| Abstract [eng] |
Modern and contemporary systems, such as the Internet of Things, are often large-scale and have complex structures. Together with the development of containerization technologies, the use of microservices architecture began. Systems that are developed based on microservices architecture rely on the distribution of functions to the independent and isolated from each other small-scale services. This lets us achieve greater system availability and reliability as well as scalability. The autonomy and isolation of the services of this architecture made it possible to optimize the management and development of the fragmented system. As the number of systems based on microservices architecture grows, especially in the business field, so do challenges related to the security of services and devices. Access control is one of the main security issues faced when designing and developing a system based on microservices architecture. Services are designed to trust requests that come from communicating services. This trust can be exploited to disrupt other services or devices if access control in one of the components of the microservices architecture is compromised. As the Internet of Things technology evolves, it increasingly uses small, constrained devices that also require adequate security and access control. After analyzing the microservices architecture and access management problems related to it, an access management method was proposed and designed, which solves the access management problem in an environment of limited resources. The access control method was designed in microservices architecture, which is made up of three layers – API gateway, fog layer, and end devices layer. The proposed method suggests using an OAuth 2.0 protocol, which is based on the JSON Web Token (JWT), for access control in the API gateway. Furthermore, the mTLS method is proposed for the access control between the API gateway and fog layer servers. Once a safe communication channel is established, further JWT tokens are used. Fog layer servers will use JWT tokens amongst themselves, which are signed by the ECDSA algorithm public and private key pairs. Most of the devices in the end layer do not have many resources and capabilities to support higher security methods. Due to this reason, lightweight JWT tokens are proposed for the end devices. Moreover, according to the requirements set out in the paper, a prototype was created and tested. The implemented access control method in a microservices architecture was researched with the use of tests and software for analyzing resource usage. When researching the prototype, the aim was to figure out if the chosen access control methods worked as intended and if they were effective. In addition, it was desired to evaluate the resource usage of the proposed access control method. The experimental research on the prototype allowed to compare the proposed method prototype with identical infrastructure without the method and evaluate the proposed methods’ suitability, efficiency, resource consumption, and speed. The research showed, that the proposed access control method’s increase in processor and random-access memory usage is insignificant, compared to the base measurements, and can be used in devices with limited resources. The speed of the proposed access control method is slower, but the optimization of the method could possibly lower the negative impact on the requests’ response time. |
