| Nowadays, with the rapid development of network technology and cloudcomputing technology, cloud computing is becoming more and more well known.Many people believe that cloud computing will become the third revolution in the ITfield after the emergence of the PC and the birth and development of the Internet. Dueto the application and promotion of cloud computing, security issues in the cloudenvironment are also increasingly prominent. How to ensure that legitimate users inthe cloud can access to resources correctly and reliablly, has become an importantwork in the cloud computing security research.In the field of information security,authentication technology is the cornerstone of the technologies what we used toensure the security of information. Kerberos is a security authentication protocolbased on symmetrical encryption mechanism. Before communication, a trusted thirdparty KDC authenticates the client and grantes the Ticket to the client, and then theclient and the server use the Ticket to authenticate each other. To a certain extent, itcan ensure the security of the communication process. Kerberos also has somedeficiencies, and these deficiencies derived from the symmetrical encryptionalgorithm. First, because both sides of communication use the same key, when the keyof each side is lost, the information security of the other side will not be guaranteed.Secondly, the symmetric key is calculated by some algorithm which is based on theclient’s password, this provides the attackers the possibility of key guess. Finally, bothsides of communication need to use the unique key, so the key management becomesa problem, the cost of key management is very high, and this greatly increases theburden of users.To solve the deficiencies brought by using symmetric encryption algorithm ofKerberos, in this paper, we put forword a solution which combines digital signaturetechnology and Kerberos authentication technology in the Hadoop framework——MTA algorithm. What we have done are as follows:1. We studied the Kerberos protocol in detail, and learned the entireauthentication process. Then we analyzed its inadequacies, and which threats wouldthese deficiencies bring to the communication process;2. To solve the deficiencies of Kerberos, we put forword a solution whichcombines digital signature technology and Kerberos authentication technology, and this solution used the characteristics of the Hadoop framework. This solution used thedouble authentication mechanism to make the authentication process more safely.Then, we listed the specific processes of this solution in detail. Also, we evaluated thissolution.3. In order to verify the solution proposed in this paper, at the end, we designedand deployed a simulation system. We simulated the process that attackers attack thecomputers in the system, and observed whether this system could correctly identifywho is the sender of the message.In summary, to some extent, the MTA algorithm we proposed makes up thedeficiencies caused by the use of a symmetric encryption algorithm, and because ofcombining with the characteristics of the Hadoop framework, it is very suitable forapplication in the Hadoop framework, and greatly improves the authenticationmechanism in the Hadoop framework. |
PDF Full Text Request