Your search keyword '"Kerberos"' showing total 910 results

1. JWTAMH: JSON Web Tokens Based Authentication Mechanism for Hadoop.

Author

Gupta, Anish, Sharma, Annu, S., Britto Raj, and Gupta, Manish Kr.

Subjects

DISTRIBUTED computing, COMPUTING platforms, ELECTRONIC data processing, ENCYCLOPEDIAS & dictionaries

Abstract

The Hadoop platform has become a widely adopted distributed computing platform for handling large-scale data processing tasks. However, the security of the Hadoop platform has become a major concern due to the increased risk of cyber-attacks. To address this concern, various security mechanisms have been proposed for the Hadoop platform, including authentication and access control. This research paper proposes a token-based authentication mechanism to enhance the security of the Hadoop platform. The proposed mechanism utilizes a combination of Kerberos and JSON Web Tokens (JWT) for secure communication between Hadoop components. The experimental results demonstrate the effectiveness of the Single point of failure, Guessing attack, Replay Attack, Brute force attack, and Dictionary attack. The proposed model has better performance in terms of average processing time and accuracy of authentication than other models. [ABSTRACT FROM AUTHOR]

Published

2025

2. Kerberos

Author

Racic, Radmilo, Perri, Pierluigi, Section editor, Jajodia, Sushil, editor, Samarati, Pierangela, editor, and Yung, Moti, editor

Published

2025

3. An Automated Disruption-Tolerant Key Management Framework for Critical Systems

Author

Edgar, Thomas, Ashok, Aditya, Seppala, Garret, Choi, Eric, Arthur-Durett, Kristine, Engels, Matt, Gentz, Reinhard, and Peisert, Sean

Subjects

Key management, ICS, SCADA, Authentication, Disruption Tolerant, Kerberos, Information Systems, Other Information and Computing Sciences, Cybersecurity and privacy

Abstract

Key management is critical to secure operation. Distributed control systems, such as Supervisory Control and Data Acquisition (SCADA) systems, have unique operational requirements that make conventional key management solutions less effectiveand burdensome. This paper pres-ents a novel Kerberos-based framework for automated, disruption-tolerant key management for control system environments. Experimental tests and their results are presented to quantify the expected performance overhead of this approach. Additionally, Zeek sensor analytics are presented to aid in monitoring the health and security of the key management framework operation.

Published

2023

4. An Encrypting Electronic Payments Based on Kerberos Cryptography Protocol.

Author

Abdal-Azal Abdulrazz Alsaiqal, Hasan aq

Subjects

ELECTRONIC funds transfers, CRYPTOGRAPHY, SMARTPHONES, DATA encryption, COMPUTER security

Abstract

At present, the prevalence of mobile phones in the country and the availability of capabilities such as encryption, key generation, and authentication present an appropriate opportunity for a variety of payment platforms. The preparation of equipment and a comprehension of the technical possibilities and difficulties in this field are necessary to achieve this capability. This paper introduces a secure electronic payment system that utilizes the Kerberos cryptography protocol to guarantee authentication, integrity, and confidentiality. The system ensures secure transactions between users and merchants by utilizing the ticket-granting mechanisms of Kerberos and symmetric key encryption. It mitigates the risk of unauthorized access and fraud by guaranteeing that all parties are authenticated prior to the exchange of any payment information. This method addresses critical challenges in the digital financial environments of today by improving the trust and privacy of electronic payments. The proposed model effectively safeguards sensitive financial data while simultaneously ensuring user convenience. The experimental results demonstrate that the proposed method maintains robust security characteristics while simultaneously achieving high quality and low computing complexity. [ABSTRACT FROM AUTHOR]

Published

2024

5. Enhancing the Security in Kerberos Protocol by Using a Random Number Generator Technique.

Author

Abu-Khadrah, Ahmed and Aljebreen, Yara

Subjects

BIOMETRIC identification, RANDOM number generators, DATA encryption, DATA protection, COMPUTER passwords

Abstract

The Kerberos Protocol, a widely adopted third-party authentication technology, enables secure communication over unsecured channels through robust authentication methods. While Kerberos effectively verifies user identities and encrypts transmissions to ensure data confidentiality and protection from eavesdropping, its default mechanism relies on hash password keys. This reliance renders it vulnerable to password attacks, potentially leading to the disclosure of encrypted messages. To address this vulnerability, an enhancement to the Kerberos protocol's initial communication phase is introduced by incorporating a Random Number Generator (RNG) as the encryption key. This innovation aims to significantly bolster data transfer security and thwart attackers from intercepting sensitive information. The RNG-enhanced Kerberos protocol was implemented and evaluated within a controlled environment using virtual machines and a virtual network. An empirical comparison between the conventional Kerberos system and the improved version demonstrated that the RNG enhancement markedly improves authentication accuracy, strengthens data protection, and reduces the likelihood of successful password attacks. Experimental results confirm the effectiveness of the RNG-enhanced Kerberos protocol in providing a higher level of security for user authentication and data confidentiality. This advancement fortifies the Kerberos protocol against prevalent threats, ensuring a more resilient and secure authentication framework for various applications. The results highlight the potential of the RNG-based approach to establish a new standard in secure communications, offering enhanced protection against the evolving landscape of cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

