Upgrade to Pro — share decks privately, control downloads, hide ads and more …

End-to-End Encryption

Mrinal Wadhwa
August 19, 2021
0
130

End-to-End Encryption

Mrinal Wadhwa

August 19, 2021
Tweet

More Decks by Mrinal Wadhwa

See All by Mrinal Wadhwa
End-to-End Encryption in Elixir with Ockam
mrinalwadhwa
0
250
Identiverse 2021 - Cryptographic Protocols for Machine Identities and Credentials
mrinalwadhwa
0
29
End-to-end encryption with BEAM and Elixir
mrinalwadhwa
1
59
Cryptographic Protocols for a Secure and Private IoT
mrinalwadhwa
0
31
Trust Architectures in IoT
mrinalwadhwa
0
120
Privacy, a competitive advantage.
mrinalwadhwa
0
83
Fighting Complexity in Elixir
mrinalwadhwa
0
200
IoT needs Secure Messaging and How Rust Can Help
mrinalwadhwa
1
180
Just Enough Math to Understand Elliptic Curve Cryptography
mrinalwadhwa
1
420

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Testing 201, or: Great Expectations
jmmastey
28
6.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
17
6.4k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
10 Git Anti Patterns You Should be Aware of
lemiorhan
648
58k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
Designing for humans not robots
tammielis
248
25k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
A Philosophy of Restraint
colly
197
16k

Transcript

  1. End-to-End Encryption. Mrinal Wadhwa Ockam

  2. None
  3. None
  4. None

  5. hello

  6. 0xaf3d…

  7. hello

  8. 0xcdfa…

  9. hello

  10. hello

  11. 0x14d8…

  12. 0x14d8…

  13. 0x14d8…

  14. hello

  15. They’re both secure channels. The green one is decoupled from

    the transport layer, which is why it can be - end-to-end.

  16. Secure Channels protect en-route data from tampering, forgery and eavesdropping.

    It’s not just about con fi dentiality.

  17. THREAT DESIRED PROPERTY S Spoo fi ng identity Identi fi

    cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con fi dentiality D Denial of service Availability E Elevation of privilege Authorization The STRIDE threat model.

  18. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 Secure Channels

  19. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 The shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange

  20. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 AEAD_AES_128_GCM, AEAD_AES_256_GCM, AEAD_AES_128_CCM, AEAD_CHACHA20_POLY1305 X3DH, SIGMA protocols, Noise Protocol Framework …. Double Ratchet, Rekey …

  21. All Secure Channel designs are not equal …

  22. None
  23. None
  24. None
  25. None
  26. None

  27. Implementing an end-to-end secure channel protocol, from scratch, is complex,

    error prone, and will take more time than application teams can typically dedicate to this problem. But, if we can make it easy …

  28. Mutually Authenticated, End-to-End Encrypted Secure Channels enable an application to

    enforce least-privileged access to commands, data, con fi guration, machine-learning models, and software updates that are fl owing, as messages, between its distributed parts. We can build applications that have a strikingly smaller vulnerability surface.

  29. Remove implicit trust in porous network boundaries

  30. A lot of people say their Industrial Control Systems are

    air-gapped but what they mean is they think they are air-gapped. – Andrew Tierney: Pwning an oil rig, DEF CON 27 creativecommons.org/licenses/by/3.0/legalcode youtube.com/watch?v=JoJ6uzIsQNs

  31. Remove implicit trust in porous network boundaries

  32. Remove implicit trust in porous network boundaries

  33. Lower trust in intermediaries

  34. Lower trust in intermediaries

  35. Lower trust in intermediaries

  36. Lower trust in intermediaries

  37. Secure Channels can become considerably more powerful if we decouple

    them from the transport layer.

  38. They’re both secure channels. The green one is decoupled from

    the transport layer, which is why it can be - end-to-end.
  39. None
  40. None
  41. None

  42. Ockam is a suite of open source programming libraries that

    make it simple for distributed applications to dynamically create any number of lightweight, mutually authenticated, end-to-end encrypted, granularly authorized secure channels.
  43. None

  44. github.com/ockam-network/ockam#next-steps Mrinal Wadhwa CTO, Ockam mrinal 🙏 thank you.