- FAQs: edgeEngine Security
FAQs: edgeEngine Security
What is the security architecture for edge?
Edge contains 3 levels of security:
- Communication encryption (at edgeEngine level communication) When a node communicates with a supernode, the entire exchange is encrypted using the AES 128 GCM encryption algorithm.
- Payload encryption (at edgeEngine level communication) In the account cluster use case, the payload is encrypted using the AES 128 GCM encryption algorithm.
- Edge Access Token Authorization Registered apps must use edge access token to make an API call to edgeEngine.
Please Note: Any other level of security beyond the aforementioned levels need to be managed by the app developers.
- App to edge microservice communication security.
- Edge microservice to edge microservice (link-local) communication security.
Why can’t HTTPS be used for edge level security?
It can’t be used for a number of reasons, including:
- HTTPS requires a signed certificate.
- A signed certificate requires a valid and registered domain name.
- Saving “certificate private key” on every single link-local node in a secure way is near impossible.
You can encrypt application payload by using any available off-the-shelf security algorithm (e.g. AES 128 GCM).