6. Emergence of Novel WEDEx-Kerberotic Cryptographic Framework to Strengthen the Cloud Data Security against Malicious Attacks.

Author

Zahra, Syeda Wajiha, Nadeem, Muhammad, Arshad, Ali, Riaz, Saman, Ahmed, Waqas, Abu Bakr, Muhammad, and Alabrah, Amerah

Subjects

*DATA security, *CLOUD storage, *DATA protection, *DATA encryption, *RESEARCH personnel, *PUBLIC key cryptography, *BIOMETRIC identification, *CRYPTOGRAPHY, *CIPHERS

Abstract

Researchers have created cryptography algorithms that encrypt data using a public or private key to secure it from intruders. It is insufficient to protect the data by using such a key. No research article has identified an algorithm capable of protecting both the data and the associated key, nor has any mechanism been developed to determine whether access to the data is permissible or impermissible based on the authentication of the key. This paper presents a WEDEx-Kerberotic Framework for data protection, in which a user-defined key is firstly converted to a cipher key using the "Secure Words on Joining Key (SWJK)" algorithm. Subsequently, a WEDEx-Kerberotic encryption mechanism is created to protect the data by encrypting it with the cipher key. The first reason for making the WEDEx-Kerberotic Framework is to convert the user-defined key into a key that has nothing to do with the original key, and the length of the cipher key is much shorter than the original key. The second reason is that each ciphertext and key value are interlinked. When an intruder utilizes the snatching mechanism to obtain data, the attacker obtains data or a key unrelated to the original data. No matter how efficient the algorithm is, an attacker cannot access the data when these methods and algorithms are used to protect it. Finally, the proposed algorithm is compared to the previous approaches to determine the uniqueness of the algorithm and assess its superiority to the previous algorithms. [ABSTRACT FROM AUTHOR]

Published

2024

7. Training Scenario for Security Testing of the Kerberos Protocol

Author

Lazarov, Willi, Bohacik, Antonin, Kohout, David, Fujdiak, Radek, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Goos, Gerhard, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Fujita, Hamido, editor, Cimler, Richard, editor, Hernandez-Matamoros, Andres, editor, and Ali, Moonis, editor

Published

2024

8. A Study on Kerberos and Graphical Password-Based Web Authentication Scheme

Author

Murugan, Thangavel, Sikdar, Sagar, Semwal, Mihir, Indira, K., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Verma, Om Prakash, editor, Wang, Lipo, editor, Kumar, Rajesh, editor, and Yadav, Anupam, editor

Published

2024

9. Health Data Security in a Big Data Environment

Author

Ameskour, Ismail, Benbrahim, Houssam, Amine, Aouatif, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Idrissi, Najlae, editor, Hair, Abdellatif, editor, Lazaar, Mohamed, editor, Saadi, Youssef, editor, Erritali, Mohammed, editor, and El Kafhali, Said, editor

Published

2023

10. KerberSSIze Us: Providing Sovereignty to the People

Author

Petrlic, Ronald, Lange, Christof, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dolev, Shlomi, editor, and Schieber, Baruch, editor

Published

2023

11. Secure Data Education: Leveraging Big Data for Enhanced Academic Performance and Student Success in Educational Institutions

Author

Shylaja, A. R., Shubhashree, D. A., Shrihari, M. R., Manjunath, T. N., Ajay, N., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Tuba, Milan, editor, Akashe, Shyam, editor, and Joshi, Amit, editor

Published

2023

12. Kerberos Golden Ticket Attack

Author

Pocarovsky, Stefan, Koppl, Martin, Orgon, Milos, Bohacik, Antonin, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Silhavy, Radek, editor, Silhavy, Petr, editor, and Prokopova, Zdenka, editor

Published

2023

13. An Automated Disruption-Tolerant Key Management Framework for Critical Systems

Author

Edgar, Thomas, Ashok, Aditya, Seppala, Garret, Choi, Eric, Arthur-Durett, Kristine, Engels, Matt, Gentz, Reinhard, and Peisert, Sean

Subjects

Key management, ICS, SCADA, Authentication, Disruption Tolerant, Kerberos, Information Systems, Other Information and Computing Sciences

Abstract

Key management is critical to secure operation. Distributed control systems, such as Supervisory Control and Data Acquisition (SCADA) systems, have unique operational requirements that make conventional key management solutions less effectiveand burdensome. This paper pres-ents a novel Kerberos-based framework for automated, disruption-tolerant key management for control system environments. Experimental tests and their results are presented to quantify the expected performance overhead of this approach. Additionally, Zeek sensor analytics are presented to aid in monitoring the health and security of the key management framework operation.

