Integrity Protection for Kubernetes Resource Based on Digital Signature

Kudo, Risa; Kitahara, Hirokuni; Gajananan, Kugamoorthy; Watanabe, Yousuke

doi:10.1109/cloud53861.2021.00042

Cited by 3 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, the calculation of additional syndromes and the new decoding requires fewer calculations than increasing the counter value and performing all steps, from hashing values to new decoding. [40] addresses the problem of differences between the signed resource in the admission request and the signature message that occur automatically in Kubernetes and performs proper signature verification using Dry Run. They also propose a profiling framework for processing internal mutation requests that cannot be attached to the signature.…”

Section: Related Workmentioning

confidence: 99%

Efficient Braille Transformation for Secure Password Hashing

Touil,

Akkad,

Satori

et al. 2024

IEEE Access

View full text Add to dashboard Cite

In this work, we propose a novel approach to enhancing the security of passwords before storing them in databases. Our method utilizes Braille transformation to encrypt the password after generating the corresponding hash. The hash is divided into multiple blocks, each representing a character treated as a transformation unit. Each character is then associated with its corresponding Braille code, which consists of 6 digits. To further enhance security, we randomly replace each occurrence of "0" in the generated string with one of the digits 7, 8, or 9. The final string, six times larger than the original hash, is then stored in the database. To evaluate our approach, we conducted several experiments and comparisons. The results demonstrate that Braille transformation is resistant to brute-force attacks, statistical attacks, and differential attacks. These results were justified using various evaluation criteria, such as execution time and memory space occupied. Braille transformation is susceptible to any modification made to the hash or the generated string, further reinforcing its security. Our Braille-based approach offers an effective solution to strengthen the security of database passwords. It provides advantages in terms of protection against different attacks and offers a robust evaluation based on relevant criteria.

show abstract

Section: Related Workmentioning

confidence: 99%

Efficient Braille Transformation for Secure Password Hashing

Touil,

Akkad,

Satori

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…This paper is an extended version of a conference paper for IEEE Cloud 2021 accepted on June 30, 2021 [37]. The major extension is an evaluation on processing time of signature verification.…”

Section: Our Contributionmentioning

confidence: 99%

Application Integrity Protection on Kubernetes cluster based on Manifest Signature Verification

Kudo

Kitahara

Gajananan

et al. 2022

Journal of Information Processing

Self Cite

View full text Add to dashboard Cite

The integrity of the cloud is the most important requirement for mission-critical enterprise workloads. NIST SP 800-53 states that information systems must prevent the installation of any components that have not been verified digitally. On a Kubernetes cluster, the admission controller can control requests for application installations, and it would be a powerful protection tool if it could control requests for Kubernetes resources on the basis of signature verification. However, there are various technical challenges when it comes to verifying the signature for a Kubernetes resource at the admission controller because a signed resource is rewritten automatically by internal cluster work and many requests that include an internal mutation without a signature are generated. In this work, we propose an approach to protect the integrity of a Kubernetes resource with signature verification at the admission controller. Our approach addresses the issue that the differences between the signed resource in the admission request and the signature message occur automatically in Kubernetes and conducts signature verification properly by using DryRun. We also propose a profile framework to address the internal mutation request that cannot be attached to the signature. Our experimental results demonstrate that standard applications can be protected by our approach.

show abstract

A Practical Analysis of Open-Source Security Tools in Microservice Kubernetes Environments

van Vugt,

Malik

2023

2023 Cyber Research Conference - Ireland (Cyber-Rci)

View full text Add to dashboard Cite

Integrity Protection for Kubernetes Resource Based on Digital Signature

Cited by 3 publications

References 8 publications

Efficient Braille Transformation for Secure Password Hashing

Efficient Braille Transformation for Secure Password Hashing

Application Integrity Protection on Kubernetes cluster based on Manifest Signature Verification

A Practical Analysis of Open-Source Security Tools in Microservice Kubernetes Environments

Contact Info

Product

Resources

About