• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Sqrrl November Webinar: Encryption and Security in Accumulo
 

Sqrrl November Webinar: Encryption and Security in Accumulo

on

  • 15 views

Tightening Your Trusted Zone: Encryption for Accumulo. In this webinar we will provide a technical deep dive into the NoSQL database Apache Accumulo. Some of the topics that will be covered include: ...

Tightening Your Trusted Zone: Encryption for Accumulo. In this webinar we will provide a technical deep dive into the NoSQL database Apache Accumulo. Some of the topics that will be covered include: encryption in motion, encryption at rest, trust boundaries.

Statistics

Views

Total Views
15
Views on SlideShare
15
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Sqrrl November Webinar: Encryption and Security in Accumulo Sqrrl November Webinar: Encryption and Security in Accumulo Presentation Transcript

    • Securely explore your data ENCRYPTION AND SECURITY IN ACCUMULO AND SQRRL Michael Allen Security Architect Sqrrl Data, Inc. michael@sqrrl.com
    • ISN’T ACCUMULO ALREADY SECURE? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • I MEAN, THESE SMART GALS AND GUYS MADE IT… © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential (Undisclosed location) Source:wikipedia.org.Publicdomain
    • CELL-LEVEL SECURITY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • CELL-LEVEL SECURITY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • CELL-LEVEL SECURITY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • WHAT’S THE THREAT? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • A TYPICAL DEPLOYMENT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • A TYPICAL DEPLOYMENT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential (…ignoring master nodes, name nodes, garbage collectors, other ephemera…)
    • A TYPICAL CAST © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • THREATS INSIDE AND OUT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • WHO CAN WE PUSH OUT? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • HOW? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • ENCRYPTION © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • IN MOTION AND AT REST © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • IT’S NOT… © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential Source:http://bit.ly/HqScSr.CreativeCommons, Attribution.
    • FUNDAMENTAL QUESTIONS What are you encrypting? How are you encrypting it? How are you protecting the key? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • ACCUMULO 1.6 SSL for Accumulo Clients Encrypting data within HDFS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • SSL AND ACCUMULO © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential ACCUMULO-1009 Patch that adds configuring and using SSL certificates
    • MAKE YOUR CERTS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • CONFIGURE YOUR SERVERS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • CONFIGURE YOUR SERVERS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • DISTRIBUTE YOUR CERTS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • DISTRIBUTE YOUR ROOTS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • ENJOY YOUR SSL © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • ENCRYPTION AT REST © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential ACCUMULO-998 Patch that adds encryption for Rfiles and WAL
    • ENCRYPTION AT REST © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential Uses Java Cryptography Extensions (JCE) for encryption interface / engine (Guess what? It’s pluggable.)
    • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • BEHIND THE SCENES © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • WHERE DOES THAT KEY GO? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • WHERE DOES THAT KEY GO? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • WHERE DOES THAT KEY GO? © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • PLUGGABLE STRATEGY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential •  Java class that mediates access to KEK •  Encrypts and decrypts per-file keys •  Passes back to callers opaque ID to identify KEK used to do encryption •  Callers should store opaque ID along with encrypted key
    • PLUGGABLE STRATEGY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • PLUGGABLE STRATEGY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • CONFIGURATION OPTIONS © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential Property Name “Usual” Value Meaning !"#$%&'(&)*+,'!+-../ &"0'-$-!1,'-!!*(*+&'/ !&",'.,!*"2%#'!"#$%&'/ 3,4-*+%5"#$%&6&)*+,/ The class that creates encrypting and decrypting data streams !"#$%&'!2$1,"'.*2%, 789:5;<:=>59?=-))2@0/ Encryption algorithm spec !"#$%&'!2$1,"'A,#'+,@0%1 BCD/ Key length !"#$%&'(&)*+,'!+-../ &"0'-$-!1,'-!!*(*+&'/ !&",'.,!*"2%#'!"#$%&'/ 3,4-*+%9,!",%E >,#8@!"#$%2&@9%"-%,0#/ Class that mediates access to KEK
    • REDUCED THREAT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • REDUCED THREAT © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • TOWARDS THE FUTURE © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
    • © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential THANKS! michael@sqrrl.com