关键词: Hadoop KMS, Intel SGX, 密钥部署, 可信计算, 安全

Abstract: Currently, the master key of the Hadoop Key Management Service (KMS) based on the software is stored in the system in plain text in the form of a configuration file, which poses a serious security risk. The Intel SGX-based Hadoop KMS master key protection scheme sets the master key to the KMS by establishing a secure communication channel by SGX remote authentication, then stores the master key in the KMS server locally, and transfers the master key usage process to the SGX security zone to ensure the use of the master key is protected by the SGX hardware. Through testing and security assessment, the proposed solution solves the problem of trusted deployment and use of KMS master key. The performance loss caused by security enhancement in key creation test is 10.08%.

Key words: Hadoop key management service, Intel SGX, key deployment, trusted computing, security