SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES
Kubernetes is well known for its success in solving the complexity of managing container-based applications. However, as the problem is solved, the complexity in security aspect also increases, especially in secret management in Kubernetes. Poor secret management can lead to secret leaks with pot...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/74110 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:74110 |
|---|---|
| spelling |
id-itb.:741102023-06-26T13:03:53ZSECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES Abdullah Fachrezzi, Rezda Indonesia Final Project kubernetes, secret, hybrid encryption, digital signature, residual risk INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/74110 Kubernetes is well known for its success in solving the complexity of managing container-based applications. However, as the problem is solved, the complexity in security aspect also increases, especially in secret management in Kubernetes. Poor secret management can lead to secret leaks with potentially fatal consequences. From 2018 to 2021, there are several cases of secret leaks in Kubernetes. To overcome these problems, a solution is proposed based on the problem analysis conducted. This problem involves the confidentiality and integrity aspects of secret storage and usage in Kubernetes. The solution to the confidentiality problem is to encrypt the secret at rest by using hybrid encryption scheme with RSA-OAEP and AES-GCM algorithms. This solution is chosen because the current symmetric encryption capability of Kubernetes is considered not to solve the existing problems. The solution for integrity problem is to use digital signature scheme with RSA algorithm because there is no integrity assurance mechanism for secrets in Kubernetes. This solution also involves a logging mechanism for secret-related operations. This solution is implemented in the form of additional components in Kubernetes named Kube-Encryptor and Kube-Decryptor. The results of the implemented solutions went through a series of tests and evaluations. The test results show that the solution successfully performs secrets encryption, decryption, signing, verification, and logging for related operations. The evaluation results show that the solution successfully solves the existing problems. The proposed solution design is also successfully integrated with other components of the final capstone project. However, the residual risk identification results show that there are still some problems that were not identified in the problem and solution analysis. At the end of this final project, several suggestions are given for further development of the application, including resolving the residual risks. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Kubernetes is well known for its success in solving the complexity of managing
container-based applications. However, as the problem is solved, the complexity in
security aspect also increases, especially in secret management in Kubernetes. Poor
secret management can lead to secret leaks with potentially fatal consequences.
From 2018 to 2021, there are several cases of secret leaks in Kubernetes.
To overcome these problems, a solution is proposed based on the problem analysis
conducted. This problem involves the confidentiality and integrity aspects of secret
storage and usage in Kubernetes. The solution to the confidentiality problem is to
encrypt the secret at rest by using hybrid encryption scheme with RSA-OAEP and
AES-GCM algorithms. This solution is chosen because the current symmetric
encryption capability of Kubernetes is considered not to solve the existing
problems. The solution for integrity problem is to use digital signature scheme with
RSA algorithm because there is no integrity assurance mechanism for secrets in
Kubernetes. This solution also involves a logging mechanism for secret-related
operations. This solution is implemented in the form of additional components in
Kubernetes named Kube-Encryptor and Kube-Decryptor.
The results of the implemented solutions went through a series of tests and
evaluations. The test results show that the solution successfully performs secrets
encryption, decryption, signing, verification, and logging for related operations.
The evaluation results show that the solution successfully solves the existing
problems. The proposed solution design is also successfully integrated with other
components of the final capstone project. However, the residual risk identification
results show that there are still some problems that were not identified in the
problem and solution analysis. At the end of this final project, several suggestions
are given for further development of the application, including resolving the
residual risks. |
| format |
Final Project |
| author |
Abdullah Fachrezzi, Rezda |
| spellingShingle |
Abdullah Fachrezzi, Rezda SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES |
| author_facet |
Abdullah Fachrezzi, Rezda |
| author_sort |
Abdullah Fachrezzi, Rezda |
| title |
SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES |
| title_short |
SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES |
| title_full |
SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES |
| title_fullStr |
SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES |
| title_full_unstemmed |
SECURING SECRETS WITH HYBRID ENCRYPTION AND DIGITAL SIGNATURE SCHEME IN KUBERNETES |
| title_sort |
securing secrets with hybrid encryption and digital signature scheme in kubernetes |
| url |
https://digilib.itb.ac.id/gdl/view/74110 |
| _version_ |
1822279784231600128 |