TY - CHAP
T1 - TPM-based authentication mechanism for apache hadoop
AU - Khalil, Issa
AU - Dou, Zuochao
AU - Khreishah, Abdallah
N1 - Publisher Copyright:
© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.
PY - 2015
Y1 - 2015
N2 - Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.
AB - Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.
KW - Authentication
KW - Hadoop
KW - Insider threats
KW - Kerberos
KW - Platform attestation
KW - Trusted Platform Module (TPM)
UR - http://www.scopus.com/inward/record.url?scp=84948137310&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84948137310&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-23829-6_8
DO - 10.1007/978-3-319-23829-6_8
M3 - Chapter
AN - SCOPUS:84948137310
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 105
EP - 122
BT - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
PB - Springer Verlag
ER -