A Three-Tier Authentication Scheme for Kerberized Hadoop Environment

Hena, M.; Jeyanthi, N.

doi:10.2478/cait-2021-0046

Abstract

Apache Hadoop answers the quest of handling Bigdata for most organizations. It offers distributed storage and data analysis via Hadoop Distributed File System (HDFS) and Map-Reduce frameworks. Hadoop depends on third-party security providers like Kerberos for its security requirements. Kerberos by itself comes with many security loopholes like Single point of Failure (SoF), Dictionary Attacks, Time Synchronization and Insider Attacks. This paper suggests a solution that aims to eradicate the security issues in the Hadoop Cluster with a focus on Dictionary Attacks and Single Point of Failure. The scheme roots on Secure Remote Password Protocol, Blockchain Technology and Threshold Cryptography. Practical Byzantine Fault Tolerance mechanism (PBFT) is deployed at the blockchain as the consensus mechanism. The proposed scheme outperforms many of the existing schemes in terms of computational overhead and storage requirements without compromising the security level offered by the system. Riverbed Modeller (AE) Simulation results strengthen the aforesaid claims.

References

1. Rahul, P. K., T. Gireesh Kumar. A Novel Authentication Framework for Hadoop. – Advances in Intelligent Systems and Computing, Vol. 324, 2015, pp. 333-340.10.1007/978-81-322-2126-5_37
Search in Google Scholar Back to article
2. Lingappa, R. What Is Secure Remote Password (SRP) Protocol and How to Use It? The Startup, Medium. 2019. Accessed 15 March 2021. https://medium.com/swlh/what-is-secure-remote-password-srp-protocol-and-how-to-use-it-70e415b94a76
Search in Google Scholar Back to article
3. Hena, M., N. Jeyanthi. Authentication Framework for Kerberos Enabled Hadoop Clusters. – Int. J. Eng. Adv. Technol., Vol. 9, 2019, No 1, pp. 510-519.10.35940/ijeat.A9638.109119
Search in Google Scholar Back to article
4. Castro, M., B. Liskov. Practical Byzantine Fault Tolerance. – In: Proc. of 3rd Symposium on Operating Systems Design and Implementation, New Orleans, USA, February 1999, pp. 1-14.
Search in Google Scholar Back to article
5. Li, R., H. Asaeda, J. Li, X. Fu. A Distributed Authentication and Authorization Scheme for In-Network Big Data Sharing. – Digit. Commun. Networks, Vol. 3, November 2017, No 4, pp. 226-235.10.1016/j.dcan.2017.06.001
Search in Google Scholar Back to article
6. Wang, K., J. Yu, X. Liu, S. Guo. A Pre-Authentication Approach to Proxy Re-Encryption in Big Data Context. – IEEE Trans. Big Data, May 2017, p. 1.10.1109/TBDATA.2017.2702176
Search in Google Scholar Back to article
7. Abdullah, N., A. Hakansson, E. Moradian. Blockchain Based Approach to Enhance Big Data Authentication in Distributed Environment. – In: Proc. of 9th International Conference on Ubiquitous and Future Networks (ICUFN’17), 2017, pp. 887-892.10.1109/ICUFN.2017.7993927
Search in Google Scholar Back to article
8. Aazam, M., S. Zeadally, K. A. Harras. Deploying Fog Computing in Industrial Internet of Things and Industry 4.0. – IEEE Trans. Ind. Informatics, Vol. 14, October 2018, No 10, pp. 4674-4682.10.1109/TII.2018.2855198
Search in Google Scholar Back to article
