vs.
how to enable
secure, scalable, souvereign
data communication
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Dipl. Ing. (FH), MBA
Stephan Schwichtenberg
- founder of pi-lar GmbH 2014
- current focus on Enterprise Architecture // Enterprise Security
- since 2020 speaker of BITMI IT - Security Group
- Over 25 years of working experience in IT projects
- open source development of Neuropil cybersecurity mesh since 2016
Approach:
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Consequences:
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Complexity & Protocol fragmentation:
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Quelle: https://commons.wikimedia.org/wiki/File:Cognitive_bias_codex_en.svg // License CC 4.0
Inspiration by
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
IP
Hash
IP
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Inspiration by
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Inspiration by
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Inspiration by
Inspiration by
Issuer
Holder
Verifier
signs claim
countersign
verify claim
present
issue
decentralized data access
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
defines trust levels for data objects / smaller groups
fine grained access to objects possible
more insights means minimizing risk
Never trust, always verify
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
A composable and scalable approach to extending security controls, even to widely distributed assets. It's flexibility is especially suitable for increasingly modular approaches consistent with hybrid multi-cloud architectures.
Gartner
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Identity
H(I1)
Node
H(N1)
Data
Node
H(N2)
Data
Identity
H(I2)
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Identity
H(I1)
Node
H(N1)
Subject
Node
H(N2)
Subject
Identity
H(I2)
+ attributes
+ attributes
tcp/udp/ip/pas
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Identity
Node
+ attributes
Node
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Identity
Node
Subject
e2e session
+ attributes
+ attributes
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Identity
Node
Subject
Identity
Node
Subject
e2e session
+ attributes
+ attributes
+ attributes
+ attributes
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
secure, scalable, souvereign data integration
c-library, runs anywhere, footprint 1MB
DHT allows enforcement of good security practice
modern cryptographic algorithms / data protection
needs integration into products
Python binding available
implementation as a side car proxy
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
SSI / digital identities (OIDC)
dual encryption layer (transport and end-to-end)
attribute based access control
decentralized access delegation
object level permissions via security token
limit packet size / throughput
standardized security measures (OSI Layers 1-7)
... and more
(see also: OWASP API Security)
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
(see also: OWASP Privacy risks)
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
2016
2019
2020
2021
2022
open source
NGI Zero funding
Beta release
HM 2020 exhibition
NGI Assure: LDTS / DTP
production ready
Fed4Fire: scaleup testbed
Gartner: CyberSecurity Mesh
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Neuropil is a project that wants to turn the tables on online search and discovery: instead of search solutions calling the shots, data owners decide what content is publicly searchable in the first place.
They can do this through their cybersecurity mesh that is private and secure by design. Data owners can send cryptographic and unique so-called intent messages that state what specific information can be found where.
The access to the actual information or content is also controlled by data owners, for instance to provide either paid or public free content.
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
bm25 - 5kmer - space
org-science-AI space
H256(X)
0...
8...
4...
c...
your-private space
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
The neuropil cybersecurity mesh will be updated to a first production ready release. Two new concepts will be integrated:
Distributed Time: A decentralized approach to the concept of "time" as a fundamental building block for any IT landscape will be incorporated into the cybersecurity mesh.
Democratic Access Control: By introducing the four conceptual roles of judicial, legislative, executive and informational entities the project lays down the foundation for an faster and easier exchange of cybersecurity information throughout the enterprise
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
neuropil.org
Protocol Definition
Governance
neuropil.io
Protocol Implementation
Core Services
neuropil.com
Business Projects
Data Services
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
OpenCollective Funding
Governance base on Democratic Access Control
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
data object interactions main driver for future IT architecture
devices produce and consume data at the same time
respect different data owners per device
if one fails, all suffer!
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
business agility: enables your company to adapt and survive
switch to a different service provider is easy
change policies in days (rather than months)
enables data reduction and data economy
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Legal
Economic
Environment
Social
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
Reality vs. CyberSecurity - IT-Forum FZ Jülich - 27.02.2024
www.neuropil.org
messaging & security protocol for ecosystems
benefit for easy data sharing with full control over data flows
open source development to establish trust
apply end-to-end principle for data objects
development started in 2014
2016: first exhibition @FROSCON
2019: NGI Zero / EU funded
2020: market-ready HMI 2020
IDSA certification & looking for partners
digital identities
dual encryption layer
attribute based access control
decentralized access delegation
... and more
stacked identities (realm / audience)
addressing hash based
DHT to protect metadata discovery
... and more
installed as a OS library
connect once, communicate globally
python / lua binding available
identity / data based routing
... and more
stay secure behind closed firewalls
standardized security measures
limit packet size / throughput
"blind broker" nodes
connects everything:
devices, edge, processes,
applications, users, enterprises
...
why we joined:
rules to enforce data ownership / sovereignty
increase data quality and transparency
building european-wide ecosystems
neuropil@IDSA
decentralized (meta-data) broker
each application/device is a connector
decentralized MQTT
how to contribute to IDSA:
identity federation
resilience
high availability
e2e encrypted pub/sub streams
what's going on:
data models / participation in plugfest
governance model (idsa.neuropil.io ?) / IDS ready certification
mutual ongoing development / collaboration
"Boring Bookkeeping"
"Traveling around the world"
"Healthy Healthcare"