Upgrade to Pro — share decks privately, control downloads, hide ads and more …

End-to-End Encryption

Mrinal Wadhwa
August 19, 2021
0
97

End-to-End Encryption

Mrinal Wadhwa

August 19, 2021
Tweet

More Decks by Mrinal Wadhwa

See All by Mrinal Wadhwa
End-to-End Encryption in Elixir with Ockam
mrinalwadhwa
0
180
Identiverse 2021 - Cryptographic Protocols for Machine Identities and Credentials
mrinalwadhwa
0
10
End-to-end encryption with BEAM and Elixir
mrinalwadhwa
1
51
Cryptographic Protocols for a Secure and Private IoT
mrinalwadhwa
0
24
Trust Architectures in IoT
mrinalwadhwa
0
100
Privacy, a competitive advantage.
mrinalwadhwa
0
37
Fighting Complexity in Elixir
mrinalwadhwa
0
150
IoT needs Secure Messaging and How Rust Can Help
mrinalwadhwa
1
160
Just Enough Math to Understand Elliptic Curve Cryptography
mrinalwadhwa
1
310

Featured

See All Featured
Designing the Hi-DPI Web
ddemaree
273
32k
Six Lessons from altMBA
skipperchong
15
2.3k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
217
21k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
24
4.7k
Atom: Resistance is Futile
akmur
256
24k
Scaling GitHub
holman
453
140k
Embracing the Ebb and Flow
colly
75
3.6k
How to name files
jennybc
47
73k
Done Done
chrislema
178
15k
Infographics Made Easy
chrislema
235
17k
Art, The Web, and Tiny UX
lynnandtonic
284
18k

Transcript

  1. End-to-End Encryption. Mrinal Wadhwa Ockam

  2. None
  3. None
  4. None

  5. hello

  6. 0xaf3d…

  7. hello

  8. 0xcdfa…

  9. hello

  10. hello

  11. 0x14d8…

  12. 0x14d8…

  13. 0x14d8…

  14. hello

  15. They’re both secure channels. The green one is decoupled from

    the transport layer, which is why it can be - end-to-end.

  16. Secure Channels protect en-route data from tampering, forgery and eavesdropping.

    It’s not just about con fi dentiality.

  17. THREAT DESIRED PROPERTY S Spoo fi ng identity Identi fi

    cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con fi dentiality D Denial of service Availability E Elevation of privilege Authorization The STRIDE threat model.

  18. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 Secure Channels

  19. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 The shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange

  20. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 AEAD_AES_128_GCM, AEAD_AES_256_GCM, AEAD_AES_128_CCM, AEAD_CHACHA20_POLY1305 X3DH, SIGMA protocols, Noise Protocol Framework …. Double Ratchet, Rekey …

  21. All Secure Channel designs are not equal …

  22. None
  23. None
  24. None
  25. None
  26. None

  27. Implementing an end-to-end secure channel protocol, from scratch, is complex,

    error prone, and will take more time than application teams can typically dedicate to this problem. But, if we can make it easy …

  28. Mutually Authenticated, End-to-End Encrypted Secure Channels enable an application to

    enforce least-privileged access to commands, data, con fi guration, machine-learning models, and software updates that are fl owing, as messages, between its distributed parts. We can build applications that have a strikingly smaller vulnerability surface.

  29. Remove implicit trust in porous network boundaries

  30. A lot of people say their Industrial Control Systems are

    air-gapped but what they mean is they think they are air-gapped. – Andrew Tierney: Pwning an oil rig, DEF CON 27 creativecommons.org/licenses/by/3.0/legalcode youtube.com/watch?v=JoJ6uzIsQNs

  31. Remove implicit trust in porous network boundaries

  32. Remove implicit trust in porous network boundaries

  33. Lower trust in intermediaries

  34. Lower trust in intermediaries

  35. Lower trust in intermediaries

  36. Lower trust in intermediaries

  37. Secure Channels can become considerably more powerful if we decouple

    them from the transport layer.

  38. They’re both secure channels. The green one is decoupled from

    the transport layer, which is why it can be - end-to-end.
  39. None
  40. None
  41. None

  42. Ockam is a suite of open source programming libraries that

    make it simple for distributed applications to dynamically create any number of lightweight, mutually authenticated, end-to-end encrypted, granularly authorized secure channels.
  43. None

  44. github.com/ockam-network/ockam#next-steps Mrinal Wadhwa CTO, Ockam mrinal 🙏 thank you.