[HBASE-16414] Improve performance for RPC encryption with Apache Common Crypto - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: IPC/RPC
Labels:
None

Hadoop Flags:

Reviewed
Release Note:

Hide
With the security RPC and encryption enabled, introduce Apache Commons Crypto to do the encryption/decryption which supports both supports both JCE Cipher and OpenSSL Cipher. Adds new configs "hbase.rpc.crypto.encryption.aes.enabled" which defaults to false, and "hbase.rpc.crypto.encryption.aes.cipher.class" which defaults to "org.apache.commons.crypto.cipher.JceCipher" to support JCE Cipher, it also can be set as "org.apache.hadoop.crypto.OpensslCipher" to support Openssl Cipher.

Show
With the security RPC and encryption enabled, introduce Apache Commons Crypto to do the encryption/decryption which supports both supports both JCE Cipher and OpenSSL Cipher. Adds new configs "hbase.rpc.crypto.encryption.aes.enabled" which defaults to false, and "hbase.rpc.crypto.encryption.aes.cipher.class" which defaults to "org.apache.commons.crypto.cipher.JceCipher" to support JCE Cipher, it also can be set as "org.apache.hadoop.crypto.OpensslCipher" to support Openssl Cipher.

Description

Hbase RPC encryption is enabled by setting “hbase.rpc.protection” to "privacy". With the token authentication, it utilized DIGEST-MD5 mechanisms for secure authentication and data protection. For DIGEST-MD5, it uses DES, 3DES or RC4 to do encryption and it is very slow, especially for Scan. This will become the bottleneck of the RPC throughput.
Apache Commons Crypto is a cryptographic library optimized with AES-NI. It provides Java API for both cipher level and Java stream level. Developers can use it to implement high performance AES encryption/decryption with the minimum code and effort. Compare with the current implementation of org.apache.hadoop.hbase.io.crypto.aes.AES, Crypto supports both JCE Cipher and OpenSSL Cipher which is better performance than JCE Cipher. User can configure the cipher type and the default is JCE Cipher.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-16414.001.patch
15/Aug/16 06:56
94 kB
Colin
HBASE-16414.002.patch
05/Sep/16 03:19
231 kB
Colin
HBASE-16414.003.patch
07/Sep/16 01:28
231 kB
Colin
HBASE-16414.004.patch
08/Sep/16 01:28
231 kB
Colin
HBASE-16414.005.patch
27/Sep/16 06:07
229 kB
Colin
HBASE-16414.006.patch
08/Oct/16 07:04
249 kB
Colin
HBASE-16414.007.patch
10/Oct/16 02:43
249 kB
Colin
HBASE-16414.008.patch
13/Oct/16 02:32
246 kB
Colin
HBASE-16414.009.patch
18/Oct/16 02:47
248 kB
Colin
HbaseRpcEncryptionWithCrypoto.docx
15/Aug/16 06:51
76 kB
Colin

Issue Links

is related to

HBASE-16463 Improve transparent table/CF encryption with Commons Crypto

Closed

HADOOP-10768 Optimize Hadoop RPC encryption performance

Patch Available

relates to

HBASE-16633 Optimize HBase RPC Encryption Performance

Resolved

HADOOP-13635 Replace Hadoop Common crypto code with Apache Commons Crypto

Open

links to

Review board

Activity

People

Assignee:: Colin

Reporter:: Colin

Votes:: 0 Vote for this issue

Watchers:: 17 Start watching this issue

Dates

Created:: 15/Aug/16 06:50

Updated:: 04/May/18 17:25

Resolved:: 21/Oct/16 10:34