Symmetric crypto used by ALTS record layer

[Steven Yue]

I'm investigating the option of potentially using ALTS as the security & authenticity mechanism for some of my microservices. However, I found out that the actual underlying frame protector is hardcoded to use AES-128-GCM with rekeying (https://github.com/grpc/grpc/blob/18d82d4a6a00cebfc874eb0b9c935a3ae4733c3a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc#L194-L198).

I have two questions:

1. I'm wondering if it's possible (or in the roadmap of ALTS) to specify the security level of the underlying symmetric cipher? Namely, it would be great if I could use AES-256.

2. The nonce-based rekeying mechanism used in the underlying cipher, is this design documented somewhere? I tried to look for reference online and it looks like AES-GCM-SIV to me, but it would be great if someone could confirm it.

Thanks!

Steven

[veb...@google.com]

Hi Steven,

I'm not an expert on this matter but Google published the ALTS whitepaper; https://cloud.google.com/static/docs/security/encryption-in-transit/application-layer-transport-security/resources/alts-whitepaper.pdf which might answer your question.

Regards,

Esun.