[zeromq-dev] Encryption (OpenSSL/TLS)
Martin Sustrik
sustrik at 250bpm.com
Fri Oct 1 17:31:57 CEST 2010
On 10/01/2010 09:41 AM, Burak Arslan wrote:
> On 10/01/10 03:47, Brian Granger wrote:
>> Great topic...
>>
>>> 1) VPN level encryption, handled UNDER zmq.
>>> 2) SSL level encryption, handled BY zmq
>>> 3) message level encryption, handled ON TOP OF zmq.
>
> i would not rely solely on network-level security (vpn) for 0mq traffic,
> as it's still vulnerable to inside attacks.
>
> using connection level security (ssl, tls) would do the job only if your
> nodes are trusted end-to-end. note that this includes your originator
> node. if you're getting e.g. a soap request via http, and passing it
> around with 0mq, implementing connection-level security between zeromq
> nodes will protect you from inside attacks, but won't protect you
> against malicious clients. so you need a sort of message authentication
> scheme anyway.
>
> message level encryption is the fastest and most secure way to secure
> 0mq communication. and once you implement this, you don't need to do the
> rest, which makes your network more robust by both simplifying your
> network setup and making it operate faster (only endpoints need to worry
> about cryptographic operations)
>
> connection-level encryption won't help you conceal message patterns, as
> they could be deduced from your traffic patterns. there's no way (nor
> any real benefit) of completely concealing the messaging patterns.
>
> in short, once 0mq gets robust enough to survive outside the corporate
> firewall, it's secure enough for its purposes. any other security
> precaution should be implemented on top of it, via message signcryption.
+1
Great analysis, Burak!
Others: Basically, there are two options:
A. encrypt on hop-by-hop basis
B. encrypt on edges (end-to-end)
While both can be implemented, the problem is that while A is sufficient
for simple scenarios, it doesn't scale up to complex scenarios. B, on
the other hand, is sufficient for complex scenarios and scales down to
simple scenarios.
So, if you implement A now, you'll have to implement B in later on anyway.
If you implement B, there won't be need for A anymore.
So, to avoid duplicate work I would suggest to focus on B.
Martin
PS. There are additional problems with A: It's slower, it has to be
implemented for each transport separately (SSL for TCP, DTLS for PGM
etc.) and the need to distribute keys to every node on the network
lowers the overall security of the system.
More information about the zeromq-dev
mailing list