Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Identiverse 2021 - Cryptographic Protocols for ...

Avatar for Mrinal Wadhwa Mrinal Wadhwa
June 23, 2021
0
55

Identiverse 2021 - Cryptographic Protocols for Machine Identities and Credentials

Avatar for Mrinal Wadhwa

Mrinal Wadhwa

June 23, 2021
Tweet

More Decks by Mrinal Wadhwa

See All by Mrinal Wadhwa
End-to-End Encryption in Elixir with Ockam
Avatar for Mrinal Wadhwa mrinalwadhwa
0
300
End-to-End Encryption
Avatar for Mrinal Wadhwa mrinalwadhwa
0
150
End-to-end encryption with BEAM and Elixir
Avatar for Mrinal Wadhwa mrinalwadhwa
1
79
Cryptographic Protocols for a Secure and Private IoT
Avatar for Mrinal Wadhwa mrinalwadhwa
0
49
Trust Architectures in IoT
Avatar for Mrinal Wadhwa mrinalwadhwa
0
140
Privacy, a competitive advantage.
Avatar for Mrinal Wadhwa mrinalwadhwa
0
120
Fighting Complexity in Elixir
Avatar for Mrinal Wadhwa mrinalwadhwa
0
240
IoT needs Secure Messaging and How Rust Can Help
Avatar for Mrinal Wadhwa mrinalwadhwa
1
200
Just Enough Math to Understand Elliptic Curve Cryptography
Avatar for Mrinal Wadhwa mrinalwadhwa
1
550

Featured

See All Featured
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
760
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
72
4.9k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.4k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.9k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
58
9.5k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.7k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
431
65k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
10
720

Transcript

  1. JUNE 2021 Cryptographic Protocols for Machine Identities and Credentials Mrinal

    Wadhwa CTO, Ockam

  2. IoT will have an economic impact between $4 trillion and

    $11 trillion, by 2025. Source: McKinsey & Company
  3. None
  4. None

  5. JUNE 2021 1. Implicit trust in network boundaries. Source: Dragos

    - Industrial Control Systems, CyberSecurity, Year in Review 2019 & 2020 Root causes
  6. None

  7. JUNE 2021 1. Implicit trust in network boundaries . 2.

    Lack of end-to-end data integrity and con fi dentiality. Root causes

  8. Least Privilege. Principle of Every program and every privileged user

    of the system should operate using the least amount of privilege necessary to complete the job.” — Jerome Saltzer, Communications of the ACM, 1974

  9. Heart Rate Monitor Heart Rate Application

  10. Heart Rate Monitor Heart Rate Application

  11. Heart Rate Monitor Heart Rate Service Heart Rate Application

  12. Heart Rate Monitor Heart Rate Service 80 bpm Heart Rate

    Application

  13. Heart Rate Monitor Heart Rate Service 80 bpm Heart Rate

    Application

  14. The phone may not be online all the time so

    the service also caches this data to deliver it later … Heart Rate Monitor Heart Rate Service 80 bpm Heart Rate Application

  15. Initiator Responder Shared Secret Shared Secret M1 M2 M3 The

    shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange D Secure Channel

  16. THREAT DESIRED PROPERTY S Spoo fi ng identity Identi fi

    cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con fi dentiality D Denial of service Availability E Elevation of privilege Authorization Note that this model is very high level, there is massive amounts of nuance in dealing with each of the rows. The STRIDE threat model can help us evaluate every message.

  17. Coming back to our heart rate solution, for secure communication

    … Heart Rate Monitor Heart Rate Service Heart Rate Application

  18. Heart Rate Monitor Heart Rate Service Secure Channel We setup

    a secure channel between the monitor and the service. Heart Rate Application

  19. Heart Rate Monitor Heart Rate Service Secure Channel Secure Channel

    And another secure channel between the phone and the service. Heart Rate Application

  20. Heart Rate Monitor Heart Rate Service Transport Layer Security Transport

    Layer Security Since these devices have direct access to the internet, with TLS … Heart Rate Application

  21. Heart Rate Monitor Heart Rate Service 80 bpm Transport Layer

    Security Transport Layer Security Heart Rate Application

  22. Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… Transport

    Layer Security Transport Layer Security Heart Rate Application

  23. Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80

    bpm Transport Layer Security Transport Layer Security Heart Rate Application

  24. Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80

    bpm 0x8621f842… Transport Layer Security Transport Layer Security Heart Rate Application

