Securing Event-Driven Architectures: Exploring Security Challenges and Solutions in Apache Kafka

  • Benjamin Ellmer

Student thesis: Master's Thesis

Abstract

The event-driven architecture has gained significant attention in recent years due to the
increasing volume of data in modern applications. The main concept of event-driven
architectures is that components communicate asynchronously using events, usually
distributed by a message broker. The communication using events enables the implementation of highly flexible, scalable, and fault-tolerant architectures. Nevertheless, it
also raises the concerns of whether the same level of security can be achieved compared
to alternative distributed architectures like microservice architectures. This thesis seeks
to address this question using the Apache Kafka message broker, chosen for its ability
to meet the requirements of event-driven architectures by providing exceptional performance, scalability, and fault tolerance.
Initially, this thesis identifies the most relevant security challenges for event-driven
architectures based on previous research. The resulting security challenges are transmission privacy, storage privacy, message integrity, availability, authentication, authorization, non-repudiation, and observability. The security capabilities of Apache Kafka are
then evaluated in the context of these challenges, concluding that Apache Kafka can
address transmission privacy, availability, authentication, and authorization. Nevertheless, it only partially solves observability, while the challenges storage privacy, message
integrity, and non-repudiation remain open.
To tackle the open security challenges, this thesis presents an end-to-end encryption approach using authenticated encryption to achieve storage privacy and message
integrity. The approach involves the use of short-lived keys transferred via Kafka topics,
encrypted using long-lived keys generated and distributed by an introduced component, the Master Secret Service. Additionally, this thesis introduces a non-repudiation
approach that achieves non-repudiation of origin by adding digital signatures to the endto-end encryption approach. To fully solve the security challenge observability, a set of
additional metrics are proposed and a architecture for efficiently working with these
metrics is presented. To give an idea about the introduced performance impacts of the
proposed approaches, this thesis presents and performance evaluation that indicates that
the end-to-end encryption approach achieves lower, but comparable throughputs compared to encryption using TLS (Transport Layer Security), while the non-repudiation
approach significantly reduces the throughput of producers and consumers.
In conclusion, the presented end-to-end encryption approach is a good alternative to TLS, which additionally achieves storage privacy and message integrity with
bearable performance impacts. Meanwhile, the non-repudiation approach achieves nonrepudiation of origin but should only be used when absolutely necessary due to its
performance impacts.
Date of Award2024
Original languageEnglish (American)
SupervisorMarc Kurz (Supervisor)

Cite this

'