[ 
https://issues.apache.org/jira/browse/SPARK-13331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15509140#comment-15509140
 ] 

Lifeng Wang commented on SPARK-13331:
-------------------------------------

We use TPCx-BB\[1\] to evaluate this performance feature. We conduct TPCx-BB 
test on 3TB dataset on Intel HSW-EP platform. The score shows AES encryption 
brings 12.5% overall performance improvement and as high as 56% individual 
query improvement compared to default 3DES encryption.

\[1\]http://www.tpc.org/tpcx-bb/default.asp

> AES support for over-the-wire encryption
> ----------------------------------------
>
>                 Key: SPARK-13331
>                 URL: https://issues.apache.org/jira/browse/SPARK-13331
>             Project: Spark
>          Issue Type: Improvement
>          Components: Deploy
>            Reporter: Dong Chen
>            Priority: Minor
>
> In network/common, SASL with DIGEST­-MD5 authentication is used for 
> negotiating a secure communication channel. When SASL operation mode is 
> "auth­-conf", the data transferred on the network is encrypted. DIGEST-MD5 
> mechanism supports following encryption: 3DES, DES, and RC4. The negotiation 
> procedure will select one of them to encrypt / decrypt the data on the 
> channel.
> However, 3des and rc4 are slow relatively. We could add code in the 
> negotiation to make it support AES for more secure and performance.
> The proposed solution is:
> When "auth-conf" is enabled, at the end of original negotiation, the 
> authentication succeeds and a secure channel is built. We could add one more 
> negotiation step: Client and server negotiate whether they both support AES. 
> If yes, the Key and IV used by AES will be generated by server and sent to 
> client through the already secure channel. Then update the encryption / 
> decryption handler to AES at both client and server side. Following data 
> transfer will use AES instead of original encryption algorithm.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to