Aeron Transport Security

Overview

Aeron Transport Security (ATS) is a premium feature of the Aeron messaging transport protocol, designed to secure Aeron frames on the network using industry-proven technologies. ATS ensures that data packets traversing various systems are protected from unintended parties, providing the highest level of security with minimal latency.

Key Features

• Lightning Fast Cryptography: ATS leverages OpenSSL cryptography, a standard across countless industries, to deliver superior performance by utilizing the power of modern hardware.
• Secure by Default: Aeron publications and subscriptions are secured by default, ensuring that all communications are protected unless explicitly opted out.
• Versatile Stream Support: ATS supports unicast, multicast, and multi-destination-cast, making it adaptable to various network configurations.
• Public Key Authentication: Each ATS-enabled driver has a public/private key pair and can be configured with other public keys for secure communication. Only drivers aware of each other’s keys and passing signature validation can communicate.

Technical Details

• Key Management: ATS uses RSA public/private key pairs generated by the user and configured via PEM format files for easy integration into key management systems. Key length and parameters are controlled by the administrator.
• Stream Security: Each Aeron stream is secured by an Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key pair, re-keyed upon termination of either end, and an HKDF RFC 5869 key derivation function.
• Encryption: The AES_256_GCM_SHA384 cipher suite provides Authenticated Encryption with Associated Data (AEAD), ensuring data integrity and confidentiality.

Operational Considerations

• Supported Platforms: ATS is supported in the Aeron C driver only.
• Dependencies: Requires OpenSSL 1.1.1.
• Availability: Available as an Aeron Premium feature.