Static Knowledge-Based Authentication Mechanism for Hadoop Distributed Platform using Kerberos

Thoyazan Sultan Algaradi, Rama B


With the quickened phenomenal expansion of data, storing massive data has become important and increasingly growing day by day. Thus, big data came to express this large data and handling it properly under three important characteristics such as volume, veracity, and Variety. One practical of big data problems is user and services authentication. Kerberos v5 protocol provided a new solution to such this problem in the Hadoop-distributed platform (HDP). In this paper, we suggest a credible scheme by adding one more level of protection and authentication security to the Kerberos v5 protocol by using a static knowledge-based authentication (SKBA). Where in the login and verification phase by using Kerberos protocol, the KDC will replay with a question to the user-side to check the actual presence of user which the user already answered this question in his registration phase. Our credible scheme is useful in case of capturing messages that enable an eavesdropper to get the ticket that allows getting access to the HDFS as well as to avoid the common attacks with less computation, communication and storage cost. The proposed scheme works seriously and strictly to ensure the registration by delivery of user information over an insecure network in a safe manner and store this information in the KDC-database to be used later for getting access with HDFS.


authentication protocol; kerberos; hadoop distributed file system; static based knowledge; big data.

Full Text:



Chandra, Sudipta, Soumya Ray, and R. T. Goswami. "Big Data Security: Survey on Frameworks and Algorithms." In Advance Computing Conference (IACC), 2017 IEEE 7th International, pp. 48-54. IEEE, 2017.

Ouda, Abdelkader. "A Framework for next generation user authentication." In Big Data and Smart City (ICBDSC), 2016 3rd MEC International Conference on, pp. 1-4. IEEE, 2016.

Dean, Jeffrey, and Sanjay Ghemawat. "MapReduce: simplified data processing on large clusters." Communications of the ACM 51, no. 1 (2008): 107-113.

Hong, Jinkeun. "Kerberos Authentication Deployment Policy of US in Big data Environment." Journal of Digital Convergence11, no. 11 (2013): 435-441

Jeong, Yoon-Su, and Kun-Hee Han. "Service management scheme using security identification information adopt to big data

environment." Journal of Digital Convergence 11, no. 12 (2013): 393-399.

Lee, Seong-Hoon, and Dong-Woo Lee. "Current status of big data utilization." Journal of Digital Convergence 11, no. 2 (2013): 229-233.

Vatamanu, Cristina, Dragoş Gavriluţ, and Răzvan-Mihai Benchea. "Building a practical and reliable classifier for malware detection." Journal of Computer Virology and Hacking Techniques 9, no. 4 (2013): 205-214.

Jeong, Yoon-Su, and Yong-Tae Kim. "A token-based authentication security scheme for the Hadoop distributed file system using elliptic curve cryptography." Journal of Computer Virology and Hacking Techniques 11, no. 3 (2015): 137-142.

Terzi, Duygu Sinanc, Ramazan Terzi, and Seref Sagiroglu. "A survey on security and privacy issues in big data." In Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for, pp. 202-207. IEEE, 2015.

Wu, Dapeng, Boran Yang, and Ruyan Wang. "Scalable privacy-preserving big data aggregation mechanism." Digital Communications and Networks 2, no. 3 (2016): 122-129.

Li, Ruidong, Hitoshi Asaeda, Jie Li, and Xiaoming Fu. "A Verifiable and Flexible Data Sharing mechanism for Information-Centric IoT." In Communications (ICC), 2017 IEEE International Conference on, pp. 1-7. IEEE, 2017.

Li, Ruidong, Hitoshi Asaeda, Jie Li, and Xiaoming Fu. "A distributed authentication and authorization scheme for in-network big data sharing." Digital Communications and Networks 3, no. 4 (2017): 226-235.

Wang, Kun, Jiahui Yu, Xiulong Liu, and Song Guo. "A pre-authentication approach to proxy re-encryption in the big data context." IEEE Transactions on Big Data (2017).

Shen, J., Liu, D., Liu, Q., Sun, X. and Zhang, Y., 2017. Secure authentication in cloud big data with hierarchical attribute authorization structure. IEEE Transactions on Big Data, (1), pp.1-1.

Ibrahim, Anas, and Abdelkader Ouda. "Innovative data authentication model." In Information Technology, Electronics and Mobile Communication Conference (IEMCON), 2016 IEEE 7th Annual, pp. 1-7. IEEE, 2016.

Abdullah, Nazri, Anne Hakansson, and Esmiralda Moradian. "Blockchain based approach to enhance big data authentication in a distributed environment." In Ubiquitous and Future Networks (ICUFN), 2017 Ninth International Conference on, pp. 887-892. IEEE, 2017.

Bos, Joppe W., J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig, and Eric Wustrow. "Elliptic curve cryptography in practice." In International Conference on Financial Cryptography and Data Security, pp. 157-175. Springer, Berlin, Heidelberg, 2014.

P.K. Rahul and T. GireeshKumar "A Novel Authentication Framework for Hadoop" Advances in Intelligent Systems and Computing 324, Proceedings of ICAEES 2014, volume1, Springer.

Grover, Chandni, and Manpreet Kaur Aulakh. "Big Data Authentication and Authorization in HDP (Hadoop Distributed platform) using Kerberos and Ranger." International conference on recent innovation in management and engineering, 24-June 2017.

Kohl, John, and Clifford Neuman. The Kerberos network authentication service (V5). No. RFC 1510. 1993.

Rathore, Romendrapal Singh, B. L. Pal, and Shiv Kumar. "Analysis and Improvement in Kerberos 5." (2015).

Krishnamurthy, Anush. "Performance Impact of Encryption Algorithms on Kerberos Authentication Protocol." Ph.D. diss., Oklahoma State University, 2006.

Knowledge-based authentication, Wikipedia website,

Tbatou, Zakariae, Ahmed Asimi, Younes Asimi, Yassine Sadqi, and Azidine Guezzaz. "A New Mutuel Kerberos Authentication Protocol for Distributed Systems." IJ Network Security 19, no. 6 (2017): 889-898.

Insider attack, techopedia,

Ding, W. A. N. G. "Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards." The Journal of China Universities of Posts and Telecommunications 19, no. 5 (2012): 104-114.



  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development