One of the factors for the reliability of the services is authentication, which decides who can access what services. Since big data offers a wide variety of services, authentication becomes one of the main criteria for consideration. This chapter outlines the features of the security services in terms of the requirements and the issues in the business services. This chapter also gives a little background about the services in the cloud and the interaction between clients and services in the cloud, emphasizing the security services. The authentication procedure with the authentication protocol, Kerberos SPNEGO, which is offered as a security service in Hadoop, is introduced. The configuration details in a typical browser (Mozilla Firefox) are detailed. The usage of the Linux command curl is introduced in this chapter. The command to key distribution center “kinit” is outlined. Also, the procedure for accessing the server within the Java code is given. A section on server-side configuration speaks about the Maven repository, which holds all the necessary library Jar files organized as local, central, and remote. The explanation for the configuration is given with a typical XML file. Also, the usage of Simple Logging Facade for Java is introduced. The configuration has many parameters with its values and they are tabulated for better perception. The use of LDAP server, which is one of the lightweight directory access protocols, is introduced. Also, the provision for multi-scheme configuration is outlined with an example configuration file. The facilities available to provide advanced security features using signer secret provide are highlighted with appropriate examples for the parameter name and parameter value.
TopIntroduction To Security
Security is the only issue the business service providers and the clients hesitate to do during online access. Though the security mechanisms could be easily implemented recently, due to the availability of algorithm, codes, and tools, the security implementation in large sized data and distribution environment is still having challenges.
For any reliable communication between two entities, authentication plays major role as a security mechanism intended to verify identify of the entity on the information exchange. Both private and public key encryption methods could be used to provide the authentication as shown in Figure 1.
Figure 1. Principle of Authentication mechanisms using: (a) public key (b) private key
Figure 1a shows the passing of messages from sender to receiver with the usage of two different keys (asymmetric) where for every message communication, a pair of key has to be generated (public key, private key). If the sender encrypts the messages with his private key at the sender side, it should be decrypted by receiver using the public key. It could be done in other way also. The confidentiality of the messages is achieved if message is encrypted using public key and decrypted using private key leading to the confidentiality of the message i.e. the message can be decrypted only by the person having the private key of this message. If the message is encrypted by the private key and is to be decrypted by the receiver using the public key it is authentication of the person.
Authentication Services
It is to be ensured that the messages received from a source are coming from the intended source or not. It should not be altered in transit. Message authentication is a procedure that has to verify sequencing (checking for the sequence of messages) and timeliness (checking for the right order of the messages).
Though the authentication of the message is done, there are chances that the intruder in the network may damage the message in the transit. Hence a digital signature mechanism is followed. The message is added with the message authentication code and sent. The receiver having known the private key of message verifies it.
Message Authentication Code (MAC) is the plain text added with the secret code of fixed length message and this procedure is publicly known serving as the authenticator.
Figure 2. Public key based authentication
When sender Rama has a message to send to Sita, Rama calculates the MAC as a function of the message M and the key K, i.e., MAC = CK(M). The message (M) is added with the MAC and sent to Sita, where she uses the private key to reconstruct MAC and verify with MAC sent by Rama and compared and validated. Using the hash function and the variable length of any message, a fixed sized message can be constructed which is the Digital Signature of the message. This digital signature ensures the right source and integrity of the message.
Figure 3. Public key based authentication with the entities involved
Figure 2 and Figure 3 shows the public key based authentication. Figure 4 shows it with the certification authorities involved.