Research Article
TPM-Based Authentication Mechanism for Apache Hadoop
@INPROCEEDINGS{10.1007/978-3-319-23829-6_8, author={Issa Khalil and Zuochao Dou and Abdallah Khreishah}, title={TPM-Based Authentication Mechanism for Apache Hadoop}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Hadoop Kerberos Trusted Platform Module (TPM) Authentication Platform attestation Insider threats}, doi={10.1007/978-3-319-23829-6_8} }- Issa Khalil
Zuochao Dou
Abdallah Khreishah
Year: 2015
TPM-Based Authentication Mechanism for Apache Hadoop
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_8
Abstract
Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against malicious and privileged insiders. In this paper, we design and implement an authentication framework for Hadoop systems based on Trusted Platform Module (TPM) technologies. The proposed protocol not only overcomes the shortcomings of the state-of-the-art protocols, but also provides additional significant security guarantees that guard against insider threats. We analyze and compare the security features and overhead of our protocol with the state-of-the-art protocols, and show that our protocol provides better security guarantees with lower optimized overhead.