TPM-Based Authentication Mechanism for Apache Hadoop

@inproceedings{Khalil2014TPMBasedAM,
  title={TPM-Based Authentication Mechanism for Apache Hadoop},
  author={Issa M. Khalil and Zuochao Dou and Abdallah Khreishah},
  booktitle={SecureComm},
  year={2014}
}
Hadoop is an open source distributed system for data storage and parallel computations that is widely used. It is essential to ensure the security, authenticity, and integrity of all Hadoop’s entities. The current secure implementations of Hadoop rely on Kerberos, which suffers from many security and performance issues including single point of failure, online availability requirement, and concentration of authentication credentials. Most importantly, these solutions do not guard against… 
Robust Insider Attacks Countermeasure for Hadoop: Design and Implementation
TLDR
This paper proposes an authentication framework for Hadoop that utilizes trusted platform module technology and formally proved the correctness and the security guarantees of the protocol via Burrows–Abadi–Needham logic.
Data Authorization in Hadoop using Kerberos Authentication System and Transport Layer Security
TLDR
Kerberos authentication system along with Transport Layer Security (TLS) encryption was proposed to protect the stored data in HDFS from replay and attacks and the experimental result showed the efficiency and effectiveness.
Mitigation of Insider Attacks for Data Security in Distributed Computing Environments
TLDR
The problem of mitigating insider attacks is extensively investigated and several static and dynamic run-time techniques are developed that target detection of insider attacks that exploit data and infrastructure.
Multiprotocol Authentication Device for HPC and Cloud Environments Based on Elliptic Curve Cryptography
TLDR
The proposed electronic token (eToken), based on the system-on-chip ESP32, provides an extra layer of security based on elliptic curve cryptography that facilitates its integration in High-Performance Computing (HPC) and cloud systems, through a generic gateway.
A System Architecture for the Detection of Insider Attacks in Big Data Systems
TLDR
This work proposes a new system architecture in which insider attacks can be detected by utilizing the replication of data on various nodes in the system by using a two-step attack detection algorithm and a secure communication protocol.
CLAS: A Novel Communications Latency Based Authentication Scheme
TLDR
CLAS restricts login to profiled locations while demanding additional information for nonprofiled ones, which highly reduces the attack surface even when the legitimate credentials are compromised, and is resilient to phishing, pharming, man-in-the-middle, and social engineering attacks.
TASMR: Towards advanced secure mapreduc framework across untrusted hybrid clouds
TLDR
A novel architecture to secure MapReduce computation upon the aforementioned challenges in a hybrid clouds is proposed that overcomes the flaws of the state-of-the-art proposed solutions, but also provides remarkable security guarantees that guard against insider and outsider threats.
A New HDFS Key Management Mechanism Based on Multi-level Hash Keychain
TLDR
The results show that the multi-level hash keychain mechanism can effectively improve the security and efficiency of HDFS authentication.
Research on the Application of Transparent Encryption in Distributed File System HDFS
TLDR
Research shows that HDFS transparent encryption technology has the advantages of high performance, transparent application and easy deployment, but there are still potential security problems in the application process.
A Novel and Robust Authentication Factor Based on Network Communications Latency
TLDR
This work shows howinline-formula can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms and designs a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor andtex-math notation="LaTeX" as a second authentication factor.
...
...

References

SHOWING 1-10 OF 14 REFERENCES
SECOS : Key Management for Scalable and Energy Efficient Crypto On Sensors
TLDR
A protocol called SECOS is proposed that mitigates problems of weak security guarantees if some nodes are compromised, lack of scalability, high energy overhead for key management and increased end-to-end data latency and enhances the survivability of the network by handling failures of control nodes.
Implementation of a Trusted Ticket System
TLDR
This work uses the Trusted Platform Module to demonstrate how this technology can be used in the context of Kerberos for an implementation variant of Identity Management.
Towards Trusted Cloud Computing
TLDR
The design of a trusted cloud computing platform (TCCP) is proposed, which enables Infrastructure as a Service (IaaS) providers such as Amazon EC2 to provide a closed box execution environment that guarantees confidential execution of guest virtual machines.
THE HADOOP DISTRIBUTED FILE SYSTEM: BALANCING PORTABILTY
TLDR
This paper focuses on how the replicas are managed in HDFS for providing high availability of data under extreme computational requirement and possible failure that will affect the Hadoop cluster.
The Hadoop Distributed File System
TLDR
The architecture of HDFS is described and experience using HDFS to manage 25 petabytes of enterprise data at Yahoo! is reported on.
Efficient wireless reprogramming through reduced bandwidth usage and opportunistic sleeping
Sustainable GPU Computing at Scale
TLDR
The results show that assuming three times slowdown of the statistical multiplexing layer, for an application using 1024 processors with 35\% checkpoint overhead, the two-tier framework will produce sustained time and energy savings for MTBF less than 6 hours.
A novel composite model approach to improve software quality prediction
Trusted Platform Module
  • Thomas Morris
  • Computer Science
    Encyclopedia of Cryptography and Security
  • 2011
TMR: Towards a Trusted MapReduce Infrastructure
TLDR
This paper proposes a Trusted MapReduce (TMR) framework that effectively uses remote attestations to achieve efficient and deterministic integrity verification and proposes a split and parallel attestation schema to reduce latency and eliminate scalability limitations when employing the Trusted Computing mechanisms.
...
...