Taming Attestation for the Cloud Native World with Parsec

Parsec is expanding its feature set into the world of attestation to address the security challenges of cloud native edge computing nodes.

• Cloud native edge computing nodes require hardware-backed security for secure assets like secrets and private keys.
• Hardware-backed security is platform-specific, creating a challenge for the diverse ecosystem of devices in the edge computing world.
• Attestation, the process of proving that a device is composed of an approved combination of hardware, firmware, and software, is necessary for secure communication between edge nodes and cloud services.
• Parsec, an open-source project in the CNCF sandbox, has tamed the problem of managing keys and secrets in various devices, creating a convenient and portable interface to a strong, hardware-backed device identity.
• Parsec is expanding its feature set to include attestation, and the open-source project VeriZone is being used for verification.
• Parsec's attestation feature can be used to establish a secure channel between two entities, and an extension to TLS 1.3 is being developed to include attestation in the handshake.
• Parsec's work in attestation can be consumed by the CNCF project Spire to address the security challenges of cloud native edge computing nodes.

As the number of connected devices increases, the volume and complexity of the data they generate also increases. Backhauling this data for processing centrally in the cloud becomes less feasible, leading to a drive towards processing more data locally at the edge. However, this creates a security challenge as the edge sits between the worlds of cloud and IoT devices, requiring hardware-backed security that is platform-specific. Parsec addresses this challenge by expanding its feature set to include attestation, which is necessary for secure communication between edge nodes and cloud services.

As compute continues to move to the edge, there is an increasing need for compute nodes that are outside of the managed cloud to authenticate and communicate securely with cloud services. The need to achieve this across a diverse ecosystem of devices creates a bewildering problem for the industry. Hardware-backed security is a must when devices are in tamper-prone environments. Parsec, in the CNCF sandbox, has tamed the problem of managing keys and secrets in these various devices, creating the convenient and portable interface to a strong, hardware-backed device identity. But a key isn't always enough. Sometimes there is a need also to prove that the key was created within the device, and that the device itself is composed of an approved combination of hardware, firmware and software, booted to a known-good configuration. This is commonly known as attestation. But attestation brings its own set of portability challenges, with platform-specific APIs, flows and data formats. The advent of confidential computing adds an extra dimension of complexity as well. In this talk, you will learn how Parsec is now primed to create the portable, cloud-native approach to attestation on any platform for a variety of use cases, including secure channel bootstrap with enhanced TLS handshakes.