The Improvement of HDFS Authentication Model Based on Token Push Mechanism
Pages 53 - 58
Abstract
In order to solve the problems of single point overload, repeated authentication, replay attack and time synchronization in the security authentication of HDFS, an improved Kerberos protocol based on token push mechanism is proposed. First of all, aiming at the problem of single point overload and repeated authentication, a three-stage access mechanism based on Agent is introduced. The KDC is responsible for the visitor's first login to HDFS for the first time. In the second phase, the visitor accesses the DataNode again through HDFS, the agent generates cross-node tokens and pushes to all involved DataNodes. In the third phase, visitor directly accesses DataNode. DataNode uses cross-node tokens to authenticate visitors. This mechanism divides users' login into three phases, which lightens the load of KDC authentication server. Secondly, reduce the number of NameNode and KDC authentication through the token push mechanism. Finally, in order to enhance the security of the authentication process and prevent replay attacks, a new parameter T-nonce is introduced in the authentication of Client, NameNode and DataNodes. This parameter is obtained by hash processing the timestamp and IP address. The timestamp and IP address are combined in the parameter generation function to ensure its real-time and uniqueness so that unauthorized users cannot implement replay attacks. This paper analyzes the security and efficiency of a single-time authentication both in the original model and the improved one, and the results show that the improved protocol can effectively improve the security and efficiency of HDFS authentication.
References
[1]
Hao Shukui. Analysis of Hadoop HDFS and MapReduce Architecture {J}. Post and Telecommunications Design Technology, 2012 (7): 37--42.
[2]
O'Malley O, Zhang Kan, Radia S, et al. Hadoop security design {EB / OL}. (2009-10). http://www.Valleytalk.org/wp-content/up-loads/2013/03/hadoop-security-design.pdf.
[3]
"Welcome to Apache TM Hadoop®!" {Online}. Available: https://hadoop.apache.org/. {Accessed: 12-May-2017}.
[4]
"intel-hadoop/project-rhino," GitHub. {Online}. Available: https://github.com/intel-hadoop/project-rhino. {Accessed: 23-May-2017}.
[5]
Zhan Zengrong. Token-based HDFS cloud storage system security scheme design {J}. Science and Technology Monthly. 2014, 27 (12): 198--200 +203.
[6]
Zheng Kai, and W. Jiang. "A token authentication solution for hadoop based on kerberos pre-authentication." International Conference on Data Science and Advanced Analytics IEEE, 2015: 354--360.
[7]
Hap: Protecting the apache Hadoop clusters with Hadoop authentication process using Kerberos Valliyappan V., Singh P.(2016) Smart Innovation, Systems and Technologies, 43, pp. 151--161.
[8]
Zhu Jian-Bo, Li Ping, Yu Jiong, Liao Bin. Research on Improved Kerberos Protocol in HDFS {J}. Computer Engineering and Design, 2014, 35 (10): 3392--3398.
[9]
Chen Zhuo, Wang Youchun, Ping Jiawei. Design of Hadoop Security Mechanism Based on Public Key Infrastructure {J}. Computer Measurement and control, 2016, 24(04):149--151+166.
[10]
Zhang Yuanxu. Cloud system under the information system authentication mechanism {D}. Harbin University of Science and Technology, 2016.
[11]
Li Yan-Gai, Zhao Hua-wei. Research on HDFS Authentication and Security Transmission Mechanism Based on PKI {J}. Shandong Science. 2014, 27(05):33--41.
[12]
I.Khalil, Z. Dou, and A. Khreishah, "TPM-Based Authentication Mechanism for Apache Hadoop," in International Conference on Security and Privacy in Communication Networks, J. Tian, J. Jing, and M. Srivatsa, Eds. Springer International Publishing, 2014, pp. 105--122.
[13]
S. Saranya, M. Sarumathi, B. Swathi, P. Victer Paul, S. Sampath Kumar, T. Vengattaraman, Dynamic Preclusion of Encroachment in Hadoop Distributed File System, Procedia Computer Science, Volume 50, 2015, Pages 531--536, ISSN 1877-0509.
[14]
Hu D, Chen D, Zhang Y, et al. Research on Hadoop Identity Authentication Based on Improved Kerberos Protocol {J}. International Journal of Security & Its Applications, 2015, 9(11):429--438.
[15]
Wang Shaoren,Du Xue-hui,Yang Zhi.Proof-secure single sign-on protocol for HDFS {J}. Application Research of Computers, 2016, 33 (07): 2152--2156.
[16]
Abdullah N, Hakansson A, Moradian E. Blockchain based approach to enhance big data authentication in distributed environment {C} // Ninth International Conference on Ubiquitous and Future Networks. IEEE, 2017: 887--892.
Index Terms
- The Improvement of HDFS Authentication Model Based on Token Push Mechanism
Recommendations
An anonymous authentication mechanism based on Kerberos and HIBC
ICETC '18: Proceedings of the 10th International Conference on Education Technology and ComputersWith the development of the grid and more and more attention attached to the privacy security, there is an urgent need of a secure anonymous authentication mechanism. In order to meet this requirement, we proposed an anonymous authentication mechanism ...
New authentication concept using certificates for big data analytic tools
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and SecurityCompanies analyse large amounts of data on clusters of machines, using big data analytic tools such as Apache Spark and Apache Flink to analyse the data. Big data analytic tools are mainly tested regarding speed and reliability. Efforts about Security ...
Public-Key Cryptography Enabled Kerberos Authentication
DESE '11: Proceedings of the 2011 Developments in E-systems EngineeringKerberos is a trusted third party authentication protocol based on symmetric key cryptography. This paper studies how Kerberos authentication standard can be extended to support public key cryptography. The paper aims to do this by implementing the most ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
April 2018
155 pages
ISBN:9781450364263
DOI:10.1145/3220199
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Shenzhen University: Shenzhen University
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 April 2018
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICBDC '18
ICBDC '18: 2018 International Conference on Big Data and Computing
April 28 - 30, 2018
Shenzhen, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 61Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 23 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in