Encyrption of Data at REST in Apache Ignite

["voli.sri" <vo...@gmail.com>]

Hi,

Does apache ignite provide for a way to support encryption of data at REST.

I am looking for a way to transparently encrypt the stored data so as to
ensure the integrity of data.

I believe such a solution should also have the option to decrypt and return
the data when required.

I haven't found anything other using SSL/HTTPS in securing the network
connections between nodes in the cluster.

Has anyone used something similar. Can you please help me on this.


Thanks,
Sridhar




--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Encyrption-of-Data-at-REST-in-Apache-Ignite-tp9508.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.

Re: Encyrption of Data at REST in Apache Ignite

[Nikolai Tikhonov <nt...@apache.org>]

Hi Sridhar!

You can enable ssl in ConnectionConfiguration. Please look at
ConnectorConfiguration#setSslEnabled and
 ConnectorConfiguration#setSslFactory methods.

Also Ignite provides SSL\TSL securing for communication between nodes. See
https://apacheignite.readme.io/docs/ssltls

Thanks,
Nikolay.

On Tue, Dec 13, 2016 at 2:56 PM, voli.sri <vo...@gmail.com> wrote:

> Hi,
>
> Does apache ignite provide for a way to support encryption of data at REST.
>
> I am looking for a way to transparently encrypt the stored data so as to
> ensure the integrity of data.
>
> I believe such a solution should also have the option to decrypt and return
> the data when required.
>
> I haven't found anything other using SSL/HTTPS in securing the network
> connections between nodes in the cluster.
>
> Has anyone used something similar. Can you please help me on this.
>
>
> Thanks,
> Sridhar
>
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/Encyrption-of-Data-at-REST-in-
> Apache-Ignite-tp9508.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>

Re: Encyrption of Data at REST in Apache Ignite

[vkulichenko <va...@gmail.com>]

Encryption between nodes is possible, but it's enabled separately from REST
[1].

Encryption of stored data is not supported out of the box, but you can try
to use CacheInterceptor [1] to support this. Note that it will break SQL
query execution, so if you're going to use them, I don't think encryption is
possible.

[1] https://apacheignite.readme.io/docs/ssltls
[2]
https://ignite.apache.org/releases/mobile/org/apache/ignite/cache/CacheInterceptor.html

-Val



--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Encyrption-of-Data-at-REST-in-Apache-Ignite-tp9508p9542.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.

Re: Encyrption of Data at REST in Apache Ignite

["voli.sri" <vo...@gmail.com>]

With your response and link shared , I see we can secure the network
connections by using SSL.

Does that mean the connections used to pass data between cluster nodes would
be secured.

Also would the data in transit/motion between cluster nodes would also be
encrypted so as to prevent unauthorized access.

But, how about data in rest in memory when it reaches a specific cluster
node.

Is there any way to encrypt that and provide another level of defense.










--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Encyrption-of-Data-at-REST-in-Apache-Ignite-tp9508p9522.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.

Re: Encyrption of Data at REST in Apache Ignite

[Jörn Franke <jo...@gmail.com>]

Well the data is in memory - do you have a concern that another process on the same machine as the Ignite daemon can read it - there might be better ways then encryption to solve it. If you are concerned about swapping to disk then try to reduce the risk and/or encrypt the hard drive.

In the scenario you mentioned - how does the client fetching the data encrypt in memory (if at all). 

There are some research projects addressing this with additional hardware or complete new ways of accesses, but they are in some cases slow and also it is not always needed.
Cf
1) spark research project with sgx (cf amplabs)
2) mit cryptdb (http://css.csail.mit.edu/cryptdb/)

> On 13 Dec 2016, at 12:56, voli.sri <vo...@gmail.com> wrote:
> 
> Hi,
> 
> Does apache ignite provide for a way to support encryption of data at REST.
> 
> I am looking for a way to transparently encrypt the stored data so as to
> ensure the integrity of data.
> 
> I believe such a solution should also have the option to decrypt and return
> the data when required.
> 
> I haven't found anything other using SSL/HTTPS in securing the network
> connections between nodes in the cluster.
> 
> Has anyone used something similar. Can you please help me on this.
> 
> 
> Thanks,
> Sridhar
> 
> 
> 
> 
> --
> View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Encyrption-of-Data-at-REST-in-Apache-Ignite-tp9508.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.