TPM-based authentication mechanism for apache hadoop

Issa Khalil, Zuochao Dou, Abdallah Khreishah

Research output: Chapter in Book/Report/Conference proceedingChapter

7 Citations (Scopus)

Abstract

Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.

Original languageEnglish
Title of host publicationLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
PublisherSpringer Verlag
Pages105-122
Number of pages18
Volume152
DOIs
Publication statusPublished - 2015

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume152
ISSN (Print)18678211

Fingerprint

Authentication
Availability
Data storage equipment
Hardware security

Keywords

  • Authentication
  • Hadoop
  • Insider threats
  • Kerberos
  • Platform attestation
  • Trusted Platform Module (TPM)

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Khalil, I., Dou, Z., & Khreishah, A. (2015). TPM-based authentication mechanism for apache hadoop. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 152, pp. 105-122). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 152). Springer Verlag. https://doi.org/10.1007/978-3-319-23829-6_8

TPM-based authentication mechanism for apache hadoop. / Khalil, Issa; Dou, Zuochao; Khreishah, Abdallah.

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST. Vol. 152 Springer Verlag, 2015. p. 105-122 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 152).

Research output: Chapter in Book/Report/Conference proceedingChapter

Khalil, I, Dou, Z & Khreishah, A 2015, TPM-based authentication mechanism for apache hadoop. in Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST. vol. 152, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 152, Springer Verlag, pp. 105-122. https://doi.org/10.1007/978-3-319-23829-6_8
Khalil I, Dou Z, Khreishah A. TPM-based authentication mechanism for apache hadoop. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST. Vol. 152. Springer Verlag. 2015. p. 105-122. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). https://doi.org/10.1007/978-3-319-23829-6_8
Khalil, Issa ; Dou, Zuochao ; Khreishah, Abdallah. / TPM-based authentication mechanism for apache hadoop. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST. Vol. 152 Springer Verlag, 2015. pp. 105-122 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).
@inbook{89e483d842a24b39a5437af0985a08df,
title = "TPM-based authentication mechanism for apache hadoop",
abstract = "Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.",
keywords = "Authentication, Hadoop, Insider threats, Kerberos, Platform attestation, Trusted Platform Module (TPM)",
author = "Issa Khalil and Zuochao Dou and Abdallah Khreishah",
year = "2015",
doi = "10.1007/978-3-319-23829-6_8",
language = "English",
volume = "152",
series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",
publisher = "Springer Verlag",
pages = "105--122",
booktitle = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

}

TY - CHAP

T1 - TPM-based authentication mechanism for apache hadoop

AU - Khalil, Issa

AU - Dou, Zuochao

AU - Khreishah, Abdallah

PY - 2015

Y1 - 2015

N2 - Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.

AB - Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.

KW - Authentication

KW - Hadoop

KW - Insider threats

KW - Kerberos

KW - Platform attestation

KW - Trusted Platform Module (TPM)

UR - http://www.scopus.com/inward/record.url?scp=84948137310&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84948137310&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-23829-6_8

DO - 10.1007/978-3-319-23829-6_8

M3 - Chapter

VL - 152

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 105

EP - 122

BT - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

PB - Springer Verlag

ER -