  25. Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80

    bpm 0x8621f842… 80 bpm This type of setup is industry best practice. Transport Layer Security Transport Layer Security Heart Rate Application

  26. Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80

    bpm 0x8621f842… 80 bpm But even when we manage to setup the channels correctly the data is still exposed to the service. 
 The service doesn’t need to know the contents of the message to route and cache messages (its primary job). Transport Layer Security Transport Layer Security Heart Rate Application

  27. Route on/off instructions. Connected Outlet Connected Outlet Application Connected Outlet

    Service

  28. Route open/close instructions. Connected Lock Connected Lock Application Connected Lock

    Service

  29. Route/Cache sensor data, alerts and videos. Camera Door Bell Camera

    Door Bell Application Camera Door Bell Service

  30. Gateway Flood Warning Sensor Multiple transport protocols in the path

    of one message. TCP TCP Flood Monitoring System Sensors Vendor’s Service LPWAN

  31. Gateway Flood Warning Sensor Flood Monitoring System Sensors Vendor’s Service

    TLS TLS LPWAN

  32. Messages, within modern applications, rarely flows over a single, direct,

    point-to-point transport connection.
  33. None
  34. None
  35. None
  36. None

  37. Secure Channel implementations are usually tightly coupled with the length

    and duration of the underlying transport layer connection.

  38. Data integrity and confidentiality guarantees are lost at every transport

    connection hop.

  39. JUNE 2021 1. Implicit trust in network boundaries . 2.

    Lack of end-to-end data integrity and con fi dentiality . 3. Lack of mutual authentication. Root causes
  40. None
  41. None

  42. JUNE 2021 1. Implicit trust in network boundaries . 2.

    Lack of end-to-end data integrity and con fi dentiality . 3. Lack of mutual authentication . 4. Poor management of keys and credentials. Root causes

  43. JUNE 2021 End-to-end Encrypted
 Secure Channels

  44. Initiator Responder Shared Secret Shared Secret M1 M2 M3 The

    shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange D Secure Channel

  45. Heart Rate Monitor Heart Rate Service 80 bpm 0x217c5111… 80

    bpm 0x8621f842… 80 bpm But even when we manage to setup the channels correctly the data is still exposed to the service. 
 The service doesn’t need to know the contents of the message to route and cache messages (its primary job). Transport Layer Security Transport Layer Security Heart Rate Application

  46. Heart Rate Monitor Heart Rate Application Heart Rate

  47. None
  48. None
  49. None
  50. None

  51. TLS IP TCP Application

  52. TLS TCP Application TCP Application Routing Secure Channels IP IP

  53. None
  54. None

  55. TCP Application Routing Secure Channels IP

  56. TCP Application Routing Secure Channels IP UDP WebSocket HTTP

  57. TCP Application Routing Secure Channels IP UDP WebSocket HTTP Bluetooth

    LPWAN

  58. THREAT DESIRED PROPERTY S Spoo fi ng identity Identi fi

    cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con fi dentiality D Denial of service Availability E Elevation of privilege Authorization Note that this model is very high level, there is massive amounts of nuance in dealing with each of the rows. The STRIDE threat model can help us evaluate every message.

  59. JUNE 2021 Device Enrollmen t Leased API access token s

    Firmware Updat e Find my lost device …

  60. JUNE 2021 Privacy Contexts & Identity Profiles

  61. JUNE 2021 Selective Disclosure

  62. JUNE 2021 Anonymous Credentials

  63. JUNE 2021 Zero Knowledge Proofs Mozilla is using Non-Interactive Zero

    Knowledge Proofs to collect telemetry from the Firefox browser without collecting any private browser usage. A large subset of IoT use cases is telemetry collection.

  64. JUNE 2021 Federated Learning Google Keyboard learns out-of-vocabulary words on

    mobile phones without exposing sensitive text to servers. 
 Connected sensors could similarly learn to improve accuracy while preserving privacy.

  65. JUNE 2021 Homomorphic Encryption

  66. None

  67. JUNE 2021 Mrinal Wadhw a github.com/ockam-network/ocka m twitter.com/mrinal