Accumulo Security and Encryption
Upcoming SlideShare
Loading in...5
×
 

Accumulo Security and Encryption

on

  • 954 views

Speaker: Michael Allen, Security Architect, Sqrrl ...

Speaker: Michael Allen, Security Architect, Sqrrl
Venue: October 28th Accumulo Users Group (along with Strata NY / Hadoop World)

The early Accumulo developers made security a core part of Accumulo's codebase. As the open source community around Accumulo continues to thrive, this talk examines the current state of Accumulo's security features. The talk will detail some exciting developments in the upcoming 1.6 release, which include enhancements around encryption at rest and in motion. We will also take a broader look at new use cases suggesting a wider set of threats, and how current and future work addresses those threats.

Statistics

Views

Total Views
954
Views on SlideShare
887
Embed Views
67

Actions

Likes
0
Downloads
27
Comments
0

1 Embed 67

https://twitter.com 67

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Accumulo Security and Encryption Accumulo Security and Encryption Presentation Transcript

  • Securely explore your data ENCRYPTION AND SECURITY IN ACCUMULO Michael Allen Security Architect Sqrrl Data, Inc. michael@sqrrl.com
  • ISN’T ACCUMULO ALREADY SECURE? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • Source: wikipedia.org. Public domain I MEAN, THESE SMART GALS AND GUYS MADE IT… (Undisclosed location) © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • CELL-LEVEL SECURITY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • CELL-LEVEL SECURITY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • CELL-LEVEL SECURITY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • WHAT’S THE THREAT? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • A TYPICAL DEPLOYMENT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • A TYPICAL DEPLOYMENT (…ignoring master nodes, name nodes, garbage collectors, other ephemera…) © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • A TYPICAL CAST © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • THREATS INSIDE AND OUT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • WHO CAN WE PUSH OUT? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • HOW? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • ENCRYPTION © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • IN MOTION AND AT REST © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • Source: http://bit.ly/HqScSr. Creative Commons, Attribution. IT’S NOT… © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • FUNDAMENTAL QUESTIONS What are you encrypting? How are you encrypting it? How are you protecting the key? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • ACCUMULO 1.6 SSL for Accumulo Clients Encrypting data within HDFS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • SSL AND ACCUMULO ACCUMULO-1009 Patch that adds configuring and using SSL certificates © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • MAKE YOUR CERTS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • CONFIGURE YOUR SERVERS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • CONFIGURE YOUR SERVERS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • DISTRIBUTE YOUR CERTS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • DISTRIBUTE YOUR ROOTS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • ENJOY YOUR SSL © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • ENCRYPTION AT REST ACCUMULO-998 Patch that adds encryption for Rfiles and WAL © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • ENCRYPTION AT REST Uses Java Cryptography Extensions (JCE) for encryption interface / engine (Guess what? It’s pluggable.) © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • WHERE DOES THAT KEY GO? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • WHERE DOES THAT KEY GO? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • WHERE DOES THAT KEY GO? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • PLUGGABLE STRATEGY • Java class that mediates access to KEK • Encrypts and decrypts per-file keys • Passes back to callers opaque ID to identify KEK used to do encryption • Callers should store opaque ID along with encrypted key © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • PLUGGABLE STRATEGY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • PLUGGABLE STRATEGY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • CONFIGURATION OPTIONS Property Name “Usual” Value Meaning crypto.module.class org.apache.accumulo. core.security.crypto. DefaultCryptoModule The class that creates encrypting and decrypting data streams crypto.cipher.suite AES/CFB/PKCS5Padding Encryption algorithm spec crypto.cipher.key.length 128 Key length crypto.module.class Class that mediates access to KEK org.apache.accumulo. core.security.crypto. DefaultSecretKeyEncryptionStrategy © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • REDUCED THREAT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • REDUCED THREAT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • TOWARDS THE FUTURE © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • THANKS !michael@sqrrl.com © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential