What is the security architecture for edge?
[INSERT GRAPHIC]
Edge contains 3 levels of security:
- Communication encryption (at edgeEngine level communication)
When a node communicates with a supernode, the entire exchange is encrypted using the AES 128 GCM encryption algorithm.
- Payload encryption (at edgeEngine level communication)
In the account cluster use case, the payload is encrypted using the AES 128 GCM encryption algorithm.
- Edge Access Token Authorization
Registered apps must use edge access token to make an API call to edgeEngine.
Please Note: Any other level of security beyond the aforementioned levels need to be managed by the app developers.
For Example:
- App to edge microservice communication security.
- Edge microservice to edge microservice (link-local) communication security.
Why can’t HTTPS be used for edge level security?
It can’t be used for a number of reasons, including:
- HTTPS requires a signed certificate.
- A signed certificate requires a valid and registered domain name.
- Saving “certificate private key” on every single link-local node in a secure way is near impossible.
Suggestion:
You can encrypt application payload by using any available off-the-shelf security algorithm (e.g. AES 128 GCM).