Often, discussions about security in Accumulo focus on access control mechanisms, ignoring data-at-rest confidentiality and data integrity. We have recently modified the implementation of data encryption in Accumulo to improve data protection, including both confidentiality and integrity. Additionally, we are working to design and implement a new cryptography module that will allow us to centralize the code, clean the API, and make configuration easier for system administrators. The new crypto module will provide more flexibility for organizations interested in developing their own approaches to data encryption.
In this talk we will discuss the existing cryptography within Accumulo, the motivation behind refactoring the crypto module, and the design of the new module. We will also discuss the implementation progress to date.
Nick is a Cryptographic Security Engineer with Praxis Engineering. He is an Apache Accumulo committer and PMC member. His background includes algorithm design for solutions to big data problems, development of cloud computing tools, and research in securing computer networks. He holds a MS in Computer and Information Sciences and a BS in Computer Science from the University of South Alabama.