Transparent Storage Encryption in Kubernetes
Conference: European Wireless 2022 - 27th European Wireless Conference
09/19/2022 - 09/21/2022 at Dresden, Germany
Proceedings: European Wireless 2022
Pages: 6Language: englishTyp: PDF
Authors:
Gabriel, Jennifer; Ankermann, Silvio; Seidel, Mauri (Deutsche Telekom Chair of Communication Networks, Technische Universität Dresden, Germany)
Fitzek, Frank H.P. (Deutsche Telekom Chair of Communication Networks, Technische Universität Dresden, Germany & Centre for Tactile Internet with Human-in-the-Loop (CeTI), Dresden, Germany)
Abstract:
Cloud computing and therefore storage in the cloud became more widespread. The ease of use, as well as the fact that the cloud is a key building block for 5G applications, has accelerated this development. Security and privacy is also a major issue in the cloud environment. To address this issue, we have developed a transparent data encryption for data at rest, especially designed for the use with cloud storage. In order to adapt the architecture to the security requirements and the requirements in the cloud environment, a STRIDE threat model was created for the time being. The architecture was then designed based on this threat model. The tool is able to encrypt storage. It is possible to choose between different encryption algorithms. An important design step was the separation of the key management from the data storage. Performance measurements of the implementation were performed to ensure usability. These measurements show that the slowdown caused by the introduction of encryption is small enough for most scenarios.