SYNOPSIS

OF

Dissertation I

Master of Engineering (Computer Engineering)

Year 2018-2019

“An adaptive authentication based on Blockchain for Bigdata

Hadoop framework”

Name: Mithun Kankal.

Roll No: MCP18207

Under The Guidance

Of
Dr. Pramod Patil

Department of Computer Engineering

D.Y. Patil Institute of Technology,
Pimpri, Pune-18
 Part A

Name of the Student: Mithun Dinkar Kankal

Date Of admission to the course: 11/07/2017

Contact no: 8087771987

Email-id- Kankal.mithun@gmail.com

Name of the PG Guide: Dr. Pramod Patil

Part B

Dissertation Title: An adaptive authentication based on Blockchain for Bigdata Hadoop

framework.
Domain: Big data/Hadoop and Block chain
 An adaptive authentication based on Blockchain for Bigdata Hadoop
framework
ABSTRACT
Existing authentication protocols for giant information system like Apache Hadoop relies on
Kerberos. In the Kerberos protocol, there are varied security problems that have remained
unsolved; replay attacks, DDoS and single purpose of failure are some examples. These indicate
potential security vulnerabilities and massive information risks in victimization Hadoop.

Here we intended to presents drawbacks of Kerberos implementations and identifies

authentication needs that may enhance the security of huge information in distributed
environments. The enhancement planned relies on the rising technology of block chain that
overcomes shortcomings of Kerberos.

INTRODUCTION
Security of massive knowledge has become vital as a result of continuously increasing exchange
of sensitive knowledge. Big Data is the assortment of advanced and enormous quantity of
structured (in relative knowledge bases) and unstructured data (document files, images, video).
Knowledge square measure being collected by multitude independent sources, wherever they're
typically then united and analyses to get data. Enterprises and organizations use data to optimize
company call making processes, predict future trends and additional. Hence, these knowledge
square measure a valuable quality in today’s economy.

While individuals need the advantages of massive knowledge, security and privacy of massive
knowledge, keep on distributed cloud storage, has become a very important issue. Issues have
centered on security and protection of sensitive data, wherever these relate to new threats to
data security and adopting existing ancient security measures isn't adequate.

Cloud Security Alliance (CSA) printed a document that lists the top 10 challenges to protective
massive knowledge systems and one of the 10 challenges declared and most crucial is granular
access management. The present authentication system of Apache Hadoop exposes the
complete massive knowledge answer to a security issue because of Kerberos’ system
vulnerabilities. Limitations of Kerberos square measure evident in version four and early drafts
of version 5; replay attacks, key exposure and time synchronization square measure
vulnerabilities known.
LITERATURE SURVEY
1) An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols

Author: - Iliano Cervesato, Catherine Meadows, Dusko Pavlovic

Abstract:-

The encapsulation of the secrecy properties needed as proof obligations that can be proved by
other means (we are developing a companion logic of secrecy to do just that). Our authentication
logic reasons about the partial order of actions, lamport-style. When a consequence of secrecy is
needed, we include an assumption that defines a proof obligation which can be thought of as a
system call to another verification method.

2) Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Author: - David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry.

Abstract:-

The explorers like Internet Explorer, Chrome, Firefox, and Opera all accepted 512-bit primes,
whereas Safari allowed groups as small as 16 bits. As a result of our disclosures, Internet Explorer,
Firefox, and Chrome are transitioning the minimum size of the DHE groups they accept to 1024
bits, and OpenSSL and Safari are expected to follow suit. On the server side, we notified Apache,
Oracle, IBM, Cisco, and various hosting providers. Akamai has removed all support for export
cipher suites. Many TLS developers plan to support a new extension that allows clients and
servers to negotiate a few well-known groups of 2048-bits and higher and to gracefully reject
weak ones.

3) Modification in Kerberos Assisted Authentication in Mobile Ad-Hoc Networks to Prevent

Ticket Replay Attacks

Author:- Kashif Bashir and Mohammad Khalid Khan

Abstract:-

The modification in KAMAN protocol can increase authorization. We are proposed that all of
contents are encapsulated in an encrypted packet. So the replay attacks become impossible.
Moreover, in the proposed scheme there is no burden on the server and the client to undertake
the modified KAMAN process. We also simulate describe architecture and verified that propose
methods can reduce the chances of reply attack in MANET using KAMAN as authentication
protocol.
4) Specifying Kerberos 5 Cross-Realm Authentication

Author: - Iliano Cervesato, A D. Jaggard, A Scedrov, C Walstad

Abstract:-

The Kerberos 5 has cross-realm authentication. We also extended the Dolev-Yao intruder model
to account for threats specific to this mode of operation. We characterized minimum
requirements in view of assessing confidentiality and authentication properties, and documented
a range of harmful behaviors in the presence of compromised or untrusted realms. This
preliminary investigation lends itself to extensions in numerous directions. First, we can embark
in proving that cross-realm operation does satisfy similar confidentiality and authentication
properties already established in the intra-realm case. Second, we want to extend our analysis to
mechanisms that have been proposed to mitigate the harm that a compromised KDC sitting on
an authentication path can inflict. One promising approach is the public-key extension of
Kerberos through the PKINIT and especially PKCROSS sub protocols. Another involves a formal
analysis of relevant aspects of SESAME. In both cases, we believe that our approach can
contribute to the active discussion within the Kerberos working group.

5) Attacking NTP’s Authenticated Broadcast Mode

Author: - Aanchal Malhotra, Sharon Goldberg

Abstract:-

The NTP's broadcast mode, which is intended for an environment with a few servers and
potentially a large client population. We use network measurements to give evidence that NTP's
broadcast mode is used in the wild by thousands of NTP clients. We show that while symmetric-
key crypt- to graphic authentication of NTP broadcast track is recon- mended by the NTP
speciation and required by the open-source NTP reference implementation ntpd, it does not
provide sufficient protection against attacks on broadcast mode. We consider both (1) on-path
attacks, where the a Tracker occupies a privileged position on the path between NTP client and
one of its servers, and (2) off path attacks, where the attacker can be anywhere on the network
and does not observe the track between client and any of its servers.

MOTIVATION
 Kerberos provides mutual authentication and authorization for applications of shoppers
and servers by victimization secret-key cryptography.
 The cryptography protocol behind Kerberos is to confirm that a consumer will prove
his/her identity to a server or the other way around across insecure network
communications.
 However, there are limitations in victimization Kerberos for Hadoop authentication that
exposes the complete big knowledge resolution into a spread of security problems like
data stealing and hacks.

PROBLEM DEFINITION
Block chain based Approach to Enhance Big Data Authentication in Distributed Environment

OBJECTIVE
 Distributed nature and the lack of a central authority. User-driven and transparency.
 Light weightiness.
 Fine-granularity.
 Pseudonymity and Unlink ability.

PROPOSED WORK
Big Data is a complex distributed system where the main challenge is the complexity of managing
a large implementation, new approaches to security are required. Authentication and data access
control should be managed by a decentralized, flexible, scalable, strong authentication and
authorization that deny any malicious user from getting access to Big Data servers. Hence, new
requirements need to overcome the shortcomings of security flaws in existing implementation.
This section briefly discusses what is blockchain and new requirements that can enhance
authentication of Big Data.

A blockchain, originally block chain, is a continuously growing list of records, called blocks, which
are linked and secured using cryptography. Each block typically contains a cryptographic hash of
the previous block, a timestamp and transaction data.
A. Decentralized Authentication
Decentralized authentication replaces username/password generated keys and the client-side
SSL certificate with elliptic curve cryptographic generated keys; this is the same method used in
a blockchain protocol. This eliminates central database storing of user information, which is
vulnerable to hackers who compromise entire credentials. The user password in this
authentication is only used in the user’s own machine to access the private key.

B. Unbreakable Record
Blockchain technology is a new type of database, which can be directly shared by a group of non-
trust parties without requiring a central administration, unlike SQL or NoSQL databases.
Blockchain is a type of distributed database that maintains an irreversibly growing list of ordered
records called blocks. Each block contains a timestamp and a link to a previous block.

C. No Session Keys
Using SIN is considered to be more secure than session key sharing in an existing authentication
protocol like Kerberos. The SIN can be shared openly for everyone, as the corresponding private
key is kept on the client-side and never transmitted over the wire, and not shared with any entity.

D. Zero Single Point of Failure System

Blockchain is a distributed and decentralized data storage technology that maintains a continuously
growing list of ordered records. It eliminates the risks that come with data being held centrally and
also reduces the vulnerability of network hackers or point of failure. Every blockchain server used
for mining purposes has a copy of the blockchain.
CONCLUSION
The existing system has common security issues related to Kerberos. These limitations are
addressed; but, as massive networks, like the web, are progressively used, significantly in a very
huge knowledge environment, security vulnerabilities are common. New solutions are required
in AN era wherever bigger security requirements are required because the scale of use and
integration of data quickly increase. Block chain technology, first introduced by Bit coin, have
provided a scalable answer to many common security problems two faced as huge knowledge
become common.

FUTURE WORK
Existing authentication techniques victimization Kerberos would position huge knowledge to rely
on several security risks and vulnerabilities. Many enhancements of authentication protocols
within the distributed atmosphere should apply decentralized infrastructure that's scalable and
reliable.

Therefore, suggestions of utilizing the benefits of block chain technology may well be leveraged
to harden security systems, together with authentication and authorization of massive Data.
What’s required may be a new identity system and authentication framework supported block
chain technology.

KEYWORD
Authentication, Hadoop, Distributed Network, Security and Block chain

REFERENCES
[1] “CSA Releases the Expanded Top Ten Big Data Security & Privacy Challenges : Cloud Security
Alliance.” [Online]. Available: https://cloudsecurityalliance.org/media/news/csa-releases-
theexpanded- Top-ten-big-data-security-privacy-challenges/. [Accessed: 19-Jan-2016].

[2] “Welcome to ApacheTM Hadoop®!” [Online]. Available: https://hadoop.apache.org/.

[Accessed: 12-Jan-2016].

[3] S. M. Bellovin and M. Merritt, “Limitations of the Kerberos Authentication System,” SIGCOMM
Compute Common Rev, vol. 20, no. 5, pp. 119–132, Oct. 1990.

[4] D. Davis and D. E. Geer, “Kerberos Security with Clocks Adrift.” in USENIX Security, 1995.
[5] R. M. Needham and M. D. Schroeder, “Using Encryption for Authentication in Large Networks
of Computers,” Commun ACM, vol. 21, no. 12, pp. 993–999, Dec. 1978.

[6] D. E. Denning and G. M. Sacco, “Timestamps in Key Distribution Protocols,” Commun ACM,
vol. 24, no. 8, pp. 533–536, Aug. 1981.

[7] S. Nakamoto, “Bit coin: A peer-to-peer electronic cash system,” Consulted, vol. 1, no. 2012, p.
28, 2008.

[8] B. C. Neuman and T. Ts’o, “Kerberos: an authentication service for computer networks,” IEEE
Commun. Mag., vol. 32, no. 9, pp. 33–38, Sep. 1994.

[9] “Intel-hadoop/project-rhino,” GitHub. [Online]. Available: https://github.com/intel-

hadoop/project-rhino. [Accessed: 23-Mar- 2016].

[10] “Lightweight Directory Access Protocol,” Wikipedia, the free encyclopedia. 20-Mar-2016.