Upgrade to Pro — share decks privately, control downloads, hide ads and more …

End-to-End Encryption in Elixir with Ockam

End-to-End Encryption in Elixir with Ockam

Machines, within distributed applications, operate by exchanging messages with cloud services and other remote machines. Secure, private, and trustworthy connected applications must protect these messages from eavesdropping, tampering, and forgery.

Ockam is a suite of open source programming libraries and infrastructure that make it simple for applications to dynamically create end-to-end encrypted, mutually authenticated, granularly authorized, lightweight secure channels that protect messages, end-to-end — from their source to their destination.

This enables secure communication between application layer entities that are not directly connected by simple point-to-point transport connections. En-route encrypted messages can travel over multiple transport layer connections and can be stored in message queues, databases or caches for asynchronous, end-to-end protected communication between entities that may not be online at the same time.

In this talk, we’ll dive into the design of Ockam’s Elixir libraries and the protocols they implement to provide end-to-end secure and private communication.

Mrinal Wadhwa

October 15, 2021
Tweet

More Decks by Mrinal Wadhwa

Other Decks in Programming

Transcript

  1. The operating environment of a typical application looks like this.

    Internet Infra Network Machine Application
  2. The operating environment of a typical application looks like this.

    Internet Application Cloud / Data Center / Home / Hospital / Factory … VPC / Kubernetes / NAT / Edge / No-IP wireless / Industrial VM / Container / K8s Pod / Rack Server / IoT 
 Industrial / Embedded / Edge Device
  3. Distributed applications work by sending each other messages across networks,

    over the Internet. Internet Infra Network Machine Application Internet Infra Network Machine Application Data, Commands, Acknowledgments, Configuration & Software Updates
  4. To be secure both sides must check incoming messages for

    integrity and authenticity. Internet Infra Network Machine Application Internet Infra Network Machine Application Message Integrity & Authenticity Sender Identi fi cation & Authentication Authorization There is a complex set of cryptographic protocol guarantees that go into delivering those checkmarks.
  5. To ensure user privacy and to protect business data both

    sides must have control of data con fi dentiality and access. Internet Infra Network Machine Application Internet Infra Network Machine Application Message Integrity & Authenticity Sender Identi fi cation & Authentication Authorization Con fi dentiality There is a complex set of cryptographic protocol guarantees that go into delivering those checkmarks.
  6. Internet Infra Firewalls / VPN / TLS termination Machine Application

    Internet Infra Machine Application Traditional approach is to check our message guarantees at network boundaries. Firewalls / VPN / TLS termination
  7. Internet Infra VPN Internet Infra VPN But network boundaries typically

    have hundreds of machines and thousands of applications within them.
  8. Internet Infra VPN Internet Infra VPN All code in both

    networks must have no weaknesses for an application developer’s work to be secure.
  9. Lab 1 Lab 2 Lab 500 Cloud AZ 1 Cloud

    AZ 2 Data Center 1 Data Center 2 All code in all deployment networks must have no weaknesses for an application developer’s work to be secure.
  10. Lab 1 Lab 2 Lab 500 Cloud AZ 1 Cloud

    AZ 2 Data Center 1 Data Center 2 Gateways Event Streams Pub/Sub Queues All code in all deployment networks and all service provider networks must have no weaknesses for an application developer’s work to be secure. This also violates the principle of least privilege
  11. Goal: Dependable, Trustworthy, Reliable applications To build a secure and

    private application that can be trusted by users and customers - we need to minimize the chances (vulnerability surface) of someone tricking our application into doing something undesirable. Big vulnerability surface is bad. Tiny vulnerability surface is good.
  12. Sender: • Needs to know the route to a destination,

    makes that route the onward_route of a new message • Makes its own address the the return_route of the new message Replier: • Makes return_route of incoming message, onward_route of outgoing message • Makes its own address the the return_route of the new message
  13. Sender: • Needs to know the route to a destination,

    makes that route the onward_route of a new message • Makes its own address the the return_route of the new message Hop: • Removes its own address from beginning of onward_route • Adds its own address to beginning of return_route Replier: • Makes return_route of incoming message, onward_route of outgoing message • Makes its own address the the return_route of the new message
  14. Initiator Responder Shared Secret Shared Secret M1 M2 M3 M4

    M5 The shared secret is then used as a key in Symmetric Key Cryptography to maintain con fi dentiality and integrity of application data. Application Data - Authenticated Encryption The entities involved use Public Key Cryptography to authenticate each other and agree on a shared secret. Authenticated Key Exchange