Creating and sharing knowledge for telecommunications

HEAP: An Efficient and Fault-tolerant Authentication and Key Exchange Protocol for Hadoop-assisted Big Data Platform

Chattaraj, D. ; Sarma, M. ; Das, A. D. ; Kumar, N. K. ; Rodrigues, J. R. ; Park, Y.

IEEE Access Vol. 6, Nº 1, pp. 75342 - 75382, December, 2018.

ISSN (print): 2169-3536
ISSN (online):

Journal Impact Factor: (in )

Digital Object Identifier: 10.1109/ACCESS.2018.2883105

Hadoop framework has been evolved to manage Big Data in Cloud. Hadoop Distributed File System (HDFS) and MapReduce the vital components of this framework provide scalable and fault tolerant Big Data storage and processing services at a lower cost. However, Hadoop does not provide any robust authentication mechanism for principals’ authentication. In fact, the existing state of the art authentication protocols are vulnerable to various security threats, such as man-in-the-middle, replay, password guessing, stolen-verifier, previliged-insider, identity compromization, impersonation, denial-of-service, on/offline dictionary, chosen plaintext, workstation compromization and server-side compromisation attacks. Beside these threats, the state of the art mechanisms lack to address the server-side data integrity and confidentiality issues. In addition to this, most of the existing authentication protocols follow a single-server based user authentication strategy, which is, in fact, originates Single Point of Failure (SOF) and Single Point of Vulnerability (SOV) issues. To address these limitations, in this work we propose a fault tolerant authentication protocol suitable for Hadoop framework, which is called as HEAP (Efficient Authentication Protocol for Hadoop). HEAP alleviates the major issues of the existing state of the art authentication mechanisms, namely, operating system based authentication, password-based approach and delegated token-based schemes, respectively, that are presently deployed in Hadoop. HEAP follows two-server based authentication mechanism. HEAP authenticates the principal based on digital signature generation and verification strategy utilizing both Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC). The security analysis using both the formal security using the broadly-accepted Real-Or-Random (ROR) model and informal (non-mathematical) security show that HEAP protects several well-known attacks. In addition, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) ensures that HEAP is resilient against replay and man-in-the-middle attacks. Finally, the performance study contemplates that the overheads incurred in HEAP is reasonable and is also comparable to that of other existing state-of-art authentication protocols. High security along with comparable overheads make HEAP to be robust and practical for a secure access to the Big Data storage and processing services.