- US
- 12120097
Bio
As a part of the Quantum-Safe Cloud and Systems group at IBM Research, Zurich, I work on applied security focusing on key/secrets management, PKI, HSM’s and securing applications against threats from a quantum computer. Hands-on with contributions to IBM cloud Key Protect, Hyper Protect Crypto Service, Secrets Manager and IBM Kubernetes Service.
Work Summary:
-
Enabled Quantum Safe (Q-Safe) support in different frameworks, and components. Specifically, Q-Safe TLS in Postgres, Java based Netty, Java gRPC, Envoy, a full implementation of a Q-Safe service mesh for OpenShift clusters, and a Q-Safe PKI implementation in Hashicorp Vault
-
Led the design and implementation of a private PKI with different Crypto backends for IBM cloud Secrets manager with support for HPCS, Thales and Marvell HSM’s
-
Led the design and implementation of certificate life cycle management using the ACME protocol with asynchronous issuance and automated renewal.
- This work is deployed and available via IBM Cloud Secrets Manager
-
Co-led the implementation and delivered TLS handshake termination using Hyper Protect Crypto Service (HPCS). TLS establishment is transparently intercepted by a custom implementation of openssl engine that forwards signature requests to the HSM holding the private key, enabling TLS termination without the risk of exposing long term private keys.
- This is integrated into IBM cloud Hyper Protect Crypto Service, and IBM cloud Openshift
-
Co-led the design and led the implementation of a performant and scalable middleware for Hardware Security Modules (HSM). These additions increased the throughput for key operations by 3x - 10x, and latency by a factor of 50.
- Currently deployed in all regions of IBM Cloud Key Protect
-
Contributed to the enablement of the first Hyper Protect Crypto service (HPCS) demo at THINK-2018, and was the key enabling factor to ramp the HPCS product offering in IBM Cloud
Patents
- US
- 12105985
- TW
- I854448
- JP
- 7438607
- US
- 11689375
- US
- 11575508
- US
- 11456867
- DE
- 11 2018 004 332
- US
- 11416633
- CN
- ZL201880070639.3
Projects
Quantum Threat and Quantum-Safe Migration
Blog posts
Bringing quantum-safe security to IBM Quantum Platform, and the world
NewsChristopher Codella, Michael Maximilien, Paula Austel, Paul Schweigert, Mariam John, Navaneeth Rameshan, Martin Schmatz, Joachim Schäfer, and Robert Davis