Rethinking Secure Communication With Mrinal Wadhwa

In this episode of The Secure Developer, Danny Allan interviews Mrinal Wadhwa, CTO at Ockam, to discuss the challenges and solutions in secure communication within modern distributed systems. Mrinal shares his career journey, starting at EMC where he worked on high availability of large-scale data, then moving to distributed systems and fault tolerance issues with Erlang and Hadoop. His experience culminated in creating secure IoT systems for urban infrastructures, leading him to found Ockam, an open-source platform for secure communications. Mrinal explains that traditional secure communications, such as TLS over TCP, are not suited for modern environments where data passes through multiple intermediaries before reaching its final destination. He introduces the concept of end-to-end secure channels that can traverse multiple transport protocols, such as TCP, UDP, and Bluetooth, while maintaining data integrity and confidentiality. This approach helps reduce risks associated with unsecured intermediaries. One of the major challenges addressed is the complexity of managing identities and cryptographic keys at scale. Mrinal describes how Ockam simplifies this process by enabling key rotation and using cryptographic identifiers to establish mutual trust. He emphasizes the importance of minimizing complexity and making security primitives easy for developers to use. The discussion then turns to the practical implications of end-to-end encryption, particularly in terms of performance and availability. Mrinal explains how Ockam uses encrypted relays to establish secure communications without exposing services on the Internet, thereby reducing the risks associated with man-in-the-middle attacks. He provides concrete examples, such as the Red Panda project, which uses Ockam to secure communications between Kafka producers and consumers. Another crucial point is how security models evolve with technologies like WebAssembly (Wasm) and passkeys. Mrinal believes these technologies push us to rethink traditional trust models by decentralizing the management of cryptographic secrets and reducing dependence on complex PKI infrastructures. Finally, Mrinal offers practical advice to developers: consider the risk associated with real-time data flows and think about ways to reduce this risk, such as encrypting data or limiting the destinations to which data is sent. He emphasizes the importance of threat modeling and designing security controls from the beginning of development. To listen to the full episode and learn more about the secure communication solutions offered by Ockam, visit https://snyk.io/podcasts/the-secure-developer/rethinking-secure-communication-with-mrinal-wadhwa/