logo

B’Envoy-age to Pre-Quantum Encryption

2022-10-28

Authors:   Doron Podoleanu, Daniel Rouhana, Emma Dickenson


Summary

The presentation discusses the need for upgrading encryption systems in Cloud native production systems and proposes the formation of a technical advisory group to coordinate and govern community efforts to deliver the required changes.
  • Major Cloud providers have already been working on upgrading their encryption systems for a few years
  • Upgrading the entire stack of encryption systems in Cloud native production systems involves multiple dependencies and requires toll planning and execution
  • A technical advisory group should be formed to coordinate and govern community efforts to deliver the required changes
  • Istio provides critical East-West authentication and authorization via Mutual TLS
  • The speaker demonstrates the use of Envoy and Istio in a live demonstration of a book info demo
The speaker demonstrates the use of Envoy and Istio in a live demonstration of a book info demo to show how Istio provides critical East-West authentication and authorization via Mutual TLS.

Abstract

Reverse proxies, services meshes and API Gateways are booming as the cloud native motion soars and eats the world. Meanwhile, the implications of fault-tolerant quantum computers and the variety of actors pursuing such capabilities threaten the underlying security and integrity of widely used software and network stacks. What happens to cloud native stacks, organizations which operate cloud stacks and to the operators when faced with an adversary who possesses a quantum computer? The issue necessitated the development of novel protocols and schema to protect the free flow of information across the internet. While public cloud providers are leading the industry charge in that aspect, the most popular reverse proxies, service meshes, and other commonly used software seems to not address those issues. In this panel we would like to share with you our work which includes the inception of quantum resistant cloud stack. We are porting Envoy and Istio to run quantum resistant cryptography algorithms across the stack thus incepting quantum resistant cloud native stack. We hope to see continued expansion of the effort is needed to cover multiple projects, undoubtedly with the help of the open-source community.

Materials:

Post a comment

Related work

Conference:  Defcon 31
Authors: Alessandro Magnosi Principal Security Consultant - BSI, Arash Parsa, Athanasios "trickster0" Tserpelis Red Teamer and Malware Developer
2023-08-01


Authors: Stefan Prodan, Mitch Connors
2022-05-20



Conference:  CloudOpen 2022
Authors: Tim Hinrichs
2022-06-23