"Data privacy is a crucial issue in today's world: from medical to finance, from retail to the public sector, data must be handled in accordance with national laws, corporate policies and industry best-practices. Being able to ensure data is safe at all times is now a requirement in many use cases. We’ll start by looking at the threat models that Apache Kafka users often have and requirements such as end-to-end and record encryption. We’ll cover why Apache Kafka’s built-in security features, such as authentication and wire-level encryption, don’t address them. We’ll then look at the various solutions we investigated, weighing their architectural pros and cons. We’ll detail the solution we ended up building, which is an entirely open source end-to-end encryption mechanism using a L7 proxy for Apache Kafka. We’ll describe in detail some of the key concepts of our implementation as well as some pitfalls we hit, so attendees can learn to safeguard their data’s confidentiality, integrity and availability."

1. Safeguarding your Kafka
data with encryption-at-rest
Tom Bentley Red Hat

2. Why
Motivation and some simple threat models

3. Why: GDPR
For especially severe violations… the fine framework can
be up to 20 million euros, or … up to 4% of their total
global turnover of the preceding fiscal year, whichever is
higher.

4. Why: SEC Cyber Rules
The SEC encourages companies to have board-level
oversight of cybersecurity risk management….
Corporate officers can also be held personally liable for
how they respond to data security issues, including through
lawsuits from investors.

5. https://xkcd.com/538/ by Randall Munroe, license: CC BY-NC 2.5

6. Alice and Bob

7. Eve

8. Eve: thwarted by TLS

9. Secure inter-broker replication

10. Eve: still thwarted by TLS

11. Oscar

12. Oscar: thwarted by disk encryption

13. Michelle

14. photographer: Richard Wezensky, license: CC BY-NC-ND 2.0

15. Michelle + Mike

16. Section summary: Why?
● Because your boss insists you do (because $$$$$$)
● Evesdroppers are defeated by TLS
● Disk-stealers are defeated by disk encryption
● But insider and hacker threats are unmitigated threats

17. Where
Choices about where encryption should happen

18. Application-level encryption

19. Encryption within the Kafka client

20. Encryption within the Kafka client

21. Encryption within a proxy

22. Encryption within a proxy (N:1)

23. Encryption within a proxy sidecar

24. Section summary: Where?
● Interceptor best option for client-side encryption
● Proxy has a number of advantages
● Pick what’s right for your use case

25. What
What can, and cannot, be encrypted

26. Anatomy of a record

27. Anatomy of an encrypted record (not!)

28. Compacted topics: Tombstone problem

29. Semantic encryption

30. Compacted topics: Semantic encryption problem

31. Record key stability using HMAC (v1)

32. Section summary: What?
● Record values and headers are “easy”
● Record keys for compacted topics need special treatment

33. How
A brief interlude on encryption key management

34. “
Cryptography is the art of transforming information
security problems into key management problems.
”
– Unknown

35. Encryption in the KMS (bad)

36. Encryption in the KMS client (bad)

37. Envelope encryption

38. Envelope encryption - Generate a Data Key

39. Envelope encryption - Encrypt and store

40. Envelope encryption - Unwrap and decrypt

41. Key rotation
photographer: unitedsoybean, license: CC BY 2.0 Deed

42. Compacted topics: Key rotation problem

43. Authenticated encryption

44. Michelle + Mike: thwarted by record encryption

45. Section summary: How?
● Envelope encryption is a good compromise for security and scalability
● Key rotation is a requirement
● Key rotation for record keys is problematic

46. What else
A better integrity guarantee

47. Mallory breaches confidentiality

48. Mallory breaches integrity

49. Authenticated Encryption with Additional Data (AEAD)

50. Mallory is defeated

51. Additional data
photographer: Hans Splinter, license: CC BY-ND 2.0 Deed

52. Section summary: What else?
● Decide whether active attacks are part of your threat model
● Additional Authenticated Data (AAD) is a partial defence
● Be clear about the trade-offs

53. Who else?
A threat model of a different kind

55. Cryptoshredding

56. Wrapping up

57. Other threats
photographer: Ed Platt, license: CC BY-SA 2.0 Deed

58. Takeaways
● Decide your threat model, then choose appropriate mitigations
● Encryption is for the life of your data
○ Adding a KMS is a commitment
○ Adding a proxy is a commitment
● Remember: in real life the baddies don’t always wear black hats.

59. Join us!
https://kroxylicious.io +
https://kroxylicious.slack.com
● … if you’re interested in a fully open
source, proxy-based approach using
these techniques
● … if you have different threat models
than we’ve covered here
● … if you have ideas about alternative
techniques