Transport security based on symmetric key cryptography

[antonkharenko]

Currently all transport messages are sent as plain data and as a result are vulnerable to different kinds of attacks (eavesdropping, tampering, or attempts to generate fake events) in case if malicious user can listen server-to-server communication. In order to introduce security level we want to support symmetric key cryptography which means that key is preliminary distributed on each node of the cluster (as part of configuration) and each message which sent over the network is encrypted/decrypted by this key.

Initial implementation should use the AES-128 standard. The AES standard is considered one of the most secure and modern encryption standards. Additionally, it is a fast algorithm, and modern CPUs provide hardware instructions to make encryption and decryption very lightweight.

Possible extensions of this feature may include (out of the scope for the initial implementation):

• Support of different configurable encryption algorithms
• Support of key rotation. Since we trust each node which has key in the cluster we can distribute via gossips new key. So for some time both keys will be active and then old key is removed after new key is converged over the cluster.

[martinfurmanski]

@antonkharenko Integrating an SSL handler into the netty pipeline is likely the easiest solution. You get a lot of value with minimal implementation effort. Just have to expose the all the configuration of the SSL context on the surface of scalecube. You get a lot of flexbility and security for free.