On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Motero, Carlos Diaz; Higuera, Juan Ramón Bermejo; Higuera, Javier Bermejo; Sicilia, Juan Antonio; Gomez, Nadia Gamez

doi:10.1109/access.2021.3101446

Cited by 10 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Te attacker used a dictionary attack, rainbow table attack, guessing attack, and spidering. Motero et al [86] utilized a practical survey to describe attacks on Kerberos authentication protocols. Te authors analyzed overpass the hash, pass the ticket, golden ticket, silver ticket, Kerberoasting, unrestricted delegation attacks, restricted delegation attacks, resource-based restricted delegation attacks, and Kerberos bronze bit attacks.…”

Section: Case Study Of Attacksmentioning

confidence: 99%

Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems

Pöhn

Hommel

2023

Security and Communication Networks

View full text Add to dashboard Cite

Digital transformation with the adoption of cloud technologies, outsourcing, and working-from-home possibilities permits flexibility for organizations and persons. At the same time, it makes it more difficult to secure the IT infrastructure as the IT team needs to keep track of who is accessing what data from where and when on which device. With these changes, identity management as a key element of security becomes more important. Identity management relates to the technologies and policies for the identification, authentication, and authorization of users (humans and devices) in computer networks. Due to the diversity of identity management (i.e., models, protocols, and implementations), different requirements, problems, and attack vectors need to be taken into account. In order to secure identity management systems with their identities, a systematic approach is required. In this article, we propose the improved framework Taxonomy for Identity Management related to Attacks (TaxIdMA). The purpose of TaxIdMA is to classify existing attacks, attack vectors, and vulnerabilities associated with system identities, identity management systems, and end-user identities. In addition, the background of these attacks can be described in a structured and systematic way. The taxonomy is applied to the Internet of Things and self-sovereign identities. It is enhanced by a description language for threat intelligence sharing. Last but not least, TaxIdMA is evaluated and improved based on expert interviews, statistics, and discussions. This step enables broader applicability and level of detail at the same time. The combination of TaxIdMA, which allows a structured way to outline attacks and is applicable to different scenarios, and a description language for threat intelligence helps to improve the security identity management systems and processes.

show abstract

Section: Case Study Of Attacksmentioning

confidence: 99%

Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems

Pöhn

Hommel

2023

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Attacks on AD environments typically pass by specific stages and follow a certain path. The existing research efforts aiming to illustrate AD attacks assume that exploitation has happened and the attacker has a foothold in the environment [4,15]. In this paper, we follow the same approach, and we study the attacks on AD systems after obtaining the initial foothold.…”

Section: Active Directory Attack Phasesmentioning

confidence: 99%

Active Directory Attacks—Steps, Types, and Signatures

et al. 2022

View full text Add to dashboard Cite

Active Directory Domain is a Microsoft service that allows and facilitates the centralized administration of all workstations and servers in any environment. Due to the wide use and adoption of this service, it has become a target for many attackers. Active Directory attacks have evolved through years. The attacks target different functions and features provided by Active Directory. In this paper, we provide insights on the criticality, impact, and detection of Active Directory attacks. We review the different Active Directory attacks. We introduce the steps of the Active Directory attack and the Kerberos authentication workflow, which is abused in most attacks to compromise the Active Directory environment. Further, we conduct experiments on two attacks that are based on privilege escalation in order to examine the attack signatures on Windows event logs. The content designed in this paper may serve as a baseline for organizations implementing detection mechanisms for their Active Directory environments.

show abstract

“…Moreover, root-level access to the KDC server provides the attacker with unrestricted access to the whole system, leading to the compromise of the entire Kerberos database. Plus, Kerberos is not SSL-based, and it does not achieve end-to-end encryption between two clients by itself, which is the basis for secure intra-domain communication [23,24].…”

mentioning

confidence: 99%

HSM4SSL: Leveraging HSMs for Enhanced Intra-Domain Security

Aref,

Ouda

2024

Future Internet

View full text Add to dashboard Cite

In a world where digitization is rapidly advancing, the security and privacy of intra-domain communication within organizations are of critical concern. The imperative to secure communication channels among physical systems has led to the deployment of various security approaches aimed at fortifying networking protocols. However, these approaches have typically been designed to secure protocols individually, lacking a holistic perspective on the broader challenge of intra-domain communication security. This omission raises fundamental concerns about the safety and integrity of intra-domain environments, where all communication occurs within a single domain. As a result, this paper introduces HSM4SSL, a comprehensive solution designed to address the evolving challenges of secure data transmission in intra-domain environments. By leveraging hardware security modules (HSMs), HSM4SSL aims to utilize the Secure Socket Layer (SSL) protocol within intra-domain environments to ensure data confidentiality, authentication, and integrity. In addition, solutions proposed by academic researchers and in the industry have not addressed the issue in a holistic and integrative manner, as they only apply to specific types of environments or servers and do not utilize all cryptographic operations for robust security. Thus, HSM4SSL bridges this gap by offering a unified and comprehensive solution that includes certificate management, key management practices, and various security services. HSM4SSL comprises three layers to provide a standardized interaction between software applications and HSMs. A performance evaluation was conducted comparing HSM4SSL with a benchmark tool for cryptographic operations. The results indicate that HSM4SSL achieved 33% higher requests per second (RPS) compared to OpenSSL, along with a 13% lower latency rate. Additionally, HSM4SSL efficiently utilizes CPU and network resources, outperforming OpenSSL in various aspects. These findings highlight the effectiveness and reliability of HSM4SSL in providing secure communication within intra-domain environments, thus addressing the pressing need for enhanced security mechanisms.

show abstract

On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Cited by 10 publications

References 21 publications

Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems

Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems

Active Directory Attacks—Steps, Types, and Signatures

HSM4SSL: Leveraging HSMs for Enhanced Intra-Domain Security

Contact Info

Product

Resources

About