What is the "Cybersecurity Fabric"? I see it mentioned a lot, but having trouble filling in details.
Update: I found the answer and the research paper[1]. Based on what I've gleaned so far, this looks pretty awesome. It's like.. Horcruxes, but the participants assemble it blindly and instead of getting a soul, you get access to something without revealing the key.
> keys are split across a decentralized network [...] so no one ever holds the full key. [...] in a breach there’s no unchecked authority exposed.
so shamir secret sharing, which requires users to coordinate to unlock vaults and get tokens, and if one key gets compromised, the attacker still has to solve the coordination problem with a threshold of other key holders. that's within the realm of things we trust today.
there are a few black boxes and flags in the description that would ordinarily get hammered pretty hard by security people who have to make decisions about this stuff, but more charitably:
I'm guessing the fabric is probably a ledger that users subscribe to and that's how it becomes decentralized? imagining how this works, tidecloak adds its fabric as a party to each users (ephemeral?) SSS vault, where the fabric would usually be a centralized dependency, but if the number of SSS parties on the user vault is 3 or greater, your fabric key also requires coordination with another party to participate in unlocking the vault, so it can only participate optionally in an SSS vault decrypt- and probably just for something like a change/recovery operation?
(I'm speculating a bit to draw out some concrete corrections, as the some of those term usages in the description would draw heavy flak in a technical sales or architecture meeting.)
SaltNHash 2 days ago [-]
So many great points raised here! Allow me to try and cover as much as possible. In a way, you can say TideCloak uses the Fabric as a key vault for (1) each user's authority (2) its own central authority. This way, even when TideCloak is completely breached, neither its users or own authority and authorization can be compromised. For simplicity, let's call those "authorities" keys. Whenever use of those keys is required, TideCloak makes a request to the Fabric, and as a swarm, the Fabric manifest that request in a multi-party fashion (a few steps up from standard SSS) and replies with the required artefact (access token, ephemeral decryption keys, signed consent, etc) in such a way that the secret keys are never assembled or exposed. Tidecloak itself, therefore, holds no user credentials or root certificate, so a breach of the IAM or an administrator is far less consequential. That API request is, for all intents and purposes, the coordination you mentioned. The Fabric is a "centralized dependency" as much as DNS is, or the internet. Yes, without the Fabric, those vaults are inaccessible – but the Fabric is robustly highly-available and resilient. Regarding the potential flak you mentioned, if you meant from describing the technology in high level terms, noted! If you meant because the approach we’re proposing introduces (and requires) a shift from today's paradigm, I think you’re devastatingly spot on. We’re expecting this concept to attract pushback, because it demands relinquishing centralized ownership of those authorities to some "ineffable" vault that no one can access. It's a big ask – but, it's also the only guarantee that if no one can access it, it can never be compromised. In my mind I’d liken it to the objection "on-demand hosted" architecture attracted in the early 2000s, which later became the ubiquitous "cloud". We can't avoid the resistance to change other than by continuing to push forward with the help of the significant academic scrutiny we’ve received to date, and the tailwind of a community interested in advancing it through participation.
motohagiography 20 hours ago [-]
Thank you. The challenge here is how to trust it. I think leading with stating that this is a paradigm shift is key, and then it's important to show how it pivots from first principles. Right now, the description has what appear to be proprietary product terms (fabric, ineffable, etc) where ordinarily there would be some more familiar terms of art from cryptography.
How much of this is net new, and are we asking people to suspend their disbelief?
laxk 2 days ago [-]
How does TideCloak's decentralized key architecture relate to W3C DID standards [1]? Do you see TideCloak aligning with DID Core principles in future development?
Yep - there's already a working group in the Keycloak community aligning with various standards. In our case, the Cybersecurity Fabric is the component that handles ownership, secure portability and revocation.
e12e 2 days ago [-]
> Web users can now sign up and sign in to your SPA, being served customized content to authenticated and unauthenticated users and based on their predefined roles.
They're not really being served customized content, are they? All the content is in the react app - so client side - even if not logged in?
I suppose one could argue the authz details are "served" based on login - but the example could really use an example of api/db access unless I'm missing something?
SaltNHash 2 days ago [-]
You understand it perfectly. This is an example of an SPA that displays content based on authentication/roles – all client side. This was to demonstrate the simplest, most straightforward implementation in a few minutes. If you look closer, the authentication is secure by a signed-JWT which can easily be extended to server side content customization and direct api/db access. Developers in our beta program are already doing this across ReactJS / NextJS / Java / Dotnet / PHP/ Etc.
e12e 22 hours ago [-]
Right. I hope the example can be extended to include a sample api service - as understanding how to verify the jwt, check blacklisted tokens are essential to actually using this.
