TY - GEN
T1 - Improving the Security of Service Mesh in Kubernetes
AU - Javadpour, Amir
AU - Ja'fari, Forough
AU - Taleb, Tarik
AU - Benzaid, Chafika
AU - Rosa, Luis
AU - Cordeiro, Luis
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Bringing flexibility and scalability to 5G networks has expanded networking technology to facilitate the split of service into microservices and how they can communicate. The network layer dedicated to this communication is called service mesh, and it has become a new target for cyber adversaries. The existing service mesh infrastructures, such as Istio and NGINX, apply the mutual TLS (mTLS) protocol to the connections in the service mesh layer to protect the confidentiality of the data transferred in this layer. However, the main challenge of implementing mTLS is its resource restriction, which significantly conflicts with the scalability and flexibility goals. Therefore, this paper proposes an Encryption as a Service (EaaS) framework that can be implemented on Kubernetes, mitigating man-in-themiddle, (distributed) denial of service, and eavesdropping attacks against service mesh. The implementation results show that the proposed framework decreases the adversary's success rate by at least 45% compared to the cases of having microservices apply the cryptographic processes by themselves.
AB - Bringing flexibility and scalability to 5G networks has expanded networking technology to facilitate the split of service into microservices and how they can communicate. The network layer dedicated to this communication is called service mesh, and it has become a new target for cyber adversaries. The existing service mesh infrastructures, such as Istio and NGINX, apply the mutual TLS (mTLS) protocol to the connections in the service mesh layer to protect the confidentiality of the data transferred in this layer. However, the main challenge of implementing mTLS is its resource restriction, which significantly conflicts with the scalability and flexibility goals. Therefore, this paper proposes an Encryption as a Service (EaaS) framework that can be implemented on Kubernetes, mitigating man-in-themiddle, (distributed) denial of service, and eavesdropping attacks against service mesh. The implementation results show that the proposed framework decreases the adversary's success rate by at least 45% compared to the cases of having microservices apply the cryptographic processes by themselves.
KW - Encryption as a Service (EaaS)
KW - Kubernetes
KW - Security
KW - Service Mesh
UR - https://www.scopus.com/pages/publications/105032493848
U2 - 10.1109/ICPADS67057.2025.11322999
DO - 10.1109/ICPADS67057.2025.11322999
M3 - 会议稿件
AN - SCOPUS:105032493848
T3 - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
BT - Proceedings of 2025 IEEE 31st International Conference on Parallel and Distributed Systems, ICPADS 2025
PB - IEEE Computer Society
T2 - 31st IEEE International Conference on Parallel and Distributed Systems, ICPADS 2025
Y2 - 14 December 2025 through 17 December 2025
ER -