logo
allArticlesConferencesPresentations

B’Envoy-age to Pre-Quantum Encryption

Conference:  KubeCon + CloudNativeCon North America 2022

2022-10-28

Authors:   Doron Podoleanu, Daniel Rouhana, Emma Dickenson

Summary

The presentation discusses the need for upgrading encryption systems in Cloud native production systems and proposes the formation of a technical advisory group to coordinate and govern community efforts to deliver the required changes.
  • Major Cloud providers have already been working on upgrading their encryption systems for a few years
  • Upgrading the entire stack of encryption systems in Cloud native production systems involves multiple dependencies and requires toll planning and execution
  • A technical advisory group should be formed to coordinate and govern community efforts to deliver the required changes
  • Istio provides critical East-West authentication and authorization via Mutual TLS
  • The speaker demonstrates the use of Envoy and Istio in a live demonstration of a book info demo
The speaker demonstrates the use of Envoy and Istio in a live demonstration of a book info demo to show how Istio provides critical East-West authentication and authorization via Mutual TLS.

Abstract

Reverse proxies, services meshes and API Gateways are booming as the cloud native motion soars and eats the world. Meanwhile, the implications of fault-tolerant quantum computers and the variety of actors pursuing such capabilities threaten the underlying security and integrity of widely used software and network stacks. What happens to cloud native stacks, organizations which operate cloud stacks and to the operators when faced with an adversary who possesses a quantum computer? The issue necessitated the development of novel protocols and schema to protect the free flow of information across the internet. While public cloud providers are leading the industry charge in that aspect, the most popular reverse proxies, service meshes, and other commonly used software seems to not address those issues. In this panel we would like to share with you our work which includes the inception of quantum resistant cloud stack. We are porting Envoy and Istio to run quantum resistant cryptography algorithms across the stack thus incepting quantum resistant cloud native stack. We hope to see continued expansion of the effort is needed to cover multiple projects, undoubtedly with the help of the open-source community.
Materials:
Slides
Tags:
Quantum computers
Security
integrity
protocols
schema

Post a comment

Related work

StackMoonwalk: A Novel approach to stack spoofing on Windows x64

Conference:  Defcon 31
Authors: Alessandro Magnosi Principal Security Consultant - BSI, Arash Parsa, Athanasios "trickster0" Tserpelis Red Teamer and Malware Developer
2023-08-01

eBPF 201: Supercharging Your eBPF Dev Process for Cloud Native Apps

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Sanjeev Rampal, Donald Hunter
2023-04-20

Simplifying Service Mesh Operations with Flux and Flagger

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Stefan Prodan, Mitch Connors
2022-05-20

Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Conference:  BlackHat USA 2019
Authors:
2019-08-07

Keynote: RISC-V: The Lowest Layer of the Cloud-Native Landscape

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Daniel Mangum, Carlos Eduardo de Paula

Design Patterns for OPA and Cloud Native Authorization

Conference:  CloudOpen 2022
Authors: Tim Hinrichs
2022-06-23