Published

2021

14. Efficient mutual authentication using Kerberos for resource constraint smart meter in advanced metering infrastructure

Author

Hasan Md Mehedi, Ariffin Noor Afiza Mohd, and Sani Nor Fazlida Mohd

Subjects

advanced metering infrastructure, smart meter, iot, mutual authentication, kerberos, cryptography, Science, Electronic computers. Computer science, QA75.5-76.95

Abstract

The continuous development of information communication technology facilitates the conventional grid in transforming into an automated modern system. Internet-of-Things solutions are used along with the evolving services of end-users to the electricity service provider for smart grid applications. In terms of various devices and machine integration, adequate authentication is the key to an accurate source and destination in advanced metering infrastructure (AMI). Various protocols are deployed to lead the identification between two parties, which require high computation time and communicational bit operations for system development. Therefore, Kerberos-based authentication protocols were designed in this study with the assistance of elliptic curve cryptography to manage the mutual authentication between two parties and reduce the time and bit operations. The protocols were evaluated in a widely adopted tool, AVISPA, which builds an understanding of the proposed protocol and ensures mutual authentication without unauthorized knowledge. In addition, upon comparing security and performance assessments to the current schemes, it was found that the protocol in this study required less time and bits to transmit information. Consequently, it effectively provides multiple security features making it suitable for resource constraint smart meters in AMI.

Published

2023

15. Quantifying DDS-cerberus network control overhead.

Author

Park, Andrew T., Peck, Nathaniel, Dill, Richard, Hodson, Douglas D., Grimaila, Michael R., and Henry, Wayne C.

Subjects

*NETWORK operating system, *PERFORMANCE-based design, *QUALITY of service, *DATA distribution, *DATA transmission systems

Abstract

Securing distributed device communication is critical because the private industry and the military depend on these resources. One area that adversaries target is the middleware, which is the medium that connects different systems. This paper evaluates a novel security layer, DDS-Cerberus (DDS-C), that protects in-transit data and improves communication efficiency on data-first distribution systems. This research contributes a distributed robotics operating system testbed and designs a multifactorial performance-based experiment to evaluate DDS-C efficiency and security by assessing total packet traffic generated in a robotics network. The performance experiment follows a 2:1 publisher to subscriber node ratio, varying the number of subscribers and publisher nodes from three to eighteen. By categorizing the network traffic from these nodes into either data message, security, or discovery+ with Quality of Service (QoS) best effort and reliable, the mean security traffic from DDS-C has minimal impact to Data Distribution Service (DDS) operations compared to other network traffic. The results reveal that applying DDS-C to a representative distributed network robotics operating system network does not impact performance. [ABSTRACT FROM AUTHOR]

Published

2023

16. Distribution of DDS-cerberus authenticated facial recognition streams.

Author

Park, Andrew T., Peck, Nathaniel, Dill, Richard, Hodson, Douglas D., Grimaila, Michael R., and Henry, Wayne C.

Subjects

*STREAMING video & television, *TELECOMMUNICATION, *ARTIFICIAL intelligence, *DRONE aircraft, *DATA distribution

Abstract

Successful missions in the field often rely upon communication technologies for tactics and coordination. One middleware used in securing these communication channels is Data Distribution Service (DDS) which employs a publish-subscribe model. However, researchers have found several security vulnerabilities in DDS implementations. DDS-Cerberus (DDS-C) is a security layer implemented into DDS to mitigate impersonation attacks using Kerberos authentication and ticketing. Even with the addition of DDS-C, the real-time message sending of DDS also needs to be upheld. This paper extends our previous work to analyze DDS-C's impact on performance in a use case implementation. The use case covers an artificial intelligence (AI) scenario that connects edge sensors across a commercial network. Specifically, it characterizes how DDS-C performs between unmanned aerial vehicles (UAV), the cloud, and video streams for facial recognition. The experiments send a set number of video frames over the network using DDS to be processed by AI and displayed on a screen. An evaluation of network traffic using DDS-C revealed that it was not statistically significant compared to DDS for the majority of the configuration runs. The results demonstrate that DDS-C provides security benefits without significantly hindering the overall performance. [ABSTRACT FROM AUTHOR]

