Browse > Article
http://dx.doi.org/10.17661/jkiiect.2017.10.4.340

A Design of Hadoop Security Protocol using One Time Key based on Hash-chain  

Jeong, Eun-Hee (Department of Regional Economics, Kangwon National University)
Lee, Byung-Kwan (Department of Computer Engineering, Catholic Kwandong University)
Publication Information
The Journal of Korea Institute of Information, Electronics, and Communication Technology / v.10, no.4, 2017 , pp. 340-349 More about this Journal
Abstract
This paper is proposed Hadoop security protocol to protect a reply attack and impersonation attack. The proposed hadoop security protocol is consists of user authentication module, public key based data node authentication module, name node authentication module, and data node authentication module. The user authentication module is issued the temporary access ID from TGS after verifing user's identification on Authentication Server. The public key based data node authentication module generates secret key between name node and data node, and generates OTKL(One-Time Key List) using Hash-chain. The name node authentication module verifies user's identification using user's temporary access ID, and issues DT(Delegation Token) and BAT(Block Access Token) to user. The data node authentication module sends the encrypted data block to user after verifing user's identification using OwerID of BAT. Therefore the proposed hadoop security protocol dose not only prepare the exposure of data node's secret key by using OTKL, timestamp, owerID but also detect the reply attack and impersonation attack. Also, it enhances the data access of data node, and enforces data security by sending the encrypted data.
Keywords
Authentication; Block Access Token; Delegation Token; Hadoop security; Hash chain; One Time Key;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Sung-Jae Jung, Yu-Mi Bae, "Trend analysis of Threats and Technololgies for Cloud Security," Journal of Security Engineering, vol.10, no.2, pp.199-212, 2013. 4.
2 Openstack, http://www.openstack.org/
3 D. Nurmi, et al., "Eucalyptus: A Technical Report on an Elastic Utility computing Architecture Linking Your Programs to Useful System," Technical Report 2008-10, UCSB Computer Science, 2008.
4 K. Schvachko, et al., "The Hadoop Distributed File System," in 26th IEEE Symposium on Massive Storage Systems and Technologies, May 2010.
5 Wikipedia, http://en.wikipedia.org/wiki/Hadoop
6 Seung-Je Park, Heeyoul Kim, "Improving Hadoop Security Through Hash-chain," The Journal of Korean Institute of Information Technology, vol.10, no.6, pp.65-73, 2012.06.
7 Apache Hadoop, http://hadoop.apache.org/
8 S. Ghemawat, H. Gobioff, and S. Leung, "The google file system," Proceedings of ACM Symposium on Operating Systems Principles, pp.29-43, Oct. 2003.
9 T. White, "Hadoop: the definition guide," O'Reilly edia, Yahoo! Press, Jun 2009.
10 So Hyeon Park, Ik Rae Jeong, "A Study on Security Improvement in Hadoop Distributed File System Based on Kerberos," Journal of The Korea Institute of Information Security & Cryptology(JKIISC), vol.23, no.5, pp.803-813, 2013.10.   DOI
11 O. O'Malley, K. Zhang, S. Radia, R. Marti, C. Harrell, "Hadoop security design," Oct. 2009. http://techcat.org/wp-content/uploads/2013/04/hadoop-security-design.pdf
12 So Won Jeong, Kee Sung Kim, Ik Rae Jeong, "Secure Authentication Protocol in Hadoop Distributed File System based on Hash Chan," Journal of The Korea Institute of Information Security & Cryptology(JKIISC), vol 23, no.5, pp.831-847, 2013.10.   DOI
13 B. C. Beuman, T. Tso, "Kerberos: An authentication service for computer network," IEEE Communications, vol. 32, no.9, pp. 33-38, Sep. 1994.   DOI