Help me HTTPS, you’re my only hope! Then again, maybe not. In this presentation I’ll show an iPad app that communicates with three Raspberry Pi 3 devices, each controlling a stop light via Elixir and Nerves. So how do we secure the communication such that only the iOS app controls the lights? We'll look at three RPi3 setups, each identical save one very important, security related difference: no security (http), TLS based security (https), and application layer security (srpc). We'll discuss why systems based on RSA, initially designed to solve an open system problem, should not be applied in a rote manner to closed system problems. And we'll look at how the Secure Remote Password (SRP) protocol can offer mutually authenticated application layer security that leaves no room for Man-in-the-Middle issues and attacks. More details here: https://codesync.global/speaker/paul-rogers/