TPM-based authentication mechanism for apache hadoop

Issa Khalil, Zuochao Dou, Abdallah Khreishah

    Research output: Chapter in Book/Report/Conference proceedingChapter

    9 Citations (Scopus)

    Abstract

    Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.

    Original languageEnglish
    Title of host publicationLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
    PublisherSpringer Verlag
    Pages105-122
    Number of pages18
    DOIs
    Publication statusPublished - 2015

    Publication series

    NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
    Volume152
    ISSN (Print)1867-8211

    Keywords

    • Authentication
    • Hadoop
    • Insider threats
    • Kerberos
    • Platform attestation
    • Trusted Platform Module (TPM)

    ASJC Scopus subject areas

    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'TPM-based authentication mechanism for apache hadoop'. Together they form a unique fingerprint.

    Cite this