[jira] [Commented] (MAPREDUCE-4491) Encryption and Key Protection

[Aaron T. Myers (JIRA)]

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-4491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13449260#comment-13449260
 ] 

Aaron T. Myers commented on MAPREDUCE-4491:
-------------------------------------------

bq. This is an important point as we do not want Tasktracker to decrypt the 
blob of keys and blindly hand over to Tasks. The JobClient stores JobId along 
with keys as part of the encrypted blob. The taskTracker decrypts the encrypted 
blob, verifies that the JobId in the encrypted blob matches JobId of the task. 
The keys are handed over to Tasks only if the JobId verification is successful. 
This ensures that keys are handed over to the correct tasks.

Unless I'm missing something, this seems to be insecure unless secure 
authentication (i.e. Kerberos) is enabled, since someone could connect to the 
TT from a different task and simply report a different JobId. Or do I 
misunderstand somehow?
                
> Encryption and Key Protection
> -----------------------------
>
>                 Key: MAPREDUCE-4491
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4491
>             Project: Hadoop Map/Reduce
>          Issue Type: New Feature
>          Components: documentation, security, task-controller, tasktracker
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: Hadoop_Encryption.pdf, Hadoop_Encryption.pdf
>
>
> When dealing with sensitive data, it is required to keep the data encrypted 
> wherever it is stored. Common use case is to pull encrypted data out of a 
> datasource and store in HDFS for analysis. The keys are stored in an external 
> keystore. 
> The feature adds a customizable framework to integrate different types of 
> keystores, support for Java KeyStore, read keys from keystores, and transport 
> keys from JobClient to Tasks.
> The feature adds PGP encryption as a codec and additional utilities to 
> perform encryption related steps.
> The design document is attached. It explains the requirement, design and use 
> cases.
> Kindly review and comment. Collaboration is very much welcome.
> I have a tested patch for this for 1.1 and will upload it soon as an initial 
> work for further refinement.
> Update: The patches are uploaded to subtasks. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira