It is whether the information stored on a system is protected against unintended or unauthorized access. Since systems are sometimes used to manage sensitive information, data confidentiality is often a measure of the ability of the system to protect its data.
Use encryption to protect sensitive data that is contained in a message. Unencrypted data, which is known as plaintext, is converted to encrypted data, which is known as ciphertext. Data is encrypted with an algorithm and a cryptographic key. Ciphertext is then converted back to plaintext at its destination.
You can apply data confidentiality in two steps:
- Encrypting the data. In this step, the sender converts plaintext to ciphertext, rendering it unintelligible to parties other than the intended recipient.
- Decrypting the data. In this step, ciphertext is rendered intelligible to the intended recipient by converting it back to plaintext.
Data Encryption on RPC
The data transfered between hadoop services and clients. Setting hadoop.rpc.protection to “privacy” in the core-site.xml activate data encryption.
Data Encryption on Block data transfer.
You need to set dfs.encrypt.data.transfer to “true” in the hdfs-site.xml in order to activate data encryption for data transfer protocol of DataNode.
Optionally, you may set dfs.encrypt.data.transfer.algorithm to either “3des” or “rc4” to choose the specific encryption algorithm. If unspecified, then the configured JCE default on the system is used, which is usually 3DES.
Setting dfs.encrypt.data.transfer.cipher.suites to AES/CTR/NoPadding activates AES encryption. By default, this is unspecified, so AES is not used. When AES is used, the algorithm specified in dfs.encrypt.data.transfer.algorithm is still used during an initial key exchange. The AES key bit length can be configured by setting dfs.encrypt.data.transfer.cipher.key.bitlength to 128, 192 or 256. The default is 128.
AES offers the greatest cryptographic strength and the best performance. At this time, 3DES and RC4 have been used more often in Hadoop clusters.
Data Encryption on HTTP
Data transfer between Web-console and clients are protected by using SSL(HTTPS).
