Elliptic-curve cryptography (ECC)

Elliptic-curve cryptography (ECC)

finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible: this is the "elliptic curve discrete logarithm problem" (ECDLP). 

Applicable for 
ECC Key length comparison with RSA Key length. 


Elliptic Curve

Public Key Cryptography

PKI (Public Key Infrastructure) 

  • CA (Certificate Authority) binds public key with identity. = TTP Trusted Third 
  • Party. E.g. Symantec, Comodo, GoDaddy
  • OSCP Responder
  • RA (Registration Authority) = subordinate CA in Microsoft PKI. 
  • VA (Validation Authority) 
  • Central Directory to store index keys
  • Certificate Management System
  • Certificate Policy
Method of certification

1. CA

2. Web of Trust. E.g. PGP (Pretty Good Privacy) and GnuPG
3. Simple Public Key Infrastructure (SPKI). Authorization loop : verifier = issuers 

Open Source implementation of CA

  • OpenSSL is the simplest CA and tool to build PKI enabled apps. C. Part of all major Linux distributions, 
  • EJBCA is a full featured, Enterprise grade, CA implementation. Java. 
  • OpenCA is a full featured CA implementation 
  • XCA is a graphical interface, and database. 
  • (Discontinued) TinyCA was a graphical interface for OpenSSL.
  • XiPKI CA and OCSP responder. With SHA3 support, OSGi-based Java.
  • IoT_pki is a simple PKI. Python cryptography library
  • DogTag
  • gnoMint
  • EasyRSA, OpenVPN's command line CA utilities using OpenSSL.
  • r509
  • Boulder is an automated server that uses the Automated Certificate Management Environment (ACME) protocol.
  • Windows Server : Active Directory Certificate Services.
Free digital certificate for public by CA

  • CAcert  https://en.wikipedia.org/wiki/CAcert
  • Let's Encrypt. https://en.wikipedia.org/wiki/Let%27s_Encrypt


Public Key Cryptography Standards : https://en.wikipedia.org/wiki/PKCS
Cryptographic Message Syntax :  https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax and RFC 2315, RFC 2360, RFC 3369


1. Introduction to cryptography and network security

2. Cryptography theory and practice

3. Field Arithmetic 

4. Problems in the Theory of Modular Forms

Kubernates - practicals

To get more practical insight about internals of Kubernetes 

2.Learn Kubernetes using Interactive Browser-Based Scenarioshttps://www.katacoda.com/courses/kubernetes


Free course : “Kubernetes Hardway”

Hands-on with Minikube: single node kubernates cluster

To install Minikube : 


Then execute command:

minikube start

Now play around with Minicube with kubectl

Overview of kubectl

kubectl Cheat Sheet



Micro-service mesh management framework

It provides a uniform way to connect, manage, and secure microservices. It supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code.


* A/B testing, 
* canary releases, 
* failure recovery, 
* metrics,

Key Capablity

* Traffic Management 
* load balancing, 
* rate limiting, 
* Observability
* monitoring
* Policy Enforcement 
* access control,
* load balancing, 
* Servie identity and security
* service-to-service authentication, 
* discovery of services, 
* end-to-end authentication.
* Platform Support
* Cloud, 
* on-premise, 
* Kubernetes, 
* Mesos
* Integration and Customization : integrate with existing solutions for 
* ACLs, 
* logging, 
* monitoring, 
* quotas, 
* auditing 
* etc.

Istio pre-configured addons

* Grafana : dashboard to visulize service mesh traffic data
* Prometheus : to query istio metrics 
* ServiceGraph :  generating and visualizing a graph of services within a mesh
* Zipkin : distributed tracing system


1. Data plane : 
set of intelligent proxy (Envoy)
2. Control plane :
manage and configure proxy 
to route traffic
to enforce policy runtime. 

1. Envoy : sidecar proxy in same pod with features : 
dynamic service discovery, 
load balancing, 
TLS termination, 
HTTP & gRPC proxying, 
circuit breakers, 
health checks, 
staged rollouts with %-based traffic split, 
fault injection, 
rich metrics.

2. Mixer: 
platform independant
flexible plugin model 
with a variety of host environments and infrastructure backend
enforce access control
enforce usage policies
collect telemetry data from envoy
Mixer configuration for
attribute extractation
policy evaluation

3. Pilot 
converts high level routing rules that control traffic behavior into Envoy-specific configurations
propagates Envoy-specific configurations to the sidecars at runtime
abstracts platform-specifc service discovery mechanisms
transalate service discovery to Envoy data plane API
service discovery
traffic management
intelligent routing
A/B tests, 
canary deployments
circuit breakers, 
multiple environments 

4. istio-Auth
Authentication using mutua TLS
Built-in identity + credentials management
enforce policy based on service identity