IEMEK Journal of Embedded Systems and Applications (대한임베디드공학회논문지)

Institute of Embedded Engineering of Korea (대한임베디드공학회)
권호 표지
DOI QR코드

DOI QR Code

API Server Transport Layer Security Packets Real-Time Decryption and Visualization System in Kubernetes

쿠버네티스 API server의 Transport Layer Security 패킷 실시간 복호화 및 시각화 시스템

  • Received : 2021.01.05
  • Accepted : 2021.05.11
  • Published : 2021.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The cloud computing evolution has brought us increasing necessity to manage virtual resources. For this reason, Kubernetes has developed to realize autonomous resource management in a large scale. It provides cloud computing infrastructure to handle cluster creations and deletions in a secure virtual computing environment. In the paper, we provide a monitoring scheme in which users can observe securely encrypted protocols while each Kubernetes component exchanges their packets. Eventually, users can utilize the proposed scheme for debugging as well as monitoring.

Keywords

Acknowledgement

이 성과는 2016년도 정부(교육부)의 재원으로 한국연구재단의 지원을 받아 수행된 연구임 (No.2016R1D1A1B04932067).

References

  1. Huang, L. S., Adhikarla, S., Boneh, D., Jackson, C, "An Experimental Study of TLS Forward Secrecy Deployments," IEEE Internet Computing, pp. 43-51, 2014.
  2. Morrissey, P., Smart, N. P., Warinschi, B., "A Modular Security Analysis of the TLS Handshake Protocol," International Conference on the Theory and Application of Cryptology and Information Security, pp. 55-73, 2008.
  3. Dierks, T., Rescorla, E., "The Transport Layer Security (TLS) protocol version 1.2," 2008.
  4. https://kubernetes.io/
  5. Habbal, N., "Enhancing Availability of Microservice Architecture: A Case Study on Kubernetes Security Configurations," 2020.
  6. He, X., Yang, X., "Authentication and Authorization of end user in Microservice Architecture," Physics: Conference Series, Vol. 910, 2017.
  7. Shamim, M. S. I., Bhuiyan, F. A., Rahman, A., "XI Commandments of Kubernetes Security: A Systematization of Knowledge Related to Kubernetes Security Practices," 2020 IEEE Secure Development (SecDev), pp. 58-64, 2020.
  8. R. Eidenbenz, Y. Pignolet, A. Ryser, "Latency-Aware Industrial Fog Application Orchestration with Kubernetes," 2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC), pp. 164-171, 2020.
  9. Nash, A., Duane, W., Joseph, C., "PKI: Implementing and Managing E-security," 2001.
  10. P. Szalachowski, L. Chuat, A. Perrig, "PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem," 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 407-422, 2016.
  11. T.H. Kim, T.Y. Kim, Y.E. Choi, M.H. Choi, Sunngeun Jin, "Virtualization and Kubernetes,". OSIA Standards & Technology Review, pp. 4-10, 2020 (in Korean).
  12. Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J. A., VanderSloot, B., "Imperfect Forward Secrecy: How Diffie-Hellman fails in Practice," 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5-17, 2015.
  13. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
  14. Luby, M., Rackoff, C., "How to Construct Pseudorandom Permutations from Pseudorandom Functions," SIAM Journal on Computing, pp. 373-386, 1988.