Navaneeth Rameshan

Title

Research developer
Navaneeth Rameshan

Bio

As a part of the Quantum-Safe Cloud and Systems group at IBM Research, Zurich, I work on applied security focusing on key/secrets management, PKI, HSM’s and securing applications against threats from a quantum computer. Hands-on with contributions to IBM cloud Key Protect, Hyper Protect Crypto Service, Secrets Manager and IBM Kubernetes Service.

Work Summary:

  • Enabled Quantum Safe (Q-Safe) support in different frameworks, and components. Specifically, Q-Safe TLS in Postgres, Java based Netty, Java gRPC, Envoy, a full implementation of a Q-Safe service mesh for OpenShift clusters, and a Q-Safe PKI implementation in Hashicorp Vault

  • Led the design and implementation of a private PKI with different Crypto backends for IBM cloud Secrets manager with support for HPCS, Thales and Marvell HSM’s

  • Led the design and implementation of certificate life cycle management using the ACME protocol with asynchronous issuance and automated renewal.

    • This work is deployed and available via IBM Cloud Secrets Manager
  • Co-led the implementation and delivered TLS handshake termination using Hyper Protect Crypto Service (HPCS). TLS establishment is transparently intercepted by a custom implementation of openssl engine that forwards signature requests to the HSM holding the private key, enabling TLS termination without the risk of exposing long term private keys.

    • This is integrated into IBM cloud Hyper Protect Crypto Service, and IBM cloud Openshift
  • Co-led the design and led the implementation of a performant and scalable middleware for Hardware Security Modules (HSM). These additions increased the throughput for key operations by 3x - 10x, and latency by a factor of 50.

    • Currently deployed in all regions of IBM Cloud Key Protect
  • Contributed to the enablement of the first Hyper Protect Crypto service (HPCS) demo at THINK-2018, and was the key enabling factor to ramp the HPCS product offering in IBM Cloud