Published

2023

17. Blockchain Based Authentication Framework for Kerberos Enabled Hadoop Clusters

Author

Hena, M., Jeyanthi, N., Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Tiwari, Aruna, editor, Ahuja, Kapil, editor, Yadav, Anupam, editor, Bansal, Jagdish Chand, editor, Deep, Kusum, editor, and Nagar, Atulya K., editor

Published

2021

18. Security Features in Hadoop—A Survey

Author

Begum, Gousiya, Huq, S. Zahoor Ul, Siva Kumar, A. P., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Saini, H. S., editor, Sayal, Rishi, editor, Govardhan, A., editor, and Buyya, Rajkumar, editor

Published

2021

19. A Three-Tier Authentication Scheme for Kerberized Hadoop Environment

Author

Hena M. and Jeyanthi N.

Subjects

apache hadoop, authentication, bigdata, blockchain, kerberos, Cybernetics, Q300-390

Abstract

Apache Hadoop answers the quest of handling Bigdata for most organizations. It offers distributed storage and data analysis via Hadoop Distributed File System (HDFS) and Map-Reduce frameworks. Hadoop depends on third-party security providers like Kerberos for its security requirements. Kerberos by itself comes with many security loopholes like Single point of Failure (SoF), Dictionary Attacks, Time Synchronization and Insider Attacks. This paper suggests a solution that aims to eradicate the security issues in the Hadoop Cluster with a focus on Dictionary Attacks and Single Point of Failure. The scheme roots on Secure Remote Password Protocol, Blockchain Technology and Threshold Cryptography. Practical Byzantine Fault Tolerance mechanism (PBFT) is deployed at the blockchain as the consensus mechanism. The proposed scheme outperforms many of the existing schemes in terms of computational overhead and storage requirements without compromising the security level offered by the system. Riverbed Modeller (AE) Simulation results strengthen the aforesaid claims.

Published

2021

20. Verification of RabbitMQ with Kerberos Using Timed Automata.

Author

Li, Ran, Yin, Jiaqi, Zhu, Huibiao, and Vinh, Phan Cong

Subjects

*MACHINE theory, *TIME management, *COMPUTER network protocols, *MIDDLEWARE

Abstract

RabbitMQ, an implementation of Advanced Message Queuing Protocol (AMQP), is a very popular message middleware. It supports concurrency, guarantees sequential consistency, and enables independent applications and services to communicate. Consequently, it is of great significance to ensure the secure communication of RabbitMQ. Therefore, Kerberos, a network authentication protocol, is introduced to combine with RabbitMQ to address this security issue. In this paper, we apply formal methods to model and verify RabbitMQ with Kerberos. By utilizing UPPAAL, RabbitMQ is abstracted to timed automata. Further, we validate the constructed model with the simulator in UPPAAL. On this basis, we verify whether RabbitMQ meets some basic but essential properties, including Reachability of Data, Concurrency, Sequence Consistency and Heartbeat Mechanism. Additionally, the security property Secure Communication is verified as well. From the verification results via UPPAAL, it can be found that RabbitMQ can totally cater for these properties and it maintains secure communication under the umbrella of Kerberos. [ABSTRACT FROM AUTHOR]

Published

2022

21. Distributed authentication framework for Hadoop based bigdata environment.

Author

Hena, M. and Jeyanthi, N.

Abstract

Big data, the upcoming technology in the field of computing, refers to a large complex dataset. It deals with large complex datasets and yields great valued information when analysed properly. Data Security has become the greatest challenge in the minds of cyber experts and researchers in this scenario. Apache Hadoop frameworks that let distributed processing of these large datasets rely on Kerberos Authentication for mutual authentication and verification. The protocol comes with inherent challenges like Single point of failure, Dictionary Attacks, Replay Attacks, and Time Synchronization problems. This paper puts forward a one-off approach based on recent technologies like Blockchain Networks, Digital Signatures, and Elliptic ElGamal and Threshold Cryptosystem. The proposed scheme aims to mainly deal with the Single Point of Failure problem. Riverbed Modeller (AE) simulation is performed to do the comparative study of the proposed scheme with existing systems that use traditional encryption standards like RSA cryptosystems. Analysis of the simulation results proves that the proposed scheme is more efficient in terms of time and memory without compromising the level of security offered. The response time, network delay and traffic rates of the proposed system are compared with the existing RSA based system and the results strengthen the claims of this work. Lastly, the results from comparative analysis of security features and computational time cost indicate that the proposed method heightens the security level offered for big data systems with a nominal effect on performance. [ABSTRACT FROM AUTHOR]

Published

2022

22. Active Directory Attacks—Steps, Types, and Signatures.

Author

Mokhtar, Basem Ibrahim, Jurcut, Anca D., ElSayed, Mahmoud Said, and Azer, Marianne A.

