Long way to the auth if you want a SIGv4 roll |
Presenter: Dushan
Format: 45 mins Abstract The vast majority of authentication systems rely on pre-shared secrets that get exchanged over an encrypted channel between parties to verify each others identity. But there are several fundamental issues with this approach.
What if two services could authenticate each other without needing to share secrets, without requiring any prior trust, by leveraging the fact that they both trust the Amazon Identity and Access Management Service (IAM)...? In this presentation I am going to demonstrate how I have taken the authentication primitives provided by Amazon and decoupled signature creation from transmission in order to build an overlay protocol which enables parties to perform mutual authentication in a simple way, without needing to share secrets, while preserving all the security guarantees offered by AWS IAM. This talk will demonstrate to the audience how to build such a system, empowering them to build mutual authentication into their applications, without needing to do a significant amount of engineering, while additionally freeing them of the burden of credential management. |