Secure Door on Cloud: A Secure Data Transmission Scheme to Protect Kafka's Data

Apache Kafka, which is a high-throughput distributed message processing system, has been leveraged by the majority of enterprise for its outstanding performance. Unlike common cloud-based access control architectures, Kafka service providers often need to build their systems on other enterprises' high-performance cloud platforms. However, since the cloud platform belongs to a third party, it is not necessarily reliable. Paradoxically, it has been demonstrated that Kafka's data is stored in the cloud in the plaintext form, and thus poses a serious risk of user privacy leakage. In this paper, we propose a secure fine-grained data transmission scheme called Secure Door on Cloud (SDoC) to protect the data from being leaked in Kafka. SDoC is not only more secure than Kafka's built-in security mechanism, but also can effectively prevent third-party cloud from stealing plaintext data. To evaluate the performance of the SDoC, we simulate normal inter-entity communication and show that Kafka with SDoC integration has a lower data transfer time overhead than that of Kafka with built-in security mechanism opened.