{"title":"基于Kerberos协议的云计算环境下基于信任的身份验证方案,采用分布式控制器和防攻击","authors":"Benjula Anbu Malar Manickam Bernard, P. Jayagopal","doi":"10.1108/IJPCC-03-2020-0009","DOIUrl":null,"url":null,"abstract":"\nPurpose\nThis paper aims to discuss the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.\n\n\nDesign/methodology/approach\nThe methodology designed in this paper is discussed in this section. The existing models are designed in such a way that the client ID first asked to send an authorization request to the Authentication Server. The server looks up the user in its database and then sends back a ticket generated by it to the client to obtain services for the Service center. Numerous models have some additional features to these systems where the theme of KDC was introduced. The Key Distribution Centre (KDC), which is a set of nodes in a network where the data could be distributed and stored, such that any kind of attack on a single KDC will not impact other KDC and the data stored in it. The nodes other than the KDC in the network are termed as the slave nodes. The slave nodes communicate with each other within the network depending on the topology of the entire network. In this paper, the authors have used the Kerberos protocol for adding more security functions in the entire network. The system developed consists of a client, server and a set of nodes connected to each other in a ring fashion.\n\n\nFindings\nThe proposed model provides security to the information being used by making use of the Kerberos protocol. Additional features and algorithms such as the use of the ticket-granting approach have been added at the protocol to make it more secure than the existing models. The ticket generation is done at the server-side that makes the user have proper authentication to make use of the services available from the server-side. The model is designed in such a way that it could remain operational even during the time of denial of service. As future work, use of machine learning and deep learning could be used to predict the attack on the network well before it is being misused.\n\n\nOriginality/value\nThe paper discusses the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.\n","PeriodicalId":210948,"journal":{"name":"Int. J. Pervasive Comput. Commun.","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Trust based authentication scheme (tbas) for cloud computing environment with Kerberos protocol using distributed controller and prevention attack\",\"authors\":\"Benjula Anbu Malar Manickam Bernard, P. Jayagopal\",\"doi\":\"10.1108/IJPCC-03-2020-0009\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\nPurpose\\nThis paper aims to discuss the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.\\n\\n\\nDesign/methodology/approach\\nThe methodology designed in this paper is discussed in this section. The existing models are designed in such a way that the client ID first asked to send an authorization request to the Authentication Server. The server looks up the user in its database and then sends back a ticket generated by it to the client to obtain services for the Service center. Numerous models have some additional features to these systems where the theme of KDC was introduced. The Key Distribution Centre (KDC), which is a set of nodes in a network where the data could be distributed and stored, such that any kind of attack on a single KDC will not impact other KDC and the data stored in it. The nodes other than the KDC in the network are termed as the slave nodes. The slave nodes communicate with each other within the network depending on the topology of the entire network. In this paper, the authors have used the Kerberos protocol for adding more security functions in the entire network. The system developed consists of a client, server and a set of nodes connected to each other in a ring fashion.\\n\\n\\nFindings\\nThe proposed model provides security to the information being used by making use of the Kerberos protocol. Additional features and algorithms such as the use of the ticket-granting approach have been added at the protocol to make it more secure than the existing models. The ticket generation is done at the server-side that makes the user have proper authentication to make use of the services available from the server-side. The model is designed in such a way that it could remain operational even during the time of denial of service. As future work, use of machine learning and deep learning could be used to predict the attack on the network well before it is being misused.\\n\\n\\nOriginality/value\\nThe paper discusses the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.\\n\",\"PeriodicalId\":210948,\"journal\":{\"name\":\"Int. J. Pervasive Comput. Commun.\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Pervasive Comput. Commun.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1108/IJPCC-03-2020-0009\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Pervasive Comput. Commun.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/IJPCC-03-2020-0009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Trust based authentication scheme (tbas) for cloud computing environment with Kerberos protocol using distributed controller and prevention attack
Purpose
This paper aims to discuss the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.
Design/methodology/approach
The methodology designed in this paper is discussed in this section. The existing models are designed in such a way that the client ID first asked to send an authorization request to the Authentication Server. The server looks up the user in its database and then sends back a ticket generated by it to the client to obtain services for the Service center. Numerous models have some additional features to these systems where the theme of KDC was introduced. The Key Distribution Centre (KDC), which is a set of nodes in a network where the data could be distributed and stored, such that any kind of attack on a single KDC will not impact other KDC and the data stored in it. The nodes other than the KDC in the network are termed as the slave nodes. The slave nodes communicate with each other within the network depending on the topology of the entire network. In this paper, the authors have used the Kerberos protocol for adding more security functions in the entire network. The system developed consists of a client, server and a set of nodes connected to each other in a ring fashion.
Findings
The proposed model provides security to the information being used by making use of the Kerberos protocol. Additional features and algorithms such as the use of the ticket-granting approach have been added at the protocol to make it more secure than the existing models. The ticket generation is done at the server-side that makes the user have proper authentication to make use of the services available from the server-side. The model is designed in such a way that it could remain operational even during the time of denial of service. As future work, use of machine learning and deep learning could be used to predict the attack on the network well before it is being misused.
Originality/value
The paper discusses the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.