BSidesSF 2025 - Trust Engineering: Building Security Leadership at Early-Stage... (Mike Privette)

Hi everyone. Please give a round of applause for our next speaker Persan who is a head of product security at AppView X. Thank you. Uh just a small reminder please if you have any questions go at besides.org/q&A and you can leave your questions there during the sessions and if we have time at the end we can cover them at the end of the session. Thank you. Thank you. Hello. Uh me is Prashant. I work as a product security head for uh Appx. Appx is into certificate life cycle management uh PKI PKS service and uh SSH so related discovery predominantly into the mission identity space. And so today you know like we're going to look about the

ironclad PKI basically like why PKI needs the all the attention that it requires now why it matters now what are all the pitfalls that we currently have and what is the timelines and urgency that we you know see towards it okay so I put it into three buckets just for you know a better understanding and a flow weakness in today's PKI postquantum impact and building crypto agility. So the first one the weakness in PKI today's PKI we will look into you know like the practices in PKI like what's going wrong and what are all the gaps that we have and what kind of problems that we see like from a real world perspective for example like you

know how does this affect me as a user and how the company should look at this and what are all the areas that we may not be you know paying attention to today like where it has been legacy and what's getting changed those ones and the postquantum impact So, so far it's been a theory like postquantum like you know it's moving from a theory to more kind of you know reality right now and do we have timelines towards it what are the problems that we face if postquantum computing comes as a reality and building the crypto agility so what is crypto agility and how are the organizations like crypto agile today and looking at you know the real world

data what do we see what are the current timelines you know for a certificate rotation And what does it take like for companies to like you know implement crypto agility? How do we better prepare ourselves both in the light of quantum computing and also given you know the latest mandates that are coming from NIST and CA browser forum similar ones. Why this matters now? So 72% of organizations experienced at least one certificate related outage in the past year and in like 67% reporting monthly outages and 45% weekly. So now this could be both you know public and also like private certificates. Now how do what are the things that we know at the wake like what do we know which we have

seen which has impacted us we'll get into it but as leaders you know and practitioners here you would have seen like you may have like understood like what is the impact of like a certificate getting expired where I don't have a monitoring available for it or you know automated process for us to like rotate it now real world incidents on the rise we discussed about it and shorter validity of TLS certificates so it's not anymore optional know that we need to have like monitoring for certificates. We need to have the rotational policies. We need to have automation enabled. This has been like you know depending on the size and the impact of certificates for a company and organization. This has

been taken into consideration so far but going forward this seems to change the reality seems to change because a lot of changes are coming in this area and from now because uh let's say you know the time that I have put this content I had to continuously change it more than twice because so much updates have come in this area like even you know today I had some changes happening because that much attention that much changes are happening in the space of like PKI and certificates here we will look into lack of crypto agility and reg regulatory mand mandates. So NIST and uh NISA few other you know like UK government and few other bodies have

brought towards like what are the proposed algorithms to use how do we stay secure what to move towards all those things. So the incidents over the past year like we have taken like you know last one year but one thing that I like I also included uh the starlink in there just for its you know the amount of importance that it has got like you know how the certificates are used where it's used what kind of impact it could have so interest so most of the organizations in the globe like have been using interest as a CA but it has gone through a distrust by Google and there have been problems right like misuse cases and the policies not being

met. So there have been some issues with it. But what are the other ones like which impacted companies large scale companies which also created disruption and also outages in that particular area. So chcast a month ago Google chcast faced an outage. It's because of an expired certificates all the edge devices the IoT like what it says is like you know more than looking at it from a perspective of one device or like one particular kind of a device a chcast. This is the same plight for the IoT and other similar devices which are in the edge cases. How do we maintain those devices? It's not just about a domain or an authentication certificate we use. It's also about like the edge

devices like which are operating in scale, right? and Alaska Airlines reporting ID outage because of a certificate being expired. And similarly, you know, the uh the bank in the UK like which has reported that their entire operations had to go down like in this case like some most of them have brought up their environment like faster. They were able to like rotate the certificates. But in the case of like Google chcast, it took like you know more than a day or like two for them to like fix those problems. So this is what we call it as like crypto agility. something goes wrong, how quick can we, you know, like make a switch? Be it an algorithm, be it a CA, be it a

