Formally analysing a security protocol for replay attacks

Long, Benjamin W.; Fidge, Colin

doi:10.1109/aswec.2006.30

Cited by 2 publications

(2 citation statements)

References 27 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the work of Benjamin et al [22] a method for inspecting replay attacks on Kerberos protocol authentication was proposed in which the protocol was specified using Object-Z.…”

Section: F Related Workmentioning

confidence: 99%

On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Motero

Higuera

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it's necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.

show abstract

“…In the work of Benjamin et al [22] a method for inspecting replay attacks on Kerberos protocol authentication was proposed in which the protocol was specified using Object-Z.…”

Section: F Related Workmentioning

confidence: 99%

On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Motero

Higuera

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Benjamin [8] proposes a method for the inspection of replay attacks on Kerberos authentication protocol in which the protocol was specified by using the Object-Z.…”

Section: Related Workmentioning

confidence: 99%

Replay Attack Prevention in Kerberos Authentication Protocol using Triple Password

Dua¹,

Gautam²,

Sharma³

et al. 2013

IJCNC

View full text Add to dashboard Cite

Replay attack and password attacks are serious issues in the Kerberos authentication protocol. Many ideas have been proposed to prevent these attacks but they increase complexity of the total Kerberos environment. In this paper we present an improved method which prevents replay attacks and password attacks by using Triple password scheme. Three passwords are stored on Authentication Server and Authentication Server sends two passwords to Ticket Granting Server (one for Application Server) by encrypting with the secret key shared between Authentication server and Ticket Granting server. Similarly, Ticket Granting Server sends one password to Application Server by encrypting with the secret key shared between TGS and application server. Meanwhile, Service-Granting-Ticket is transferred to users by encrypting it with the password that TGS just received from AS. It helps to prevent Replay attack.

show abstract

Formally analysing a security protocol for replay attacks

Abstract: The Kerberos-One-

Cited by 2 publications

References 27 publications

On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Replay Attack Prevention in Kerberos Authentication Protocol using Triple Password

Contact Info

Product

Resources

About