How Istio Ensure the Security of Inter-Service Communication?

Photo by Markus Winkler on Unsplash


What we exactly want to secure in inter-service communication and the conventional security model ?

  • Defense against man in the middle attacks
  • Access control

Is listed as a security requirement. As a conventional security model, these have been secured by constructing a private network and restricting access sources on an IP basis

What approach did Istio take?

Core concept

  • Assign a unique ID to the workload
  • Issuance, distribution and rotation of certificates to authenticate IDs

These are defined in a standard specification called SPIFFE (Secure Production Identity Framework For Everyone), and Istio is an implementation that the Citadel component follows. The specific SPIFEE specifications and flow are clearly mentioned in SPIFFE and its implementation, SPIRE .

In other words, there is an isdiod (Citadel) that plays the role of a certificate authority for issuing and registering IDs and certificates for workloads, and the istio-agent that exists on each node is called this Citadel. It mediates exchanges between istio proxies and distributes certificates. (This agent is in charge of SDS of istio proxy) This puts a load on istiod because the pod itself is divided and governed by the istio agent even in a large cluster with a large number of pods. It can be suppressed considerably.

Also, unlike the normally expected TLS, this certificate has a very short expiration date and is frequently rotated. As a result, the attacker must steal this certificate every time it is rotated in order to continue the attack, increasing the difficulty of the attack.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

DevOps Consultant. I’m strongly focused on automation, security, and reliability.