certificate. So in the cases of, you know, this being going wrong, do I have mechanisms where I could quickly bring something up, quickly make those changes and, you know, make the service available again? And these are from CD logs. So what we did is like we collected the Fortune 500 list and also the you know most visited US government list from the US analytics. So this we have run across few tests. One is that we looked into the CD logs to see what kind of algorithms are being used today widely by all the companies and two we looked at what are the um you know different sectars and how do they rotate their certificates how long the search

validity is being issued today. So is it like 100 is it 200 is it 300. So the average that we see is like you know 398 days for a certificate to be live and also get rotated. Now this is the validity that today 2025 we are talking about how the websites are providing and this data shows a few findings in there. So more than 78% of Fortune 500 certificates would fail a crypto agility readiness check today because it it depends on like few factors when we call this as like they would fail. One of it is quantum vulnerable algorithms usage of RSA 2048 and similar and wild card overuse and inconsistent rotation timelines. So now why do these matter?

Now each one of the fact which we discussed about now is having some sort of you know a threat or a change in the landscape or a regulatory mandate coming towards it. So look into it deep 65 68% of fortune 500 and US government certificates still use RSA making them quantum vulnerable. So when quantums becomes a reality this is RSA could be broken. That's like what we have se seen from the sh algorithm and 23.5%age of wild card certificates are used by industrial and manufacturing companies. So we just looked at with the wild card certificates being used uh overused we looked at which sectar is maximum using these wild card certificates sector wise out of these we

have collected this data and that's what we are looking at here and if the internet were to be audited today for quantum readiness or crypto agility for just for quantum readiness for that matter more than 70 to 75% of the certificates that are in the internet today are not quantum resistant now this is what we are talking about as a backlog that the companies will have to look into. Now this is a subset of data of the entire internet right this is like based on fortune 500 and you know top 100 or like few websites which uh the government the US government websites which people are using. Now this is a very small subset of data that

we are discussing here if you will have to expand it to the entire internet what we look at there would be something you know drastic and dramatic. So now these are all the tech backlog that we are looking at for the next few years for us to like go back and fix and agility is not optional. So far until you know a month ago we have been discussing about this certificates has to be like rotated frequently and we should reduce you know the just like you know an identity what we talk about principle of release privilege zero trust no long-standing privileges. If you would apply the same for certificates which is all it's also an

identity a mission identity shortlived certificates are mandatory and rotating that certificate on a particular period of time is going to be like mandatory so far it's not but so few weeks ago a month ago CA browser forum has voted that 47 days is going to be the validity for all the certificates starting from 2029 and this is what they have voted for Google proposed 90day Apple proposed 47 days and this is the final you know like what that CA browser form has come to what does this mean so today we looked at it 398 days is the average a certificate that's being you know issued the validity now that validity cannot be more than 47 days going forward by 2029

and this change is happening from now so we will have to start reducing the life cycle of certificates starting from 2026 and similar and to do that it's not simple because Every company uses like you know thousand certificates or like you know more than that depending on the size and the nature of the company and like where they use it for right it differs between uh banking it differs between automobile it like it's different for like a modern SAS company now the certificates also being used for like many different use cases right internal with external like you call it like public CAS and all that now these brings in like different set of backlog which the companies are not prepared for

Because looking at the data graphs it doesn't show like you know the crypto agility the companies have attained and which is where like you know these mandates are also coming enforcing people to like you know look at their visibility the posture of how the certificates are today and how they're going to move forward. So the weakness in today PKI quantum v vulnerable algorithms long live certificates and devices human errors and misconfigurations limited crypto agility. Now we have been you know like uh discussing like quite a bit about like crypto agility. What's crypto agility? the ability to like identify and discover the certificates that the company uses and for what purpose along with context and then prioritize based

