hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Broberg <Tim.Brob...@exar.com>
Subject RE: encryption
Date Sat, 21 Jan 2012 00:16:47 GMT
Protecting against the guy who has physical access to the servers and all the time in the world
is the nightmare case because he has the keys in his possession.

That's where you start buying expensive FIPS-140 cryptomodules that keep the keys in a tight
little box that self-destructs when opened.

So, you can

 1.
Ignore the problem
 2.
Just do something with the word "encryption in it" to make his job a little harder and dispel
questions from above about security
 3.
Spend some very serious time and money trying to solve the problem in earnest

I would recommend taking the lowest number you can get away with on the list.

I'm not a hadoop expert yet, but what you found is the best approach I'm aware of to #2.

    - Tim.

________________________________
From: Koert Kuipers [koert@tresata.com]
Sent: Friday, January 20, 2012 3:55 PM
To: hdfs-user@hadoop.apache.org
Subject: Re: encryption

agreed.

many forms of data require encryption to be stored on any system. i do know now the exact
motivation(s) for that, but i do know we have to conform to this.

my assumption was that i want to protect against access to the data by someone stealing the
harddrives or the servers. so physical access. it seems to me that there are better ways to
protect agains digital access (firewall in front of cluster). but then again, i do now know
much about this at all so i could completely off.

On Fri, Jan 20, 2012 at 6:36 PM, Tim Broberg <Tim.Broberg@exar.com<mailto:Tim.Broberg@exar.com>>
wrote:
I guess the first question is the threat model: What kind of bad guy are you trying to keep
out? Is Ukrainian hackers? Local users, but the servers are locked up? Is it somebody who
has physical access to the machines? Does the information have to be secure forever or just
for a while?

Once you know what you're trying to protect from, you can start thinking about how to protect
yourself.

    - Tim.
________________________________
From: Koert Kuipers [koert@tresata.com<mailto:koert@tresata.com>]
Sent: Friday, January 20, 2012 1:09 PM
To: hdfs-user@hadoop.apache.org<mailto:hdfs-user@hadoop.apache.org>
Subject: encryption

Does anyone know of any work/ideas to encrypt data stored on hdfs?
Ideally both temporary files and final files would be encrypted. Or there would have to be
a mechanism in hdfs to securely wipe temporary files, like shred in linux.

So far this is what i found:
https://github.com/geisbruch/HadoopCryptoCompressor

Best,
Koert

________________________________
The information and any attached documents contained in this message
may be confidential and/or legally privileged. The message is
intended solely for the addressee(s). If you are not the intended
recipient, you are hereby notified that any use, dissemination, or
reproduction is strictly prohibited and may be unlawful. If you are
not the intended recipient, please contact the sender immediately by
return e-mail and destroy all copies of the original message.


________________________________
The information and any attached documents contained in this message
may be confidential and/or legally privileged. The message is
intended solely for the addressee(s). If you are not the intended
recipient, you are hereby notified that any use, dissemination, or
reproduction is strictly prohibited and may be unlawful. If you are
not the intended recipient, please contact the sender immediately by
return e-mail and destroy all copies of the original message.

Mime
View raw message