Meet Eliza & Marvin

 

We hereby confirm that:

 

  • pi-lar GmbH is not under liquidation or is not an enterprise under difficulty according to the Commission Regulation No 651/2014, art. 2.18
  • The project neuropil is based on the original works and going forward any foreseen developments are free from third party rights, or they are clearly stated
  • It is not excluded from the possibility of obtaining EU funding under the provisions of both national and EU law, or by a decision of both national or EU authority,
  • All statements embodied in the Declaration of honour have been understood and accepted.

 

Cologne, 27.05.2020

Security of the Past: Limitations

only protection of bilateral IP connections

 

not protecting different data objects, but apis

 

unsuited for rapid change of data owners or data channels

static design: build once, run forever

 

new requirements vs. security design

 

introduce security exceptions on change

Security of the Future: ZeroTrust

trust perimeter has changed

 

fragmented information (flows) need protection

 

authn/authz must be possible everywhere

 

data objects governed by attribute-based access policies (ABAC)

define trust levels for data objects / entities

 

fine grained access to objects possible

 

more insights means minimizing risk

 

Never trust, always verify

Security for Ecosystems:

Zero Trust / Access Policies

data object interactions main driver for future IT architecture

 

devices produce and consume data at the same time

 

respect different data owners per device

 

if one fails, all suffer!

business agility: enables companies to adapt & survive

 

switch to a different service provider is easy

 

change policies in days (rather than months)

 

enables data reduction and data economy

Legal Dimension

Economic Dimension

Social Dimension

Environment Dimension

Security for Ecosystems:

Realibilty in four dimensions

trusted B2B

mesh network

connects everything:

 

devices, edge, applications,

users, processes, enterprises

 

with the help of

neuropil

Security First

  • digital identities

  • dual encryption layer (transport and end-to-end)

  • attribute based access control

  • decentralized access delegation

  • object level permissions via security token

  • limit packet size / throughput

  • standardized security measures (OSI Layers 1-7)

  • ... and more

(see also: OWASP API Security)

Privacy First

  • stacked/pseudonymized identities
  • transport layer privacy
  • addressing and discovery is hash based (Blabe2b)
  • DHT to protect from metadata discovery
  • "blind" broker nodes
  • stay secure behind closed firewalls
  • packet segmentation

  • ... and more

 

(see also: OWASP Privacy risks)

neuropil.org

protocol development & standardization

technical security stack definition

responsible disclosure handling

neuropil.io

base service layer

organizational security definition / enforcement

compliance & reviews

neuropil.com

​Add-On business services

Consulting & Development

where are we going?

neuropil.org

  • protocol definition & verification (6 months)
  • protocol documentation & standardization (6 months)
  • creation of governance body / structures (6 months)
  • foundation of european social enterprise

 

where are we going?

With the help of NGI POINTER we plan to build our foundation

NGI and friends are invited to join!

neuropil.org /  approx. 60.000 €

  • protocol version 1.0 & standardization (6 months)
  • creation of governance body / structures (6 months)
  • foundation of european social enterprise

 

where are we going?

NGI and friends are invited to join the foundation!

With the help of NGI POINTER we plan to build our

organizational foundation

  • protocol definition & verification (6 months) / approx. 15.000 €
    • distributed time measurements (reusing existing definitions)
      • re-use DHT and existing NTP structures
      • use neighbor nodes and latencies / jitter to set local time
      • either as a standalone node, or in combined mode

 

where are we going?

With the help of NGI POINTER we plan to strengthen our

technical foundation

  • protocol definition & verification (6 months) / approx. 20.000 €
    • definition of the realm protocol messages
      • a „realm“ is a separate digital entity / identity
      • Acting either as an authentication, authorization or accounting service
      • similar to a PKI, but more powerful in ad hoc scenarios
      • allowing to remote control small devices

 

where are we going?

With the help of NGI POINTER we plan to strengthen our

technical foundation

  • protocol definition & verification (6 months) / approx. 15.000 €

 

where are we going?

With the help of NGI POINTER we plan to strengthen our

technical foundation

Easy to use

  • hiding cryptographic complexity
  • installed as a OS library
  • remote token attestation
  • python / lua binding available
  • supporting
    • organizational security (e.g. SIEM)
    • enterprise architecture map (e.g. RAMI 4.0)
  • ... and more

Let's
chat!

NGI Pointer slides

By Stephan Schwichtenberg

NGI Pointer slides

trying to explain the new security stack

  • 191

More from Stephan Schwichtenberg