Conventional distributed systems, such as database services and/or systems distributed over a network or networks, frequently depend on the coordinated working of multiple instances of some software, usually running on separate computers connected by a network. These conventional distributed databases, such as NoSQL databases, spread data across a number of computers (called nodes), resulting in queries against that data being across the nodes.
These distributed database systems are subject to potential security issues, such as the interception of data being transmitted between nodes, the interception of commands between nodes, and/or the attaching of false nodes to the system. With respect to the false or “spoofed” nodes, these false nodes can pretend to be legitimate, taking part in all transactions, thereby potentially stealing or corrupting data or simply preventing it from being effectively processed.
Many conventional distributed database systems essentially ignore these problems, counting on administrators to secure the environment where the distributed nodes run.
For example, one conventional distributed database recommends the restricting of communication port access only to known friendly nodes with a firewall. Restricting communication port access requires that there be tight control over the network and increases the management overhead in setting up these distributed database systems. However, in situations where nodes are created in the cloud in order to quickly scale, this level or type of protection is problematic.
The problem of working in the cloud can be partially mitigated by encrypting communication between nodes, including the commands that add new nodes.
Secure communication, using encryption, between nodes requires the communicating nodes to share an encryption key that is kept secret from the rest of the world. Theft or corruption of encryption keys compromises communication and puts the data at risk, just as surely as if it was never encrypted at all.
Although encryption may mitigate problems associated with communicating between nodes, the issue of verifying a node (trust) before allowing the node to become a member of the distributed system and receiving an encryption key cannot be easily resolved relying solely on encryption.
In other words, encryption alone cannot verify a node as trustworthy before the node is given encryption keys.
Moreover, encryption alone does not address the issue of exchanging encryption keys with some certainty that only trusted systems (nodes) possess them.
In the discussion above, encryption refers to the use of mathematical methods to convert ordinary text into a form that is unreadable. The transformation of the ordinary text into a form that is unreadable depends on an encryption “key” which is conventionally a random string of characters. With the correct encryption key, the original form of a message can be decrypted (recovered from the encrypted form).
Conventionally, there are two methods of encryption using different types of encryption keys: symmetric encryption and asymmetric encryption.
Symmetric encryption uses the same encryption key to encrypt a message and to decrypt the message. Using the same encryption key for both encryption and decryption enables a faster encryption/decryption process, thereby allowing the system to handle a large volume of message traffic.
On the other hand, when using symmetric encryption, both sides of the exchanged message need to know the encryption key. Thus, if the purpose of encrypting a message is to hide it from others, the symmetric encryption key should be revealed only to those who need it and hidden from all others, thereby raising security issues with respect to securely distributing keys only to trusted recipients.
Asymmetric encryption uses two encryption keys that are mathematically related to each other in such a way that anything encrypted by one encryption key can be decrypted only by the other encryption key. In asymmetric encryption, the encryption key used to encrypt the message cannot decrypt the message.
The encryption keys used in asymmetric encryption are referred to as a public/private key pair because the relationship between the encryption keys allows one to be given freely to anyone and the other to be kept secret by the owner. Anyone can use the public key of the asymmetric encryption key pair to encrypt a message that can only be decrypted by the owner of the private key of the asymmetric encryption key pair.
Although the asymmetric encryption situation provides a more secure method of distributing encryption keys to the desired users, a drawback of asymmetric encryption is that asymmetric encryption/decryption takes considerably more computing resources than symmetric encryption/decryption, making the asymmetric encryption/decryption process slow and not appropriate for situations handling a large volume of message traffic.
Thus, it is desirable to provide a system for communicating between nodes, which is secure and fast.
Moreover, it is desirable to provide a system for communicating between nodes, which reduces the chances of an untrusted node potentially stealing or corrupting data or simply preventing it from being effectively processed.
Furthermore, it is desirable to provide a system for communicating between nodes, which is secure and fast and which reduces the chances of an untrusted node potentially stealing or corrupting data or simply preventing it from being effectively processed.