Balaji Palavalli

Skills and Career Summary :

• 24+ Years of experience working in enterprise systems dealing with Network and Data Security.
• Expertise in PKCS11 and HSM Implementation
  Implementation of PKI/PKCS and TLS frameworks for Oracle database and middleware products.
• Implementation and integration of Test Framework for HSM using RSA/Cryptoki SoftTokens and Hardware Token with Oracle database server.
• Expertise in creating a concrete Proposal Response for IDM and Security RFPs.
• Expertise in Cost and Effort Estimates in the Proposal Responeses.
• Successfully implemented Microsoft Cryptography Interface, MSCAPI/CNG provider consumed in Oracle 23c database
• Successfully managed a Sustaining team for Cryptography components of Oracle Database and Middleware Stacks and helped in the acceleration of resolution of complex customer issues.
• Implemented IDM solutions using Oracle Identity and Access Management product suite.
• Helped major customers across different domains in addressing their complex Application and Networking protocols issues in Oracle Database Client and Server
• Ability to develop good interpersonal relationships while collaborating with different stakeholders and driving people across teams when handling complex problems and time bound escalations.
• Handled high pressure business impacting product issues related to Oracle Security Stack and drove it to completion, managing customers and many stakeholders.
  

Enterprise/Cloud Security Specialist

• Proficiency in C, Core Java, Python.
• Development on Linux and Windows
• Agile Development Model

• GDB, Valgrind, Kcachegrind, Parfait
• Linux and Windows Performance Tools
• OpenSSL, TCPDump/Wireshark, Keytool
• RSA PKCS11 tools, Opencryptoki, SoftHSM

• Cryptography, Network and Data Security
• OpenSSL and RSA-MES Crypto ToolKits
• Microsoft CNG
• PKCS11 Interface for HSM
• Oracle Identity and Access Management

Oracle Programmatic Interface: This is the Oracle's Client's programmatic interface to  access the Oracle database. It's integrated
with RDBMS networking layer which underneath uses TCP/IP, RADIUS, KERBEROS.
Worked extensively in this area and handled many issues in Oracle Server and Client stacks relating to data corruption, protocol violations, client-server process hangs, distributed query execution, performance issues, memoryleaks/ corruption issues.
Analysed Network traces of client and server and Oracle server traces and simulated the original problem for faster resolution. Worked on enhancements and code
optimization of different modules in this layer. Some of the complex issues worked on are,

• Client and Server Session Management issues.
• Distributed database access connectivity and performance issues
• Heap Memory Management issues.
• Transparent Application Failover issues.

PKCS11/HSM Adapter for Oracle Database using OpenSSL PKCS11 Provider: A PKCS11 standards-based Security Framework for HSM/Smart Token access for storing Certificates, private keys . Designed and developed the Generic PKCS11 security framework that can be integrated with Oracle RDBMS or other Oracle products to leverage the PKCS11 functionality to store their secret keys and SSL certificate on the smart token or HSM device. Implemented the PKCS11 Crypto Callbacks that are based on OpenSSL Version 3.0.x PKCS11 provider Interface. This supports functionality to create key pair, credential validation, key migration, encryption and signing. This PKCS11 provider was tested with many PKCS11 Soft tokens like OpenCryptoki, RSA’s soft tokens, Gimalto Smart Token, SafeNet Luna Distributed HSM devices.

Integration with RSA MES5.0 Crypto toolkit : Implemented a PoC to integrate RSA’s new Crypto toolkit of MES5.0 with Oracle Crypto Framework. This required rearchitecting the basic TLS module in Oracle Crypto Framework in client and server. There were many challenges in terms of TLS setup which were discussed with RSA(Dell). Interop testing done with Openssl3.0 and older MES version client and Server applications to understand the rootcause of the internal TLS handshake protocol errors. Had challenges in implementing 2-way authentication due to the way the Oracle was integrated with older Crypto toolkits.

Oracle PKI & TLS Management Framework: This Security framework integrates with RDBMS Network layer to provide TLS support for RDBMS Client and Server and Crypto services (Symmetric encryption, Hashing, PBKDF functions). The Network Security provides authentication using X509 digital certificates.
Worked on Enhancements and diverse Customer issues in this area related to Database/Network, HTTP Server, Identity and Access Management Integration with Crypto Framework.

Integration of Oracle Security Framework with MES PKCS11 interface to support HSM :
· Implemented an enhancement for dynamic validation of user session when the token is unplugged and plugged into the token slot at runtime. Simulated a soft-token using RSA PKCS11 tools and integrated the same into Oracle Crypto regression suite.
· Worked on extending the Security Framework to integrate with OpenSSL PKCS11 Provider along with MES-PKCS11 provider for Certificate request and key import, Credential verification on the token, certificate migration to token, Matching of Pvt key.
· Worked on a compatibility issues where the Oracle Database endpoint registration with Oracle Key Vault was failing due to the way the certificate key-usage extensions during SSL Handshake from Oracle DB Endpoint and Oracle Key Vault Server.

Integration of Oracle Security Framework with MSCAPI/CNG: Oracle Security Framework supports integration with Microsoft Cert Store using MS CryptoAPI.
· Worked on some complex issues related to support of FIPS In MCS and integration with Smart Cards using MSCAPI apis.
· Implemented signing/encryption and decryption/verify modules with MSCAPI provider for TLSv1.2 protocol

Oracle Application and Network Protocol: This is the Oracle’s Client's programmatic interface to access the Oracle database.
Worked extensively and handled many critical and complex customer issues in Oracle Server and Client stacks relating to data corruption, protocol violations, client-server process hangs, performance issues, memory-leaks/corruption issues. Worked on enhancements and code optimization of different modules in this layer related to Client and Server Session Management. Addressed highly impacting customer issues  related to Distributed database access, Heap Management and Application Failover.

National Australia Bank, Melbourne, Australia - This is an end to end Oracle Identity Management Implementation. Technically lead the team in designing a Security solution for the Portal framework with Oracle IDM Product Suite leveraging the WebLogic Security Framework using SAML 2.0 for federated SSO. It involved provisioning the new Bank Customers to different Banking Systems creating internal Identities using Oracle Identity Manager. The LDAP schema was made extensible for integration with other Applications. User Identity transformation was achieved using Oracle Virtual Directory.

Dept of Industrial Policy and Promotion, Govt of India - eBiz Portal for of Govt Services - I lead Identity and Access Management track in the Portal designing end-to-end Identity and Access implementation. The IDM solution was initially implemented with Oracle Access Manager was redesigned to use WebLogic Security Framework using Security Providers for Authentication, Authorization, etc. Developed the custom Digital Certificate Authentication Provider to authenticate using Digital Certificates.

Client Presentations - Presented the IDM solution architecture to CTO and Security Head of Insurance Major AMP at Sydney which was widely appreciated for the quality and presentation.

• Proactively discussing the problems with support to manage the Customer's escalations and providing feasible work-arounds for the problem.
• Making technical presentations to different groups internally on new features in Identity Management and RDBMS.
• Conducting Technical Interviews and mentoring new joinees on Group Processes and preparing product training plans.
• Handling escalations and meeting with support and customer to proactively address customer issues.