Subjects

DIRECTORIES

Abstract

Active Directory Domain is a Microsoft service that allows and facilitates the centralized administration of all workstations and servers in any environment. Due to the wide use and adoption of this service, it has become a target for many attackers. Active Directory attacks have evolved through years. The attacks target different functions and features provided by Active Directory. In this paper, we provide insights on the criticality, impact, and detection of Active Directory attacks. We review the different Active Directory attacks. We introduce the steps of the Active Directory attack and the Kerberos authentication workflow, which is abused in most attacks to compromise the Active Directory environment. Further, we conduct experiments on two attacks that are based on privilege escalation in order to examine the attack signatures on Windows event logs. The content designed in this paper may serve as a baseline for organizations implementing detection mechanisms for their Active Directory environments. [ABSTRACT FROM AUTHOR]

Published

2022

23. Improved Key Agreement Based Kerberos Protocol for M-Health Security.

Author

Thirumoorthy, P., Bhuvaneshwari, K. S., Kamalanathan, C., Sunita, P., Prabhu, E., and Maheswaran, S.

Subjects

MOBILE health, WIRELESS sensor networks, INTERNET of things, CLOUD computing, DATA integrity

Abstract

The development of wireless sensor network with Internet of Things (IoT) predicts various applications in the field of healthcare and cloud computing. This can give promising results on mobile health care (M-health) and Telecare medicine information systems. M-health system on cloud Internet of Things (IoT) through wireless sensor network (WSN) becomes the rising research for the need of modern society. Sensor devices attached to the patients' body which is connected to the mobile device can ease the medical services. Security is the key connect for optimal performance of the m-health system that share the data of patients in wireless networks in order to maintain the anonymity of the patients. This paper proposed a secure transmission of M-health data in wireless networks using proposed key agreement based Kerberos protocol. The patients processed data are stored in cloud server and accessed by doctors and caregivers. The data transfer between the patients, server and the doctors are accessed with proposed protocol in order to maintain the confidentiality and integrity of authentication. The efficiency of the proposed algorithm is compared with the existing protocols. For computing 100 devices it consumes only 91milllisecond for computation. [ABSTRACT FROM AUTHOR]

Published

2022

24. Trust based authentication scheme (tbas) for cloud computing environment with Kerberos protocol using distributed controller and prevention attack

Author

Anbu Malar, M.B. Benjula and J., Prabhu

Published

2021

25. Cross-Domain Authentication and Interoperability Scheme for Federated Cloud

Author

Gogna, Monika, Rama Krishna, C., Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Somani, Arun K., editor, Shekhawat, Rajveer Singh, editor, Mundra, Ankit, editor, Srivastava, Sumit, editor, and Verma, Vivek Kumar, editor

Published

2020

26. Security Analysis and Improvement on Kerberos Authentication Protocol

Author

Yuan, Guangyao, Guo, Lihong, Wang, Gang, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Tian, Yuan, editor, Ma, Tinghuai, editor, and Khan, Muhammad Khurram, editor

Published

2020

27. EAP-NOOB-KRB for Mutual Authentication in IoT Environment

Author

Kharouf, Wala, Abid, Mohamed, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Jemili, Imen, editor, and Mosbah, Mohamed, editor

Published

2020

28. Secure Key Distribution Prototype Based on Kerberos

Author

Barrios, Abigail Verónica Chantes, de Asís López Fuentes, Francisco, Chlamtac, Imrich, Series Editor, Vasant, Pandian, editor, Litvinchev, Igor, editor, Marmolejo-Saucedo, Jose Antonio, editor, Rodriguez-Aguilar, Roman, editor, and Martinez-Rios, Felix, editor

Published

2020

29. Data Storage Security Issues and Solutions in Cloud Computing

Author

Rathore, Tapendra Singh, Mathew, Rejo, Xhafa, Fatos, Series Editor, Pandian, A. Pasumpon, editor, Palanisamy, Ram, editor, and Ntalianis, Klimis, editor

Published

2020

30. On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Author

Carlos Diaz Motero, Juan Ramon Bermejo Higuera, Javier Bermejo Higuera, Juan Antonio Sicilia Montalvo, and Nadia Gamez Gomez

Subjects

Windows active directory, Kerberos, Kerberos attacks, Kerberos attack detection, Kerberos attack’s mitigation, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it’s necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.

