Tapping encrypted traffic in a Kubernetes cluster using sidecar-based service mesh

Filippo Gorlero

Tapping encrypted traffic in a Kubernetes cluster using sidecar-based service mesh.

Rel. Fulvio Giovanni Ottavio Risso, Federico Parola. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024

Abstract

Modern 5G networks are increasingly deployed in cloud-native environments, where Network Functions are containerized and orchestrated as Kubernetes Pods, using Deployments or StatefulSets. In these architectures, service meshes like Istio are commonly used to manage the complex interactions between microservices. This thesis addresses the challenge of capturing plain-text messages within cloud-native 5G environments, specifically focusing on the control plane traffic based on HTTP/2 protocol, exchanged between these Network Functions. The primary objective of this research is to develop and evaluate methods for tapping plain traffic in a Kubernetes-orchestrated 5G environment that uses a sidecar-based service mesh, in which the messages are encrypted.

We investigate the use of eBPF technology to intercept TCP traffic at different points in the Linux kernel, with the specific goal of extracting useful data from the plain-text content of packet payloads exchanged between NFs Pods

Relatori

Fulvio Giovanni Ottavio Risso, Federico Parola

Anno Accademico

2024/25

Tipo di pubblicazione

Elettronica

Numero di pagine

Informazioni aggiuntive

Tesi secretata. Fulltext non presente

Corso di laurea

Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)

Classe di laurea

Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA

Aziende collaboratrici

Infovista Italy S.r.l.

URI

https://webthesis.biblio.polito.it/id/eprint/33338

Modifica (riservato agli operatori)