9. Omoniwa, B., R. Hussain, M. A. Javed, S. H. Bouk, S. A. Malik. Fog/Edge Computing-Based IoT (FECIoT): Architecture, Applications, and Research Issues. – IEEE Internet Things J., Vol. 6, Jun 2019, No 3, pp. 4118-4149.10.1109/JIOT.2018.2875544
Search in Google Scholar Back to article
10. Somu, N., A. Gangaa, V. S. Shankar Sriram. Authentication Service in Hadoop Using One Time Pad. – Indian J. Sci. Technol., Vol. 7, 2014, No April, pp. 56-62.10.17485/ijst/2014/v7sp4.16
Search in Google Scholar Back to article
11. Sarvabhatla, M., M. R. M. Chandra, C. S. Vorugunti. A Secure and Light Weight Authentication Service in Hadoop Using One Time Pad. – Procedia Computer Science, Vol. 50, 2015, pp. 81-86.10.1016/j.procs.2015.04.064
Search in Google Scholar Back to article
12. Esfahani, A., et al. A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment. – IEEE Internet Things J., Vol. 6, February 2019, No 1, pp. 288-296.10.1109/JIOT.2017.2737630
Search in Google Scholar Back to article
13. Li, X., J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, S. Kumari. A Robust ECC-Based Provable Secure Authentication Protocol with Privacy Preserving for Industrial Internet of Things. – IEEE Trans. Ind. Informatics, Vol. 14, August 2018, No 8, pp. 3599-3609.10.1109/TII.2017.2773666
Search in Google Scholar Back to article
14. Lin, C., D. He, X. Huang, K. K. R. Choo, A. V. Vasilakos. BSeIn: A Blockchain-Based Secure Mutual Authentication with Fine-Grained Access Control System for Industry 4.0. – J. Netw. Comput. Appl., Vol. 116, 2018, No February, pp. 42-52.10.1016/j.jnca.2018.05.005
Search in Google Scholar Back to article
15. Karati, A., S. K. H. Islam, M. Karuppiah. Provably Secure and Lightweight Certificateless Signature Scheme for IIoT Environments. – IEEE Trans. Ind. Informatics, Vol. 14, August 2018, No 8, pp. 3701-3711.10.1109/TII.2018.2794991
Search in Google Scholar Back to article
16. Zhang, Y., R. H. Deng, D. Zheng, J. Li, P. Wu, J. Cao. Efficient and Robust Certificateless Signature for Data Crowdsensing in Cloud-Assisted Industrial IoT. – IEEE Trans. Ind. Informatics, Vol. 15, January 2019, No 9, pp. 5099-5108.10.1109/TII.2019.2894108
Search in Google Scholar Back to article
17. Liu, C. H., Q. Lin, S. Wen. Blockchain-Enabled Data Collection and Sharing for Industrial IoT with Deep Reinforcement Learning. – IEEE Trans. Ind. Informatics, Vol. 15, Jun 2019, No 6, pp. 3516-3526.10.1109/TII.2018.2890203
Search in Google Scholar Back to article
18. Huang, J., L. Kong, G. Chen, M. Y. Wu, X. Liu, P. Zeng. Towards Secure Industrial IoT: Blockchain System with Credit-Based Consensus Mechanism. – IEEE Trans. Ind. Informatics, Vol. 15, Jun 2019, No 6, pp. 3680-3689.10.1109/TII.2019.2903342
Search in Google Scholar Back to article
19. Wang, K., J. Yu, X. Liu, S. Guo. A Pre-Authentication Approach to Proxy Re-Encryption in Big Data Context. – IEEE Trans. Big Data, May 2017, pp. 1-11.10.1109/TBDATA.2017.2702176
Search in Google Scholar Back to article
20. Wan, J., et al. Software-Defined Industrial Internet of Things in the Context of Industry 4.0. – IEEE Sens. J., Vol. 16, October 2016, No 20, pp. 7373-7380.10.1109/JSEN.2016.2565621
Search in Google Scholar Back to article
21. Somu, N., A. Gangaa, V. S. Shankar Sriram. Authentication Service in Hadoop Using One Time Pad. – Indian J. Sci. Technol., Vol. 7, May 2014, No Supplementary 4, pp. 56-62.10.17485/ijst/2014/v7sp4.16
