标题：A new HDFS key management mechanism based on multi-level hash keychain
作者：Wang, Guiyuan ;Ning, Hongyun
作者机构：[Wang, Guiyuan ;Ning, Hongyun ] Tianjin Key Laboratory of Intelligence Computing, Tianjin University of Technology, Tianjin, China
会议名称：2nd International Conference on Big Data Research, ICBDR 2018
会议日期：October 27, 2018 - October 29, 2018
来源：ACM International Conference Proceeding Series
摘要：In order to solve the problem of password guessing attack, time synchronization and multiple allocation and repeated storage of Session keys in HDFS security authentication, this paper proposes an HDFS key management mechanism based on multi-level hash keychain. Firstly, aiming at the problem of the password guessing attack caused by multiple key transmissions, the multi-level hash keychain is introduced to replace the session key encryption and decryption method. In the authentication process of the client and the HDFS NameNode and DataNode, the user searches for the corresponding key value for encryption and decryption operations according to the user access sequence number Seq value and the total number of access data nodes Num value. The keychain is updated as the number of users and nodes changes, ensuring that each time the key value is different, the password guessing attack is effectively avoided; for the time synchronization problem, the same root key is stored in the local non-volatile memory of each node, and the key chain is updated according to the increase of the number of users and the number of access nodes. This mechanism changes the way of traditional key negotiation, but searches for the current key based on the current serial number and counter value to perform encryption and decryption operations, and adds a random number to the authentication data packet, and prevents the replay attack by combining the random number with the ticket time stamp; for the problem of multiple allocation and repeated storage of the session key, the use of the multi-level hash keychain avoids multiple transmissions of the key during the authentication process, the key chain is stored locally, and the chain length is updated as the number of users and the number of access nodes change. After the user service ends, release the corresponding keychain to reduce the space occupancy of the key. This paper analyzes the security and efficiency before and after the single authentication improvement. The results show that the multi-level hash keychain mechanism can effectively improve the security and efficiency of HDFS authentication.
© 2018 Association for Computing Machinery.