Open Source
enabler for
secure, scalable, souvereign
data communication
only protection of bilateral IP connections
not protecting different data objects, but apis
unsuited for rapid change of data owners / new data channels
static design: build once, run forever
new requirements vs. security design
introduce security exceptions on change
secure, scalable, souvereign data integration
c-library, runs anywhere, footprint 1MB
DHT allows enforcement of good security practice
modern cryptographic algorithms / data protection
needs integration into products
Python binding available
implementation as a side car proxy
inspired by
IP
Hash
IP
inspired by
inspired by
Reliability
Availability
inspired by
inspired by
SSI / digital identities (OIDC)
dual encryption layer (transport and end-to-end)
attribute based access control
decentralized access delegation
object level permissions via security token
limit packet size / throughput
standardized security measures (OSI Layers 1-7)
... and more
(see also: OWASP API Security)
... and more
(see also: OWASP Privacy risks)
defines trust levels for data objects / smaller groups
fine grained access to objects possible
more insights means minimizing risk
Never trust, always verify
Identity
H(I1)
Node
H(N1)
Subject
Node
H(N2)
Subject
Identity
H(I2)
Identity
H(I1)
Node
H(N1)
Subject
Node
H(N2)
Subject
Identity
H(I2)
+ attributes
+ attributes
tcp/udp/ip/pas
Identity
Node
+ attributes
Node
Identity
Node
Subject
Identity
Node
Subject
e2e session
+ attributes
+ attributes
+ attributes
+ attributes
Identity
Node
Subject
e2e session
+ attributes
+ attributes
2016
2019
2020
2021
2022
open source
NGI Zero funding
Beta release
HM 2020 exhibition
truzzt participation
NGI Assure: LDTS / DTP
production ready
Fed4Fire: scaleup testbed
Gartner: Cybersecurity Mesh
Neuropil is a project that wants to turn the tables on online search and discovery: instead of search solutions calling the shots, data owners decide what content is publicly searchable in the first place.
They can do this through a new messaging layer that is private and secure by design. Data owners can send cryptographic and unique so-called intent messages that state what specific information can be found where.
The access to the actual information or content is also controlled by data owners, for instance to provide either paid or public free content.
neuropil.org
Protocol Definition
Governance
neuropil.io
Protocol Implementation
Core Services
neuropil.com
Business Projects
Data Services
data object interactions main driver for future IT architecture
devices produce and consume data at the same time
respect different data owners per device
if one fails, all suffer!
business agility: enables your company to adapt and survive
switch to a different service provider is easy
change policies in days (rather than months)
enables data reduction and data economy
Legal
Economic
Environment
Social
www.neuropil.org
messaging & security protocol for ecosystems
benefit for easy data sharing with full control over data flows
open source development to establish trust
apply end-to-end principle for data objects
development started in 2014
2016: first exhibition @FROSCON
2019: NGI Zero / EU funded
2020: market-ready HMI 2020
IDSA certification & looking for partners
digital identities
dual encryption layer
attribute based access control
decentralized access delegation
... and more
stacked identities (realm / audience)
addressing hash based
DHT to protect metadata discovery
... and more
installed as a OS library
connect once, communicate globally
python / lua binding available
identity / data based routing
... and more
stay secure behind closed firewalls
standardized security measures
limit packet size / throughput
"blind broker" nodes
connects everything:
devices, edge, processes,
applications, users, enterprises
...
why we joined:
rules to enforce data ownership / sovereignty
increase data quality and transparency
building european-wide ecosystems
neuropil@IDSA
decentralized (meta-data) broker
each application/device is a connector
decentralized MQTT
how to contribute to IDSA:
identity federation
resilience
high availability
e2e encrypted pub/sub streams
what's going on:
data models / participation in plugfest
governance model (idsa.neuropil.io ?) / IDS ready certification
mutual ongoing development / collaboration
"Boring Bookkeeping"
"Traveling around the world"
"Healthy Healthcare"