Search in Google Scholar Back to article
22. Taylor, D., T. Wu, N. Mavrogiannopoulos. Using the Secure Remote Password (SRP) Protocol for TLS Authentication. 2007.10.17487/rfc5054
Search in Google Scholar Back to article
23. Hena, M., N. Jeyanthi. Blockchain Based Authentication Framework for Kerberos Enabled Hadoop Clusters. – In: 10th International Conference on Soft Computing for Problem Solving (SocProS’20), 18-20 December 2020.
Search in Google Scholar Back to article
24. Sethi, A. S. The Practical OPNET User Guide for Computer Network Simulation. Chapman and Hall/CRC, 2012.10.1201/b12515
Search in Google Scholar Back to article
25. Algaradi, T. S., B. Rama. Static Knowledge-Based Authentication Mechanism for Hadoop Distributed Platform Using Kerberos. – Int. J. Adv. Sci. Eng. Inf. Technol., Vol. 9, 2019, No 3, pp. 772-780.10.18517/ijaseit.9.3.5721
Search in Google Scholar Back to article
26. Schneier, B. Applied Cryptography : Protocols, Algorithms and Source Code in C. 2nd Ed. John Wiley & Sons, Inc., 1996.
Search in Google Scholar Back to article
27. Kilinc, H. H., T. Yanik. A Survey of SIP Authentication and Key Agreement Schemes. – IEEE Commun. Surv. Tutorials, Vol. 16, 2014, No 2, pp. 1005-1023.10.1109/SURV.2013.091513.00050
Search in Google Scholar Back to article
28. Ivanova-Rohling, V. N., N. Rohling. Evaluating Machine Learning Approaches for Discovering Optimal Sets of Projection Operators for Quantum State Tomography of Qubit Systems. – Cybernetics and Information Technologies, Vol. 20, 2020, No 6 pp. 61-73.10.2478/cait-2020-0061
Search in Google Scholar Back to article
29. Prabadevi, B., N. Jeyanthi. TSCBA-A Mitigation System for ARP Cache Poisoning Attacks. – Cybernetics and Information Technologies, Vol. 18, 2018, No 4, pp. 75-93.10.2478/cait-2018-0049
Search in Google Scholar Back to article
30. Pencheva, E. N., I. I. Atanasov, V. G. Vladislavov. Mission Critical Messaging Using Multi-Access Edge Computing. – Cybernetics and Information Technologies, Vol. 19, 2019, No 4, pp. 73-89.10.2478/cait-2019-0037
Search in Google Scholar Back to article
31. Brindha, K., N. Jeyanthi. Secured Document Sharing Using Visual Cryptography in Cloud Data Storage. – Cybernetics and Information Technologies, Vol. 15, 2015, No 4, pp. 111-123.10.1515/cait-2015-0058
Search in Google Scholar Back to article
32. Srivastava, M., J. Siddiqui, M. A. Ali. A Review of Hashing Based Image Copy Detection Techniques. – Cybernetics and Information Technologies, Vol. 19, 2019, No 2, pp. 1-27.10.2478/cait-2019-0012
Search in Google Scholar Back to article
33. Prabadevi, B., N. Jeyanthi. Security Solution for ARP Cache Poisoning Attacks in Large Data Center Networks. – Cybernetics and Information Technologies, Vol. 17, 2017, No 4, pp. 69-86.10.1515/cait-2017-0042
Search in Google Scholar Back to article
34. Usha, S., S. Kuppuswami, M. Karthik. A New Enhanced Authentication Mechanism Using Session Key Agreement Protocol. – Cybernetics and Information Technologies, Vol. 18, 2018, No 4, pp. 61-74.10.2478/cait-2018-0048
Search in Google Scholar Back to article

A Three-Tier Authentication Scheme for Kerberized Hadoop Environment

Abstract

Paradigm

My account