Browse > Article
http://dx.doi.org/10.14372/IEMEK.2021.16.3.99

API Server Transport Layer Security Packets Real-Time Decryption and Visualization System in Kubernetes  

Kim, Tae-Hyun (Daegu University)
Kim, Tae-Young (Daegu University)
Choi, Me-Hee (Daegu University)
Jin, Sunggeun (Daegu University)
Publication Information
Abstract
The cloud computing evolution has brought us increasing necessity to manage virtual resources. For this reason, Kubernetes has developed to realize autonomous resource management in a large scale. It provides cloud computing infrastructure to handle cluster creations and deletions in a secure virtual computing environment. In the paper, we provide a monitoring scheme in which users can observe securely encrypted protocols while each Kubernetes component exchanges their packets. Eventually, users can utilize the proposed scheme for debugging as well as monitoring.
Keywords
Kubernetes; API access control; Cloud computing; Transport Layer Security; SSLKeyLog; Decryption;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Huang, L. S., Adhikarla, S., Boneh, D., Jackson, C, "An Experimental Study of TLS Forward Secrecy Deployments," IEEE Internet Computing, pp. 43-51, 2014.
2 Morrissey, P., Smart, N. P., Warinschi, B., "A Modular Security Analysis of the TLS Handshake Protocol," International Conference on the Theory and Application of Cryptology and Information Security, pp. 55-73, 2008.
3 Nash, A., Duane, W., Joseph, C., "PKI: Implementing and Managing E-security," 2001.
4 Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J. A., VanderSloot, B., "Imperfect Forward Secrecy: How Diffie-Hellman fails in Practice," 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5-17, 2015.
5 He, X., Yang, X., "Authentication and Authorization of end user in Microservice Architecture," Physics: Conference Series, Vol. 910, 2017.
6 Shamim, M. S. I., Bhuiyan, F. A., Rahman, A., "XI Commandments of Kubernetes Security: A Systematization of Knowledge Related to Kubernetes Security Practices," 2020 IEEE Secure Development (SecDev), pp. 58-64, 2020.
7 Luby, M., Rackoff, C., "How to Construct Pseudorandom Permutations from Pseudorandom Functions," SIAM Journal on Computing, pp. 373-386, 1988.
8 R. Eidenbenz, Y. Pignolet, A. Ryser, "Latency-Aware Industrial Fog Application Orchestration with Kubernetes," 2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC), pp. 164-171, 2020.
9 P. Szalachowski, L. Chuat, A. Perrig, "PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem," 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 407-422, 2016.
10 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
11 Habbal, N., "Enhancing Availability of Microservice Architecture: A Case Study on Kubernetes Security Configurations," 2020.
12 https://kubernetes.io/
13 T.H. Kim, T.Y. Kim, Y.E. Choi, M.H. Choi, Sunngeun Jin, "Virtualization and Kubernetes,". OSIA Standards & Technology Review, pp. 4-10, 2020 (in Korean).
14 Dierks, T., Rescorla, E., "The Transport Layer Security (TLS) protocol version 1.2," 2008.