I'm worried junior devs might look at such examples and believe it is real code.
ajb 2 days ago [-]
Given that IAM is used by cloud providers as a lock-in mechanism, how do you plan to get them to allow users to use your IAM? Or is this not aimed at that market?
Congrats on the launch!
SaltNHash 2 days ago [-]
Thanks. The ideal end game is for the Cybersecurity Fabric to become a de-facto standard for best practice security inside the biggest platforms in the world (Entra, Okta, AWS, Google etc). So individuals can login with Tide (i.e. with their own authority). The protectionism only works until one plucky provider decides to use an open standard and starts winning business from the others... But let's assume that's years down the track, if we're right about that.
For now we're quite happy to provide an alternative for platform developers not bound to the big end of town.
The TideCloak (Keycloak) component does provide for options like federating or synchronizing with other IAMs in greyfield enterprise environments, to stage the integration.
robto 23 hours ago [-]
Is the Cybersecurity Fabric an open standard? I didn't see any licenses in the Github repository. Is Tidecloak just an implementation of an open protocol? Or is it entirely proprietary?
whatnotests2 2 days ago [-]
Amazing. I wanted this, but didn't want to build it.
You did.
Thank you!
SaltNHash 2 days ago [-]
Cheers! The idea is that anyone can tap into the Fabric, but also participate in it (coming soon)
vednig 2 days ago [-]
Are the encryption quantum safe?
SaltNHash 2 days ago [-]
The multi-party-computation and zkps used to generate the keys, authenticate to them, encrypt / decrypt and sign with them are PQ resilient. The key presentation layer (i.e. the key standard we've currently deployed) are elliptic curve based, so in theory would be susceptible. We're already working on other key presentations, including PQC algorithms, all handled in multi-party. We're already able to manage SSH keys in the Fabric.
AlphegA 2 days ago [-]
They're working with a quantum safe research team from Wollongong Uni to create a quantum safe key. The whole scheme by itself is based on shamir SS that is quantum safe.
dboreham 2 days ago [-]
A common weakness in schemes like this is that the user has to trust that the decentralized network operators don't collude and don't all have the same vulnerabilities.
SaltNHash 2 days ago [-]
Absolutely true! And that’s only half of it. In schemes like this, how can you even tell the operators are following protocol? How do you know it's not a façade? At the edge of all those schemes, there's a point where you simply must rely on blind trust. Solving this challenge was one of our greatest motivations – and the only way to replace blind trust is through total verifiability. As far as we’re aware, our approach is the only one that allows verifiability on all facets: 1) access to source code, 2) having the ability to verify client-side code in run-time is another (in two different ways), and 3) last, but most important, anyone can opt to run parts of their keys on their own privately hosted nodes – so even if the entire network is colluding, you have the guarantee your own nodes aren't. Happy to elaborate.
Rendered at 20:43:56 GMT+0000 (Coordinated Universal Time) with Vercel.
Update: I found the answer and the research paper[1]. Based on what I've gleaned so far, this looks pretty awesome. It's like.. Horcruxes, but the participants assemble it blindly and instead of getting a soul, you get access to something without revealing the key.
[1]: https://arxiv.org/abs/2309.00915
https://blog.cloudflare.com/red-october-cloudflares-open-sou...
so shamir secret sharing, which requires users to coordinate to unlock vaults and get tokens, and if one key gets compromised, the attacker still has to solve the coordination problem with a threshold of other key holders. that's within the realm of things we trust today.
there are a few black boxes and flags in the description that would ordinarily get hammered pretty hard by security people who have to make decisions about this stuff, but more charitably:
I'm guessing the fabric is probably a ledger that users subscribe to and that's how it becomes decentralized? imagining how this works, tidecloak adds its fabric as a party to each users (ephemeral?) SSS vault, where the fabric would usually be a centralized dependency, but if the number of SSS parties on the user vault is 3 or greater, your fabric key also requires coordination with another party to participate in unlocking the vault, so it can only participate optionally in an SSS vault decrypt- and probably just for something like a change/recovery operation?
(I'm speculating a bit to draw out some concrete corrections, as the some of those term usages in the description would draw heavy flak in a technical sales or architecture meeting.)
How much of this is net new, and are we asking people to suspend their disbelief?
[1] https://www.w3.org/TR/did-core/
They're not really being served customized content, are they? All the content is in the react app - so client side - even if not logged in?
I suppose one could argue the authz details are "served" based on login - but the example could really use an example of api/db access unless I'm missing something?
I'm worried junior devs might look at such examples and believe it is real code.
Congrats on the launch!
For now we're quite happy to provide an alternative for platform developers not bound to the big end of town.
The TideCloak (Keycloak) component does provide for options like federating or synchronizing with other IAMs in greyfield enterprise environments, to stage the integration.
You did.
Thank you!