Published

2021

31. Sandbox security model for Hadoop file system

Author

Gousiya Begum, S. Zahoor Ul Huq, and A. P. Siva Kumar

Subjects

HDFS, MapReduce, Fsimage, Hadoop, Kerberos, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Extensive usage of Internet based applications in day to day life has led to generation of huge amounts of data every minute. Apart from humans, data is generated by machines like sensors, satellite, CCTV etc. This huge collection of heterogeneous data is often referred as Big Data which can be processed to draw useful insights. Apache Hadoop has emerged has widely used open source software framework for Big Data Processing and it is a cluster of cooperative computers enabling distributed parallel processing. Hadoop Distributed File System is used to store data blocks replicated and spanned across different nodes. HDFS uses an AES based cryptographic techniques at block level which is transparent and end to end in nature. However cryptography provides security from unauthorized access to the data blocks, but a legitimate user can still harm the data. One such example was execution of malicious map reduce jar files by legitimate user which can harm the data in the HDFS. We developed a mechanism where every map reduce jar will be tested by our sandbox security to ensure the jar is not malicious and suspicious jar files are not allowed to process the data in the HDFS. This feature is not present in the existing Apache Hadoop framework and our work is made available in github for consideration and inclusion in the future versions of Apache Hadoop.

Published

2020

32. Source Encryption Scheme in SDN Southbound

Author

Wang, Yanlei, Zheng, Shihui, Gu, Lize, Cai, Yongmei, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Xiaohua, Jia, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Liu, Shuai, editor, and Yang, Gelan, editor

Published

2019

33. A Security Framework for Service-Oriented Architecture Based on Kerberos

Author

Yaduvanshi, Ritika, Mishra, Shivendu, Mishra, Ashish Kumar, Gupta, Avinash, Barbosa, Simone Diniz Junqueira, Editorial Board Member, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Yuan, Junsong, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Mandal, Jyotsna Kumar, editor, Mukhopadhyay, Somnath, editor, Dutta, Paramartha, editor, and Dasgupta, Kousik, editor

Published

2019

34. Authentication Mechanism to Access Multiple-Domain Multimedia Data

Author

Ibañez-Ramírez, Juan Alejandro, López-Fuentes, Francisco de Asís, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Choroś, Kazimierz, editor, Kopel, Marek, editor, Kukla, Elżbieta, editor, and Siemiński, Andrzej, editor

Published

2019

35. Networks Key Distribution Protocols Using KPS

Author

Frolov, Alexander, Vinnikov, Alexander, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Zamojski, Wojciech, editor, Mazurkiewicz, Jacek, editor, Sugier, Jarosław, editor, and Walkowiak, Tomasz, editor

Published

2019

36. FPKIVS—A Stellar Approach to Voting Systems in India

Author

Khojare, Digvijay, Chaudhary, Vaibhav, Malviya, Malvika, Shukla, Shweta, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, Saini, A. K., editor, Nayak, A. K., editor, and Vyas, Ram Krishna, editor

Published

2018

37. KBID: Kerberos Bracelet Identification (Short Paper)

Author

Carrigan, Joseph, Martin, Paul, Rushanan, Michael, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Grossklags, Jens, editor, and Preneel, Bart, editor

Published

2017

38. Protecting Biometrics Using Fuzzy Extractor and Non-invertible Transformation Methods in Kerberos Authentication Protocol

Author

Nguyen, Thi Ai Thao, Dang, Tran Khanh, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Hameurlain, Abdelkader, editor, Küng, Josef, editor, Wagner, Roland, editor, Dang, Tran Khanh, editor, and Thoai, Nam, editor

Published

2017

39. Enhanced Cloud Data Storage Security Using Hadoop.

Author

Saxena, Aumreesh Kumar, Dubey, Shivendra, Arshad, M., Saxena, Shivani, and Sinha, Sitesh Kumar

Subjects

DATA security, DATA warehousing, SOFTWARE frameworks, CLOUD computing, KEY agreement protocols (Computer network protocols), CLOUD storage

Abstract

Cloud computing is the modern technology that facilitates the user various resources, data and files to access from anywhere where network is available. It is today's modern computing where we distribute our resources and software from one place to another, but still the security of the data is a major problem in the cloud. However, there is a need for processing a huge amount of data and maintaining the security over cloud. The paper proposes a software framework (hadoop) with the cloud which helps in processing the huge amount of data using map-reduce model. Kerberos authentication protocol is used which helps in enhancing the security level over the cloud. Also, it is used to provide authentication to the users. The technique is used to analyze and compared with existing techniques. The results show that the technique is more secure and provides user authentication. [ABSTRACT FROM AUTHOR]

