr-6dq8

He very skillfully read up on all these technologies so you won't have to wade through all the marketing bullshit. Thanks, Joel!

Sorry about the Youtube links, but sec-t doesn't provide any other media archive. Can't they use https://media.ccc.de/ like everyone else? I don't know.

Incidentally, it seems I can't watch Youtube from my workstation at home anymore: "Sign in to prove you're not a bot". Ha! Like I would sign in to Youtube!? It's probably good for me not to be able to get stuck in Youtube at the moment anyway.

I was incredibly nervous before and during my talk to the point of stuttering, restarting sentences, and sometimes even mangling words, but did the presentation without script in front of my biggest audience so far. 1250+ tickets sold, but this was during the Community Day which was open to the public. Also livestreamed. Aaaaaah! All in all, it went better than expected. And I think I need this.

My friend Caitlin watched my talk. She said these sweet words:

I like your erudition combined with silliness! Everything in tech doesn't have to be so fucking butch - like a toxic masculitinity parade! I, like you, remember when tech was just so damned weird and fun.

Yes! More weirdness! More fun! More silliness!

In infosec there's a special kind of tech bro who likes to flex association with government agencies. And, oh boy, there were a lot of agencies at sec-t. I hadn't realized just how much. There were booths from the Security Service SÄPO, the Swedish sigint agency FRA, the Swedish military intelligence service MUST, et cetera, et cetera.

I stayed at the rather fancy Hotel Rival. sec-t even paid for it! Not used to that. They had booked me in a Superior room but I was upgraded to a Deluxe Balcony room. Very nice. I now also know what "Turndown Service" means. A strange service. I asked them to please skip my room.

Very nice breakfast at Rival, even for a picky, allergic vegan like me. The bar also made quite nice cocktails.

I attended sec-t's Thursday night party for just a couple of hours. Instead me and two friends brought some Security Service merch to the libertarian Frihetsfronten's monthly pub meeting. Frihetsfronten used to be under surveillance from the Security Service way back when. Got a lot of giggles. They're not my kind of anarchists, really, but usually fun to hang out with. Remember Tritnaha and Docklands? Yeah.

Spoke to some very nice and interesting people both backstage and while milling around at sec-t. The speaker's dinner was a very nice touch.

Of course the train home was slightly late, but that was OK. My boss had it much worse going Stockholm-Gothenburg, what with all the repairs going on on the tracks.

Let's see if I'm welcome back as a speaker at future sec-t conferences.