on the importance like what is a crown shell application what's public facing what's internet facing what's being used for authentication and then having the policies to implement and fix whenever there is a problem be it an algorithm change or you know vendor change the certificate where I'm getting it from my public CA any kind of change should have the ability the company should have the ability to do it overnight. In simple terms like you know we should have the ability to fix something when you know when something goes wrong in crypto we should be able to fix it overnight rather than you know doing it under the fire. So quantum vulnerable algorithms. So there are a few algorithms which we

will look into deep detail like a couple of algorithms which we will look into on what makes them quantum vulnerable and how that could be broken. If so like when that could be broken and what's going to be the threat that it's getting longived certificates and devices we looked at 398 days is the you know usual certificate life lifetime that from the that we have seen from the CD logs. This is for the domains and the public available certificates. But think about the devices the edge devices usually get 10 years or 5 years as their certificate validity. Now this could be internal this could be external but that device is going to you know if that's going to

basically you know talk to certain other services then these things which are coming like you know as 47 day and other mandates which are coming could affect them as well. Do we have the visibility towards all the certificates that we are using in a company's environment is question one and two along with context and posture. Do we have that availability? Yes, the machine is a space like where the lot of gap is on the context and the posture of it and human errors and misconfigurations. So the misconfigurations and human the CA templates or like you know be it uh the CSR values the mis uh misissued uh certificates and uh this is from one side of things like which can entirely

go wrong internally or from a process gap. There are other set of things which majorly like not being discussed. One is that the deprecated CAS and then untrusted CAS providing the certificates. So that is equally important as most of the you know fishing and other like impersonation domains like get these certificates from the blacklisted CAS and that's some kind of monitoring which the companies are not having today. We are working on you know collecting the logs for that as well. I will publish it as a research. So once we have that available as we are crunching through a lot of data and uh identifying the blacklisted layers limited crypto agility we discussed about like what it is like

what's the gap and uh we all know like where we stand like if we will have to look at our you know work lives and see if this is something like normal to do because there are still companies who track their certificate expiry via Excel sheet and few other automations. Now how could that help it depends because there is a rush there is a timeline towards it. We are you know we will have to basically work against the clock right now and quantum 101. So, so far like we discussed quantum was about a you know subject of interest like you know when it comes to reality we had no idea but with the recent developments on quantum

computing so we have seen few differences coming in and we have looked at the timeline of certain companies like Google's willow so Google has published a timeline on when they are going to achieve like what kind of cubits and uh this also says like okay we are in an era right now where quantum is already there but it has some noise and it has some error errors to it which over a period of time will get fixed. Let's just take you know it's going to be I'm not saying it's going to be like AI but when AI was coming like how many of us did we actually know about it like in 2020 or 2021 when you know like AI

was getting launched we did have AI like for decades but the generative AI had a different capability to it and when it was launched it was simply a chat application and the use cases differed. So quantum when it becomes available for like companies to use for the research and other use cases who would know it could also be used for breaking encryption which we use today right more than 70% what we have seen is like RSA 2048 right which is vulnerable for quantum and over a period of time not like today's one but yes it's happening so what is the quantum approach of like why this could be broken I'm just going to simply you know

like uh keep it uh very simple here. So the thing is the today like what we have in RSA 204 right is like you know finding a it's a discrete log problem is what we have what would quantum quantum do to it the quantum is simply going to make it as a period problem which it is really good at rather than calling it as a discrete problem math problem so this is what char's algorithm has shown us so finding the p is going to happen finding the you know like sorry it's going to be the uh k is going to be a period problem and this could happen in the polomial real time for us like when quantum

becomes a reality. Now will quantum become a reality? Yes, we have seen few uh you know cases we we have seen the reality of like where it is today and we are also like looking at some of the road maps to see like when it could become available at what scale. Now to break RSA like what are we talking about? So we are talking about 4,000 cubits logical cubits to be available and only when that becomes a reality that's when you know RSA faces a threat right and what are all the real world applications that could it could have an impact now the bitcoin uses the same algorithm like which is quantum vulnerable and SSH keys the TLS HTBS

