Bluff Forwarding: A Practical Protocol for Delivering Refreshed Symmetric Keys on a Multi-Path Big Data Ingestion System

In this paper, we present a clean-slate design of a novel and practical protocol for transporting refreshed symmetric keys for multi-path big data ingestion systems. Our objective is to securely and reliably deliver the refreshed keys from data sources to the data collection servers even in the presence of malicious attackers. To satisfy this objective, we first adapt the secret sharing algorithm. We split symmetric keys into multiple secrets in such a way that partial retrieval of the secrets does not warrant the reconstruction of the original key. Then, we hide the updated secret keys by shuffling them into a group of randomly generated fake keys. These keys are encapsulated in a message container called a bluff. We develop a protocol that makes it computationally infeasible for the attackers to distinguish between bluffs and normal data. We implement and test this protocol on Apache Flume, which is a widely used, state-of-the-art data ingestion system. We analyze the security aspects of our protocol and observe the effects of various configuration settings on the data ingestion performance.

[1]  Sylvain Pasini,et al.  Secure Communications over Insecure Channels Using an Authenticated Channel , 2005 .

[2]  Sam Shah,et al.  The big data ecosystem at LinkedIn , 2013, SIGMOD '13.

[3]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[4]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[5]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[6]  Xinpeng Zhang,et al.  Public Cloud Data Auditing with Practical Key Update and Zero Knowledge Privacy , 2016, ACISP.

[7]  Rafail Ostrovsky,et al.  Forward Secrecy in Password-Only Key Exchange Protocols , 2002, SCN.

[8]  Leocadio G. Casado,et al.  Key Management Schemes for Peer-to-Peer Multimedia Streaming Overlay Networks , 2009, WISTP.

[9]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[10]  Mohey M. Hadhoud,et al.  Evaluating The Performance of Symmetric Encryption Algorithms , 2010, Int. J. Netw. Secur..

[11]  Marianne Winslett,et al.  Secure aggregation in a publish-subscribe system , 2008, WPES '08.

[12]  A. Al Hasib,et al.  A Comparative Study of the Performance and Security Issues of AES and RSA Cryptography , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[13]  Yacine Challal,et al.  AKMP: an adaptive key management protocol for secure multicast , 2002, Proceedings. Eleventh International Conference on Computer Communications and Networks.

[14]  Jonathan Katz,et al.  Efficient cryptographic protocols preventing man-in-the-middle attacks , 2002 .

[15]  Kenneth G. Paterson,et al.  On the Security of the TLS Protocol: A Systematic Analysis , 2013, IACR Cryptol. ePrint Arch..

[16]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[17]  Xiong Li,et al.  Robust three-factor remote user authentication scheme with key agreement for multimedia systems , 2016, Secur. Commun. Networks.

[18]  Leonid Reyzin,et al.  Forward-Secure Signatures with Fast Key Update , 2002, SCN.

[19]  Young Yoon,et al.  Secret Forwarding of Events over Distributed Publish/Subscribe Overlay Network , 2016, PloS one.

[20]  R. Nicoll,et al.  Invited lecture , 1997, Neuroscience Research.

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.