Asymmetric Cryptography and Secure Enclaves
This video is number seven of the Zero Trust Authentication Master Class series.
Transcription
So my name is still Jasson Casey, and we are still talking about how to build up secure access with zero-trust principles. So we just had a discussion around the ideas that asymmetric cryptography, specifically used for digital signatures, could help us eliminate a lot of the problems around passwords and password vulnerabilities.
So just so we kind of remember that, right? We were talking about, what if we could use asymmetric crypto...actually, cryptography. Can't just say crypto now because that now means something else. Specifically, a digital signature. Right?
And so we showed that in our classic example. Right? We had Alice talking to her bank, right? An access attempt. The bank issued a challenge, right? Remember, that challenge was just a random string. And, essentially, the challenge is, "Alice, prove to me that you can digitally sign this string with the private key that I know you hold that it relates to this public key," right?
So remember, this bank has this database of public keys. So Alice will then complete that signature, provide that, we call that a challenge response. And then the bank can go through its standard verification step. But essentially, it is just...remember, what came across was this payload, and this payload was essentially a random value.
But it could be a random value with a bunch of other things as well. And it had a cryptographic hash of the payload of the message written out. And then it had a signature, which is really just an encryption of this cryptographic hash of the message. And that had the effect of sealing the payload.
And so what the bank is doing is, the bank...remember, asymmetric crypto is really about keys that go two ways, right? So you have your public key, and you have your private key. And so I can use this as my encryption key, and I can use this as my decryption key. So what they do is they decrypt this encryption, and that gives them essentially the crypto-hashed value of the message.
Then they compute their own crypto hash of the message, and then they compare these two things for equality, right? So, in a nutshell, that is what's going on. And we said, "Hey, this..." When we're talking about surface area that we have to worry about from a password perspective, we have data in motion, and we have data at rest.
And we said, If we took this sort of approach, the private key doesn't have to move. Now, doesn't have to move doesn't mean doesn't move, but it doesn't have to move. And by not making it not have to move, the motion problem went away. And the data -at-rest problem drastically shrunk, right? But we didn't actually say, "How are we going to guarantee it doesn't move?"
Right? And that's what we're going to work on now. So how do we guarantee this thing doesn't move? And for that, we're going to introduce this concept of a secure enclave. So, a secure enclave is...you can think of it as a type of processor, right? You kind of have to think of it as, literally, it's its own little chip, and it may have a limited set of operations, right?
The operations may be: generate key pair, encrypt, decrypt. Right? Obviously, you have to give it a key and some data stream. Obviously, a delete key pair.
And there's some more operations, but let's just kind of stop there. So I have this little drip, we'll call it a secure enclave. And it has these operations. So it's not a general-purpose processor, right? I can't do general operations.
Oh, and it has hashing functions on there, too, cryptographic hashing functions. And we'll just say it has a list of them. So, I can send a piece of data through this secure enclave, and with a key, I can tell the secure enclave to encrypt that piece of data, right? Likewise, I can send it a piece of encrypted data, and if the right key is there, I can have it decrypt that data.
So, one other interesting property about these enclaves is, when you create keys, you can create these additional properties of the key. And, essentially, when we said this was a processor, we left out a couple of things. This processor has some storage. It's a small amount of storage, and it's called secure storage.
And the idea is it's tamper resistant. So I can store things in that processor that no one can get at. So here's an interesting idea. So I have this computer, right? We're back to Alice's computer. And, you know, her computer's got the typical processor on it. But then let's say it also has the secure enclave on it.
Right? Over here. I could create an asymmetric key in that processor. And I could create it with the property that it has to basically stay in the secure enclave. Right?
So what that guarantees when I create it that way is there's no way to actually copy the key out, right? So how do I use the key for this example? Well, the answer is, I send data to the processor and say, "Sign this data with that key," or, "Encrypt this data with that key," and I will get back the encrypted string, right? So there's a really interesting property here.
That property is, if the key is created in a way that can't leave the processor, the key is never in memory in that machine. If it's never in memory, it's also never in disk, right? So remember, we said, with the data at rest, I drastically shrank the problem. But it didn't really provide any structural guarantees that the key couldn't be removed, the private key couldn't be removed from Alice's machine.
Well, if I create and I start to use secure enclaves, I can actually now provide those structural guarantees that, number one, not only can the key not leave Alice's laptop, but the key will never exist in the most vulnerable portions of Alice's laptop, its drives and its memory. So things like memory attacks, cold boot attacks, all those sorts of things, they'll work at getting data off the file system and out of memory.
But they're not going to work on things in the enclave, right? Because they're actually in the enclave. Now, there's a lot of other interesting properties of the enclave that we're kind of reserving to talk about in the next couple of sections. But, if I really want to make gains on authentication and drastically reduce the problem space, right? Because I would say, you know, not just here at Beyond Identity, but engineers all around the world, really good engineers, the way they tackle intractable problems or what seems to be intractable problems, is they change the rules, right?
And we look at it as no different. If I have a huge surface area that I really have to worry about, right? I could build a mousetrap and do all sorts of crazy things, and that's what a lot of us are doing. But if there's some way for me to shrink the surface area and then worry about protecting that much smaller thing, this is where I'd rather spend my time.
So a lot of our engineering effort, a lot of our design effort, is really about how do we change the equation to where the surface area looks like this and not like that? So the first step is to move from shared secrets to asymmetric crypto, which we showed in kind of this example. And then the next step is to use the secure enclaves that exist on almost all commodity equipment to really guarantee that where that private key lives is really, really, really small.
So the last thing I'll talk about is...secure enclaves, I'm sure you've heard about them. You've heard about TPM or TPM2. You've probably heard about the T2 chip from Apple. You've probably heard about... What is it? TrustZone and ARM. And it turns out, every chip vendor has a flavor of their technology.
Not only chip vendors, but cloud vendors do as well. So AWS now has an AWS instance called Nitro. And when you're running a Nitro EC2 instance, you can actually create enclaves. It turns out, the other cloud providers have similar technology, right? Whether it's Azure Microsoft, Google, and, I believe, Oracle and IBM have similar.
So, since about 2016, 2017, consumer electronics all have some form of this technology. So, in the next section, we're going to keep building up our example, using asymmetric crypto and enclaves to actually work it into a more realistic authentication.