Published

2020

40. Hap: Protecting the Apache Hadoop Clusters with Hadoop Authentication Process Using Kerberos

Author

Valliyappan, V, Singh, Parminder, Howlett, Robert J., Series editor, Jain, Lakhmi C., Series editor, Nagar, Atulya, editor, Mohapatra, Durga Prasad, editor, and Chaki, Nabendu, editor

Published

2016

41. Securing Offline Delivery Services by Using Kerberos Authentication

Author

Hui Li, Yi Niu, Junkai Yi, and Hongyu Li

Subjects

Kerberos, home delivery, authentication path, crowdsourcing, cross-realm, ordering platform, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the rise of crowdsourcing economies, the home delivery business is now undergoing rapid development. The authentication schemes that are currently used in the home delivery business remain unanalyzed from the provable authenticity perspective. In this paper, we generalize the “cross-realm authentication path”of the Kerberos protocol and apply it to the online ordering and offline delivery business. We design a Kerberos-based scheme for the crowdsourcing delivery model to establish authenticity for principals, including customers, suppliers, and deliverymen. Then we extend it to some more complex models, such as the receiving agent model, the unified service of franchised chain model, and the relay delivery model. The authentication schemes can also be incorporated into the door access and guard system to enhance the physical security in smart cities.

Published

2018

42. Napadi na metode autentikacije i autorizacije unutar Active Directory okruženja

Author

Miličević, Dino and Galinac Grbac, Tihana

Subjects

NTLM, domain, krbtgt, Mimikatz, tree, Active Directory, Pass-TheHash, Pass-The-Ticket, forest, Domain Controller, TECHNICAL SCIENCES. Computing. Program Engineering, TEHNIČKE ZNANOSTI. Računarstvo. Programsko inženjerstvo, program Active Directory, Kerberos, Pass-The-Hash

Abstract

Microsoft Active Directory je programsko rješenje za upravljanje resursima u organizacijskim okolinama. Temelji elementi AD sustava su njegovi korisnici, računala odnosno poslužitelji te glavni poslužitelj zvan Domain Controller. Unutar Active Directoryja administratorima je omogućena hijerarhijska organizacija pojedinih objekata, kao i granularno upravljanje i primjenjivanje politika nad navedenim objektima koristeći grupne politike (engl. Group Policy Object). Glavni strukturalni dijelovi AD sustava su pojedine organizacijske jedinice, domene i stabla odnosno šume, koji čine organiziranu cjelinu. Autentifikacija se unutar AD okruženja vrši koristeći dva protokola: stariji NTLM i moderniji Kerberos. Autorizacija se ne oslanja na mrežne protokole, već na ugrađene mehanizme pristupnih lista. Zbog svojih implementacijskih mana i lokalne prirode Active Directory on-premises rješenja, napade na ove protokole poput Pass-the-Ticket i Pass-the-Hash je nemoguće mitigirati te se napadači uz relativno malo znanja mogu ukorijeniti duboko u mreži. U nastavku rada moguće je saznati daljnje korake kako se zaštititi od ovih vrsta napada. Microsoft Active Directory is a software solution used to manage resources in an organizational environment. The foundational elements of an AD system are its users, computers or servers, and the main server dubbed the Domain Controller. Within Active Directory, administrators are given the leverage to organize their objects in a hierarchical manner, as well as to granularly control and enforce policies on the objects’ behaviour using group policies (Group Policy Objects, GPO). The main structural components of an AD environment are the organizational units, domains, trees and forests which form an organized unit. Alongside the on-premises version of Active Directory, there exists a modern, cloud-based version of AD dubbed Azure Active Directory. Authentication in AD is handled by two protocols: the older NTLM and the more modern Kerberos. Authorization within an AD environment is not handled by the mentioned network protocols, but rather a model of Access Control Lists is used. Due to their implementation flaws and the nature of AD on-premises solution, attacks to these protocols are impossible to mitigate and it is possible for an attacker with little knowledge to persist deep within the network. One of the most famous toolkits for performing AD attacks and, more specifically, attacking the authentication protocols within is Mimikatz, a tool used to extract hashes and tickets from memory and abuse them later. The main principle for defending from these types of attacks is the Principle of Least Privilege model, since it is the defenders’ goal to make the attacker’s path to sensitive information and highly-privileged accounts as difficult as possible. Alongside this, it is necessary to have an up-to-date asset inventory, use firewalls and intrusion prevention systems, as well as per-computer Endpoint Detection and Response (EDR) agents. By combining the aforementioned methodologies and toolsets it is possible to significantly reduce the attack surface, however it is impossible to mitigate it completely.

