Cryptographic access control for big data platforms
MetadataVis full innførsel
This thesis has looked into the performance of select cryptographic algorithms and compared them to each other in the context of big data. The algorithms compared are Advanced Encryption Standard (AES), RSA, and a Attribute-Based Encryption (ABE) algorithm called GPSW. The results confirmed common knowledge that schemes with advanced properties are slow. The results show the performance ratio between the algorithms on Java and served as a baseline for comparing performance impacts of encryption with different algorithms. Later in the thesis an attempt to design a system using the algorithms tested, and looked into the performance impacts of using different en- cryption algorithms. Along with the systems were an estimation function of how long encryption/decryption will take from a pure cryptographic standpoint. Because the cost/benefit of implementing a pure cryptographic access control scheme is going to be marginal, it was deemed beneficial to look into existing systems that can be used to implement access control, if not by cryptography, then maybe in conjunction with it. Lastly the thesis looked into the impact of encrypting data. For instance, there exist a lot of avenues of data leakage even though the data itself may be encrypted. Some of these issues are described and strategies to mitigate them are outlined. Most of these problems are avoidable as long as one is aware of them. Another related impact is the performance loss/gain from using different schemes. These impacts are going to be more prominent when hardware accelerated encryption is used. There were carried out some tests on this and the results showed that if care is taken with the crypto-implementation the performance gain can be significant. While the conclusion were that pure cryptographic solutions are unsuitable for production use, there exist precautions that apply to any system where data is encrypted. These things impact both performance and confidentiality and should be taken into account by anyone looking into encrypting their data.