End-to-End Encryption in Elixir with Ockam

Transcript

1. End-to-End Encryption in Elixir with Ockam Mrinal Wadhwa CTO, Ockam

   mrinal

2. Verb Subject Object Allow / Deny

3. Action Subject Resource Allow / Deny

4. None

5. The operating environment of a typical application looks like this.

   Internet Infra Network Machine Application

6. The operating environment of a typical application looks like this.

   Internet Application Cloud / Data Center / Home / Hospital / Factory … VPC / Kubernetes / NAT / Edge / No-IP wireless / Industrial VM / Container / K8s Pod / Rack Server / IoT 
 Industrial / Embedded / Edge Device

7. Distributed applications work by sending each other messages across networks,

   over the Internet. Internet Infra Network Machine Application Internet Infra Network Machine Application Data, Commands, Acknowledgments, Configuration & Software Updates

8. To be secure both sides must check incoming messages for

   integrity and authenticity. Internet Infra Network Machine Application Internet Infra Network Machine Application Message Integrity & Authenticity Sender Identi fi cation & Authentication Authorization There is a complex set of cryptographic protocol guarantees that go into delivering those checkmarks.

9. To ensure user privacy and to protect business data both

   sides must have control of data con fi dentiality and access. Internet Infra Network Machine Application Internet Infra Network Machine Application Message Integrity & Authenticity Sender Identi fi cation & Authentication Authorization Con fi dentiality There is a complex set of cryptographic protocol guarantees that go into delivering those checkmarks.

10. Internet Infra Firewalls / VPN / TLS termination Machine Application

    Internet Infra Machine Application Traditional approach is to check our message guarantees at network boundaries. Firewalls / VPN / TLS termination

11. Internet Infra VPN Internet Infra VPN But network boundaries typically

    have hundreds of machines and thousands of applications within them.

12. Internet Infra VPN Internet Infra VPN All code in both

    networks must have no weaknesses for an application developer’s work to be secure.

13. Lab 1 Lab 2 Lab 500 Cloud AZ 1 Cloud

    AZ 2 Data Center 1 Data Center 2 All code in all deployment networks must have no weaknesses for an application developer’s work to be secure.

14. Lab 1 Lab 2 Lab 500 Cloud AZ 1 Cloud

    AZ 2 Data Center 1 Data Center 2 Gateways Event Streams Pub/Sub Queues All code in all deployment networks and all service provider networks must have no weaknesses for an application developer’s work to be secure. This also violates the principle of least privilege

15. Goal: Dependable, Trustworthy, Reliable applications To build a secure and

    private application that can be trusted by users and customers - we need to minimize the chances (vulnerability surface) of someone tricking our application into doing something undesirable. Big vulnerability surface is bad. Tiny vulnerability surface is good.

16. End-to-End Encrypted, Mutually Authenticated, Secure Channels enable granular authorization decisions

    at the application layer.
17. None
18. None
19. None

20. Sender: • Needs to know the route to a destination,

    makes that route the onward_route of a new message • Makes its own address the the return_route of the new message Replier: • Makes return_route of incoming message, onward_route of outgoing message • Makes its own address the the return_route of the new message
21. None
22. None
23. None
24. None
25. None

26. Sender: • Needs to know the route to a destination,

    makes that route the onward_route of a new message • Makes its own address the the return_route of the new message Hop: • Removes its own address from beginning of onward_route • Adds its own address to beginning of return_route Replier: • Makes return_route of incoming message, onward_route of outgoing message • Makes its own address the the return_route of the new message
27. None
28. None
29. None
30. None
31. None
32. None
33. None
34. None

35. Initiator Responder app echoer 4000

36. None
37. None
38. None

39. Initiator Responder app echoer 4000

40. Middle Responder h1 echoer 4000 Initiator app 3000

41. None
42. None
43. None
44. None

45. Middle Responder h1 echoer 4000 Initiator app 3000

46. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 The shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange

47. Middle Responder h1 echoer 4000 Initiator app 3000

48. None
49. None
50. None
51. None

52. Middle Responder h1 echoer 4000 Initiator app 3000

53. Middle Responder h1 echoer 4000 Initiator app 3000

54. Middle Responder Forwarder echoer 4000 Initiator app 3000

55. None
56. None
57. None
58. None

59. Middle Responder Forwarder echoer 4000 Initiator app 3000

60. None
61. None
62. None
63. None
64. None

65. Mrinal Wadhwa CTO, Ockam mrinal github.com/ockam-network/ockam github.com/ockam-network/ockam/tree/develop/examples/elixir/get_started All code examples

    from this talk: