Toward Data Confidentiality via Integrating Hybrid Encryption Schemes and Hadoop Distributed File System

Lin, Hsiao-Ying; Shen, Shiuan-Tzuo; Tzeng, Wen-Guey; Lin, Bor‐Shyh

doi:10.1109/aina.2012.28

Cited by 31 publications

(16 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, as they only consider the use of symmetric encryption, the secret keys used for encrypting have to be shared with the computing nodes. In a similar work, Lin et al [11] show the impact of integrating RSA and pairing-based encryption on HDFS. In their experiments, performance is affected by between 20% and 180%.…”

Section: Related Workmentioning

confidence: 95%

Delegated Access for Hadoop Clusters in the Cloud

Núñez

Agudo

López

2014

2014 IEEE 6th International Conference on Cloud Computing Technology and Science

View full text Add to dashboard Cite

Among Big Data technologies, Hadoop stands out for its capacity to store and process large-scale datasets. However, although Hadoop was not designed with security in mind, it is widely used by plenty of organizations, some of which have strong data protection requirements. Traditional access control solutions are not enough, and cryptographic solutions must be put in place to protect sensitive information. In this paper, we describe a cryptographically-enforced access control system for Hadoop, based on proxy re-encryption. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated. Experimental results show that the overhead produced by our solution is manageable, which makes it suitable for some applications.

show abstract

Section: Related Workmentioning

confidence: 95%

Delegated Access for Hadoop Clusters in the Cloud

Núñez

Agudo

López

2014

2014 IEEE 6th International Conference on Cloud Computing Technology and Science

View full text Add to dashboard Cite

show abstract

“…Apache Accumulo is built on top of Apache Hadoop, Zookeeper, and Thrift. [3] M 8 Apache Sentry [4] S Apache Ranger [4] M Project Rhino [5] S Apache Accumulo [6] S Airavat [92] S Khaled et al [57] Vigiles [109] GuardMR [107] G-Hadoop [135] SecDM [97] M iBigTable [119] Lin et al [64] S 9 10 SAPSC [96] M ClusterBFT [99] S, H 11 Moca et al [76] SecureMR [118] S AccountableMR [123] S VIAF [115] S CCMR [116] M IntegrityMR [117] M VAWS [39] S Hatman [58] S 12 TrustMR [108] S TS-TRV [38] S Log-based [125] S Watermarking based [53,37] S Accountable MapReduce (RBAC) [110] S Airavat. Airavat [92] is a system that provides mandatory access control together with differential privacy for data protection.…”

Section: Authentication Authorization and Access Control Based Apprmentioning

confidence: 99%

Security and privacy aspects in MapReduce on clouds: A survey

Derbeko

Dolev

Gudes

et al. 2016

Computer Science Review

View full text Add to dashboard Cite

MapReduce is a programming system for distributed processing large-scale data in an efficient and fault tolerant manner on a private, public, or hybrid cloud. MapReduce is extensively used daily around the world as an efficient distributed computation tool for a large class of problems, e.g., search, clustering, log analysis, different types of join operations, matrix multiplication, pattern matching, and analysis of social networks. Security and privacy of data and MapReduce computations are essential concerns when a MapReduce computation is executed in public or hybrid clouds. In order to execute a MapReduce job in public and hybrid clouds, authentication of mappers-reducers, confidentiality of data-computations, integrity of data-computations, and correctness-freshness of the outputs are required. Satisfying these requirements shield the operation from several types of attacks on data and MapReduce computations. In this paper, we investigate and discuss security and privacy challenges and requirements, considering a variety of adversarial capabilities, and characteristics in the scope of MapReduce. We also provide a review of existing security and privacy protocols for MapReduce and discuss their overhead issues.

show abstract

“…We assume these storage servers are honest for storage services but malicious for data confidentiality. This confidentiality requirement is essential when storage servers are owned by a cloud infrastructure provider (public cloud) and data are owned by other parties [11]. Risk coming with opportunity and the problem of data security in cloud computing become bottleneck of cloud computing [12].…”

Section: Related Workmentioning

confidence: 99%

A Virtualized Architecture for Secure Database Management in Cloud Computing

Singh

2014

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typical prior eort on addressing this security problem is either prohibitively slow or highly restrictive in operation. In this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of out-sourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB architecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high performance. Firstly, a novel database encryption scheme is developed to protect the out-sourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program. Secondly, a novel secure processor architecture is also developed to provide architectural support to our proposed database encryption scheme and ecient protection mechanism to secure all intermediate data generated on-the-fly during query execution. The eciency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform. A fully-functional Field-Programmable Gate Array (FPGA) implementation of our CypherDB secure processor and simulation studies demonstrate that our proposed architecture is cost-eective and of high performance. Our experiment of running the TPC-H database benchmark on SQLite demonstrates 10 to 14 percent performance overhead on average. The security components in CypherDB consume about 21K Logic Elements and 54 Block RAMs on the FPGA. The modification of SQLite only consists of 208 lines of code (LOC).

show abstract

Toward Data Confidentiality via Integrating Hybrid Encryption Schemes and Hadoop Distributed File System

Cited by 31 publications

References 11 publications

Delegated Access for Hadoop Clusters in the Cloud

Delegated Access for Hadoop Clusters in the Cloud

Security and privacy aspects in MapReduce on clouds: A survey

A Virtualized Architecture for Secure Database Management in Cloud Computing

Contact Info

Product

Resources

About