hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Rawson <ryano...@gmail.com>
Subject Re: Hbase security: Encryption of Data before storage on physical disk
Date Tue, 16 Nov 2010 23:53:03 GMT

This is tricky... You could either take the Compression framework we
have and have a encryption framework in addition, although we'd still
leak data in the block index.

Or you could go with whole-file encryption at the HDFS level.

There are some more issues you'd need to solve:
- key management... all RS would require the key, therefore someone
with user level access to the machine could discover it.
- performance
- security, what's the point of encryption if we let anyone ask for
any bit of data anyways?

One other thing, we use row keys to build META keys, which is another
source of leakage.  These fine issues would need to be resolved to
build a bullet proof solution.


On Tue, Nov 16, 2010 at 3:16 PM, Preetam Joshi <joshipreetam@ymail.com> wrote:
> Hi,
> I am a graduate student and I am working on implementing a few security features for
HBase, one of which is described as follows:
> => Before the data is stored into the actual physical disk, I would want to encrypt
the data before storing it. I would like to do it on the server side.
> Could anyone tell me which particular module I should look at to achieve this?
> Thanks in advance.
> Regards,
> Preetam

View raw message