09-26, 15:15–15:55 (Europe/Berlin), Dome
Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.
In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”.
Morten is a Open-Source developer and maintainer interested in supply-chain security, Linux distributions and user friendly security tools. The past decade he has contributed to projects like Arch Linux, Reproducible Builds, OpenSSF and the "Linux Userspace API" (UAPI) group. When he doesn't spend his free time doing open-source development he works with devops at the Norwegian Broadcasting Corporation.