This is an outdated version published on 2022-08-31. Read the most recent version.

Amazon Web Service Microservice Security Analysis

Authors

DOI:

https://doi.org/10.22335/rlct.v14i2.1546

Keywords:

Encryption, cipher, computer crime, data security

Abstract

The increase in the use of information systems, of communications through the Internet in recent decades and the possibility of sharing data instantly have brought with them terms such as cybersecurity, since, from the beginning, there have been unscrupulous people who want to obtain confidential information, that is why new attack vectors are invented every year and with it new methods to persuade them, there is currently a growing boom on technologies based on microservices and cloud computing, this due to its high scalability, maintainability and facility to create infrastructure safely. Amazon web services offers various services that allow you to convert simple platforms into robust applications with different connections, using different technologies and databases, as well as allowing you to add security to both the applications and the data, this last concept is the main source of any system. This is why in this article an exploration of the encryption on databases and documents is made, using AWS services such as Key management server, Relational database service and S3, at the end it will be found that the encrypted files and databases will not be readable by malicious people, in case an attack materializes.

Downloads

Download data is not yet available.

Author Biographies

  • Brian Camilo Cárdenas Sánchez, Universidad Distrital Francisco José de Caldas

    Ingeniero en telemática

  • Carlos Arturo Olarte Rojas, Universidad Distrital Francisco José de Caldas

    Ingeniero en telemática

References

Abdullah, A. M. (2017). Advanced Encryption Standard (AES) algorithm to Encrypt and Decrypt Data. Cryptography and Network Security, 16: 1-12.

Amazon Web Services. (2020). Guía para desarrolladores: AWS Key Management Service. https://docs.aws.amazon.com/es_es/kms/latest/developerguide/kms-dg.pdf#overview

Amazon Web Services. (SF). Amazon Elastic Block Store (EBS) Almacenamiento en bloque de alto rendimiento y con facilidad de uso a cualquier escala. https://aws.amazon.com/es/ebs/

Amazon Web Services. (SF). Amazon Elastic Container Service (Amazon ECS), Ejecutar contenedores de alta seguridad, fiables y escalables. https://aws.amazon.com/es/ecs/

Amazon Web Services. (SF). AWS cryptographic services and tools guide: Cryptographic algorithms. https://docs.aws.amazon.com/crypto/latest/userguide/crypto-ug.pdf#concepts-algorithms

Amazon Web Services. (SF). Secrets Manager, Alterne, administre y recupere fácilmente credenciales de bases de datos, claves API y otros datos confidenciales durante todo su ciclo de vida. https://aws.amazon.com/es/secrets-manager/

ARN From IDG. (SF). Top 10 most notorious cyber attacks in history. https://www.arnnet.com.au/slideshow/341113/top-10-most-notorious-cyber-attacks-history/

Ceballos, A., Bautista, F., Mesa, L., Argáez, C., Durán, A., Miranda, F. & Santos, H. (2019). Tendencias cibercrimen Colombia 2019-2020. https://caivirtual.policia.gov.co/sites/default/files/tendencias_cibercrimen_colombia_2019_-_2020_0.pdf

Computing. (2010). Cloud Computing, una perspectiva para Colombia. http://www.interactic.com.co/dmdocuments/clud_computing.pdf

Computing. (2020). Los 10 ciberataques más grandes de la década. https://www.computing.es/seguridad/noticias/1116703002501/10-ciberataques-mas-grandes-de-decada.1.html

Data Breach. (2019). Amadeus Traveler Data Exposed in a Thwarted Data Leak. https://www.databreaches.net/amadeus-traveler-data-exposed-in-a-thwarted-data-leak/

Digital Information World. (2021). Canalys Report Predicts That Cybersecurity Will Demonstrate an Estimated 10 percent Growth. https://www.digitalinformationworld.com/2021/01/canalys-report-predicts-that.html

Encrypting Amazon RDS resources - Amazon Relational Database Service. https://aws.amazon.com/es/secrets-manager/

Interpol. (2020). Ciberamenazas relacionadas con la COVID-19. https://www.interpol.int/es/Delitos/Ciberdelincuencia/Ciberamenazas-relacionadas-con-la-COVID-19

Lyons, J. (2021). Worst Cyberattacks of 2021 (So Far). SDXCentral. https://www.sdxcentral.com/articles/news/worst-cyberattacks-of-2021-so-far/2021/

McGrew, D., y Viega, J. (2008). The security and performance of the Galois/Counter Mode (GCM) of operation (full version). http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcmgcm-ad.pdf

Mehrotra, K., y Turton, W. (2021). CNA Financial Paid $40 Million in Ransom After March Cyberattack. https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack?sref=ExbtjcSG

Naren, J., Sowmya, S., & Deepika, P. (2014). Layers of Cloud – IaaS, PaaS and SaaS: A Survey. International Journal of Computer Science and Information Technology, 5(3): 4477-4480.

Pagnnota, S. (2016). Los 10 incidentes de seguridad más grandes de 2016. https://www.welivesecurity.com/la-es/2016/12/29/incidentes-de-seguridad-mas-grandes/

Centro Cibernético Policial. (2020). Balance Cibercrimen. https://caivirtual.policia.gov.co/sites/default/files/balance_cibercrimen_2020_-_semana_45.pdf

Stack Overflow. (2021). Developer Survey 2021. https://insights.stackoverflow.com/survey/2021#overview

The Hacker News. (2016). 427 Million Myspace Passwords leaked in major Security Breach. https://thehackernews.com/2016/06/myspace-passwords-leaked.html

Waldman, A. (2021) 10 of the biggest cyber attacks of 2020. https://www.techtarget.com/searchsecurity/news/252494362/10-of-the-biggest-cyber-attacks

Published

2022-06-30 — Updated on 2022-08-31

Versions

Issue

Section

Case studies

How to Cite

Amazon Web Service Microservice Security Analysis. (2022). Revista Logos Ciencia & Tecnología, 14(2), 42-52. https://doi.org/10.22335/rlct.v14i2.1546 (Original work published 2022)