certificates that we are using today and the VPNs now is it scary yes but the companies are catching up the industry is catching up Apple introduced Like last year or like February, Apple introduced the iMessage. They do encrypt using PQ3 which is like PQZ uh you know compatible algorithm. They use uh um MLAM as their algorithm for PQC and similarly Palo Alto's VPNs and other things are catching a password. So the vendors are enabling the capacity for the end users and organizations to consume what's already going on as a problem. So it's not a theoretical thing that we are discussing here. It's practical and the industry is catching up on this. The quantum thread timeline. So

the first 25 to like 2030 like what we are in right now is the NISK era which is basically the quantum is available right now. The quantum computing is available but it is noiserone and errorrone. So this error correction is what it's going to you know we are going to look at in the next few years and when that becomes a reality so we will see like you know what is the capability of quantum. So we will have like you know some sort of like uh you know um something for chemical applications or you know something towards chemistry. We will be working on like quantum substantially like when it improves and when it when we have something solid

that will go for like several other use cases apart from just being you know academic and the road to postquantum cryptography standards. Nest has approved like few cryptography standards over the you know last few months and years and what we see there is two algorithms which is Kyber and Delithium or like approved ones like which are also widely adopted today like only 2% of the organizations or like vendors are capable of handling or accepting the PQC certificates today and the majority of them are using these two algorithms for their use cases for their you know applications and um the HSM and devices and quantum reality check. So this is basically the road map of Google's Willow. So one popular example

I have taken. So when willow becomes available obviously it's going to have competitors going to have you know different uh sources coming up with the quantum computing power and what does it mean? So what timeline are we looking at the existing encryptions facing a threat? So looking at this so two 2030 or like later like 2035 or somewhere in between is when this could become a reality of like whether you know 4,000 logical cubits would it be available for you know it's not necessary it's for this purpose and this use case but basically is it you know true yes it's happening and today we are at like 100 cubits and this is what we are looking at scaling towards 4,000

cubits and not errorprone and doing these things at scale. and what's what makes the transition hard. So if we are having like you know applications which are critical and crown jewel the BS the BFSI sectors have already adopted this and it's been more than a year or like you know a couple of years some of the industries like you know uh notable names include like uh JPMC HSBC they all have adopted the quantum and they have you know like moved towards in the journey where there's a lot of you know exciting content in that space like on how they executed it and the common uh problems that we see in the PQC to see transition

is that one the latency and size. So it is three to 10 times bigger the key size what we are comparing between the normal um you know currently available encryption methods like RSA or ECDSA between like you know delithium and kyber. So this possess like the microservices the mobile applications the edge devices the you know the SAS platforms everything so whatever that we are working on today each and every microser and API meets a certain SLA the payload you know all of that so the industry will have to think about the architecture on how we can accommodate this so this latency is going to possess a serious amount of you know significant uh risk because it's not basically the

architectures has to be improved is what you know we are trying to say and uh legacy infra. So we have looked at it the legacy infra till today like have you know 10 10 years as the certificate validity and the protocol that it operate is like entirely different and for them to become you know Q PQC uh safe those algorithms for them to adopt it is going to take time and meanwhile the hybrid certificates is the one which could be the solution for this because we also it's not like you know quantum is not there so we don't have a problem the data which has been exposed even if it's encrypted the if you would look into you know the

batch sources like dark web and other areas the encrypted data is also being sold because by the time the quantum becomes available the harvest now and decrypt is what they're trying to do right now so which is where the shorter validity and the PQC safe hybrid algorithms I could still use like RSA but I can have something you know compatible along with it to use it so I could mix up and have it as a hybrid until the end devices and the you know like existing ecosystem enables PQC and accept PQC. So this would product as well. So it's not you know a direct jump that we are looking at you know we are using like you know normal the existing

algorithms and we are directly going to PQC it's going to be like the existing algorithms then it's going to be the hybrid along with the you know PQC compatible and then the current RSA and similar ones then it's going to be entirely PQC that's something that we look at you know post 2030 that's when we are looking at it and uh certificate sprawl and shadow PKI So lack of visibility basically context to all this. So many organizations don't have this visibility today. So the point is that we need to have a discovery mechanism where we could do a discovery of all the certificates along with the owners and also the end devices like which is using