Published

2023

43. TPM-Based Authentication Mechanism for Apache Hadoop

Author

Khalil, Issa, Dou, Zuochao, Khreishah, Abdallah, Akan, Ozgur, Series editor, Bellavista, Paolo, Series editor, Cao, Jiannong, Series editor, Coulson, Geoffrey, Series editor, Dressler, Falko, Series editor, Ferrari, Domenico, Series editor, Gerla, Mario, Series editor, Kobayashi, Hisashi, Series editor, Palazzo, Sergio, Series editor, Sahni, Sartaj, Series editor, Shen, Xuemin Sherman, Series editor, Stan, Mircea, Series editor, Xiaohua, Jia, Series editor, Zomaya, Albert Y., Series editor, Tian, Jing, editor, Jing, Jiwu, editor, and Srivatsa, Mudhakar, editor

Published

2015

44. Enhancement of Data Level Security in MongoDB

Author

Sathyadevan, Shiju, Muraleedharan, Nandini, Rajan, Sreeranga P., Kacprzyk, Janusz, Series editor, Buyya, Rajkumar, editor, and Thampi, Sabu M., editor

Published

2015

45. Distributed Authentication in the Cloud Computing Environment

Author

Liu, Yanzhu, Li, Zhi, Sun, Yuxia, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Wang, Guojin, editor, Zomaya, Albert, editor, Martinez, Gregorio, editor, and Li, Kenli, editor

Published

2015

46. Secured Web Service Communication using Attribute based Encryption and Outsource Decryption with Trusted Certificate Authorities (ABE-TCA)

Author

Devi, N. Anitha and Sundarambal, M.

Published

2016

47. Data security during cloud storage in public cloud using 'Kerberos: An authentication protocol'

Author

Khurana, Nidhi, Saggar, Shubhra, and Kaur, Baljit

Published

2016

48. Actual Vulnerabilities of Industrial Automation Protocols of an Open Platform Communications Series.

Author

Zegzhda, D. P., Kalinin, M. O., and Levykin, M. V.

Abstract

Open Platform Communications (OPC), the interoperability standard for the secure and reliable exchange of data in the industrial automation space, consists of two main types of protocol – classic and unified. The paper reviews a classic set of DA/HDA/A&E protocols, which is based on Microsoft DCOM and RPC technologies. Architectural cyber threats of the classic type of OPC are systematized in this work. [ABSTRACT FROM AUTHOR]

Published

2019

49. Distributed authentication system to access data in multiple secure domains.

Author

López-Fuentes, Francisco de Asís, Ibañez-Ramírez, Juan Alejandro, Chantes Barrios, Abigail, Nguyen, Ngoc Thanh, Szczerbicki, Edward, Trawiński, Bogdan, and Nguyen, Van Du

Subjects

*COMPUTER security, *MULTIPLE access protocols (Computer network protocols), *ACCESS control, *COMPUTER systems

Abstract

Currently, distributed systems are used to store information in remote sites. However, these systems are exposed to different types of security risks such as virus, Trojans or ramsomware, and security mechanisms are required to protect the access to these data and guarantee their privacy and integrity. Authentication plays an important role for security issues in a computer system. Authentication is used to prove the user identity, and it is strongly related with the access control to limits the actions and operations that an authenticated user can do in a computer system. However, authentication is a previously step to the access control, and it assumes that authentication of a user has been done successfully. Several cryptography methods can be integrated in an authentication mechanism in order to obtain robust authentication schemes. An authentication scheme based on Kerberos to access data in multiples domains is presented in this paper. A challenge in our authentication scheme is related with the authentication of Kerberos servers. To deal with this problem a keys distribution architecture is added to authentication scheme in order to authenticate the Kerberos servers in a secure way. [ABSTRACT FROM AUTHOR]

Published

2019

50. Ensuring telecommunication network security through cryptology: a case of 4G and 5G LTE cellular network providers.

Author

Manasreh, Adnan, Sharadqh, Ahmed A. M., Alkasassbeh, Jawdat S., and Al-Qaisi, Aws

Subjects

ATHLETIC ability testing, TELECOMMUNICATION systems, COMPUTER network security, TELECOMMUNICATION security, CRYPTOGRAPHY

Abstract

This paper aims to present the details regarding telecommunication network security through cryptology protocols. The data was based on scientific data collection and the quantitative method was adopted. The questionnaire was developed and the primary respondents were approached who were working in 4 telecommunication networking companies namely Huawei, Ericsson, SK Telecom and Telefonica. The sample size of the research was 60 participants and the statistical analysis was used to analyze research. The finding shows that cryptology protocol such as SSH, SSL, Kerberos PGP and SET are implemented within the companies in order to secure network. [ABSTRACT FROM AUTHOR]

Published

2019