TY - GEN
T1 - Improving Microservices Security
AU - Javadpour, Amir
AU - Jafari, Forough
AU - Taleb, Tarik
AU - Guo, Qize
AU - Benzaid, Chafika
AU - Rosa, Luis
AU - Cordeiro, Luis
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - To support fle xibility and scalability, 5 G networks have embraced microservice-based architectures, which require secure and efficient inter-service communication. This is managed by the service mesh layer, which is now a growing target for cyberattacks. While existing platforms like Istio and NGINX use mutual TLS (mTLS) to secure communications, mTLS imposes considerable resource overhead, undermining the goals of scalability and lightweight operation. To overcome this challenge, we propose an Encryption as a Service (EaaS) framework for Kubernetes that mitigates common attacks such as man-in-the-middle, distributed denial-of-service (DDoS), and eavesdropping. Experimental analysis shows that EaaS significantly improves response time and reduces adversary success compared to traditional microservice-side cryptographic handling, with gains varying across different scenarios and cryptographic/deception configurations. While higher EaaS replication slightly increases CPU and memory usage, it leads to better security outcomes and faster service performance. The successful real-world implementation and deployment of the EaaS framework further corroborated these fin dings.
AB - To support fle xibility and scalability, 5 G networks have embraced microservice-based architectures, which require secure and efficient inter-service communication. This is managed by the service mesh layer, which is now a growing target for cyberattacks. While existing platforms like Istio and NGINX use mutual TLS (mTLS) to secure communications, mTLS imposes considerable resource overhead, undermining the goals of scalability and lightweight operation. To overcome this challenge, we propose an Encryption as a Service (EaaS) framework for Kubernetes that mitigates common attacks such as man-in-the-middle, distributed denial-of-service (DDoS), and eavesdropping. Experimental analysis shows that EaaS significantly improves response time and reduces adversary success compared to traditional microservice-side cryptographic handling, with gains varying across different scenarios and cryptographic/deception configurations. While higher EaaS replication slightly increases CPU and memory usage, it leads to better security outcomes and faster service performance. The successful real-world implementation and deployment of the EaaS framework further corroborated these fin dings.
KW - Encryption as a Service (EaaS)
KW - Kubernetes
KW - Security
KW - Service Mesh
UR - https://www.scopus.com/pages/publications/105036707547
U2 - 10.1109/MECOM67453.2025.11439502
DO - 10.1109/MECOM67453.2025.11439502
M3 - 会议稿件
AN - SCOPUS:105036707547
T3 - 2025 IEEE Middle East Conference on Communications and Networking, MECOM 2025
BT - 2025 IEEE Middle East Conference on Communications and Networking, MECOM 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE Middle East Conference on Communications and Networking, MECOM 2025
Y2 - 4 November 2025 through 6 November 2025
ER -