it and this provides the crypto agility and basically the capability for organizations to understand what is the backlog that they are looking at and how would it help them to move forward. building a postquantum PKI strategy. So the there are two approaches. One is that you know looking it from a strategy perspective. Two like how do we technically execute this? Because everything is like good and great when it comes to content but when it comes to execution how is it going to help? So where do we start? What do we do first and how do we execute this? So the different stages that we have seen so at appux like we help customers like do

this. So there is an open- source uh or freeware that we are you know uh developing right now for like organizations to help and definitely if you would put together a lot of open-source tools like we could be able to like achieve this via that as well. So to begin with discover and inventory all searchs on-prem cloud IoT now the the certificates of the cloud think about this like most of the enterprise organizations use all the three clouds or like you know use a mix of like you know multi cloud vendors and each of them has their own like search manager or like you know um AWS has a search manager similarly like Azure and GCP as

well now among all this what are the problems like do I have like one single place where I could you know monitor both my on-pre IoT edge and also the cloud assets and help organizations to look at their crypto posture may not be. Though the independent vendors may not have the capability to do that which is where you need to have a holistic approach to like discover the certificates which we are which you know the organizations are using today and prioritize risk the key size the algorithm so what we are using today and what are the ones that we should be looking at uh we have all the recommendations here and the N standards are available for that uh so the tool

per se I want to like quickly uh jump on the execution part like you We are running towards time. So the cryptobomb scan um the crypto the cyclone DX have published already a cryptobomb library which you could use and you can use the search discovery open source tools and combining this you will have both the inventory and the visibility once you have into it like you would be able to do a deep audit like uh you know use cert audit or like PKI security tools like do the deep audit of of those inventory certificates which we have received and from there like we can take it to the context and posture and once you have it. So you will have to

implement uh automation or like you will have to identify a policy for like your set of applications cloud internal on-prem everything. So this helps to you know put together those um entire strategy for moving from normal you know manual rotation and using long-term certificates and to move away and to adopt the short life cycle certificates and reducing the manual workload on this and using the quantum safe certificates. So the takeaway most talks are not crypto agile today. Two, quantum or not. Agility is important and not optional anymore as the timelines have been published. And CA browser forum votes for shorter certificate validity decreasing it to 47 days. Quantum is coming faster than infra as we discussed

and start now. Discover, prioritize and plan hybrid upgrades. These are key takeaways. Any questions? Please give a round of applause. Thank you. So if you have any questions, please uh I'm not sure which is of the QR codes that you put on the slide is the one for the slide because there are two. Yes, the first one is for the QA is for uh slide. Okay. Uh so if you have Yeah, we have one questions. So any recommendations for tools for discovery in inventory? Uh yes uh for open source tools for just discovery you could use project discoveries uh TLSX that's one tool like which is really good like written and go but you need modifications to it because

it just looks at 443 and 80 you may have to like you know work around a bit to make it useful for you.

Okay. How about client certificates? So the end devices and client certificates. No, it's it cannot be discovered by uh you know TLSX. You still need a you know like a way where you could if you could use automation solutions. There are like more vendors in the market for uh you know who also handle the wild card and client certificates companies like you know obviously the company which I work for Apux key factor and um uh Venifi Cyber Arc. So these are companies like who provide these um you know capabilities today. Any more questions? Uh yes, just how much does the key size increase the complexity of the program to resolve? Uh sorry, how much does the key size size

you know you said 248 you know some people are using if I was to move the to a 4096 how much is the how much more complex is the problem to resolve? Is it linear or is it exponential or uh it depends also right like what kind of for example some applications could have SLAs's like this is the SLA that we'll have to meet these are all the million operations that we are doing this is the you know like milliseconds we should comp be compatible with but to put it like you know is it linear exponential it could be exponential because what we are looking at is like from a few bytes to 2.4 4 KB that's what

you know the PC algorithms the size of them is so yes I think we don't have time unfortunately to tackle the last question on slido because we're right I think we just have like 30 seconds and the question is very long so please give a round of applause uh thank you so