Background and Motivation
Distributed edge orchestration systems like Oakestra require secure communication channels between their hierarchical components: root orchestrators, cluster managers, and worker nodes. As edge deployments span multiple administrative domains and potentially untrusted networks, establishing and maintaining secure communication becomes critical for protecting sensitive orchestration data, preventing unauthorized access, and ensuring system integrity.
Current edge orchestration frameworks often lack comprehensive security implementations, relying on basic authentication or assuming trusted network environments. This thesis addresses the need for robust security mechanisms that can scale across distributed edge deployments while maintaining the lightweight footprint essential for resource-constrained edge environments.
Expected Outcomes
This thesis will implement secure communication channels and key exchange mechanisms for distributed edge orchestration systems. The primary focus areas include:
- Secure MQTT channels using exchanged keys with whitelist-based access control.
- Root-Cluster registration: gRPC communication using root public key for initial handshake and TLS key exchange.
- Cluster-Worker registration: gRPC using cluster public key for initial handshake, token exchange, and MQTT key distribution.
The implementation will be validated within the Oakestra edge orchestration framework, demonstrating practical applicability and measuring performance overhead of the security mechanisms.
For detailed information about this thesis topic, please contact Dr. Nitinder Mohan at n.mohan@tudelft.nl.
