SECURING DATA EXCHANGE CHANNELS BETWEEN PYTHON APPLICATIONS USING CRYPTOGRAPHIC LIBRARIES
Topicality. The increasing reliance on distributed applications highlights the urgent need for secure data exchange channels between software components. Without appropriate protection, communication is exposed to threats such as eavesdropping, spoofing, tampering, and replay attacks. The subject of...
Saved in:
| Published in: | Terra security Vol. 1; no. 2; pp. 39 - 46 |
|---|---|
| Main Author: | |
| Format: | Journal Article |
| Language: | English |
| Published: |
26.09.2025
|
| ISSN: | 3083-6298, 3083-6328 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Topicality. The increasing reliance on distributed applications highlights the urgent need for secure data exchange channels between software components. Without appropriate protection, communication is exposed to threats such as eavesdropping, spoofing, tampering, and replay attacks. The subject of study in the article is the use of Python’s cryptographic libraries (cryptography, PyNaCl) for constructing lightweight yet robust security layers on top of existing communication mechanisms. The purpose of the article is to present a practical and reproducible method for securing message flows by combining symmetric encryption (AES-GCM), ephemeral key exchange (X25519), key derivation (HKDF with SHA-256), and digital signatures (Ed25519). The following results were obtained. The proposed model integrates authenticated encryption with associated data (AEAD) and session counters to mitigate replay risks, while maintaining compatibility with various transports such as HTTP, gRPC, and MQTT. The study provides minimal, clear code examples and performance measurements showing that the system achieves encryption and decryption in less than one millisecond for typical payloads, with key exchange and signature operations adding only a few milliseconds. These results demonstrate that strong cryptographic protection can be achieved without significant performance penalties. Conclusion. The findings confirm the suitability of the proposed scheme for real-time distributed systems, microservices, and IoT environments. Future improvements may include post-quantum cryptography integration and automated key management. |
|---|---|
| ISSN: | 3083-6298 3083-6328 |
| DOI: | 10.20998/3083-6298.2025.02.05 |