Trust based authentication scheme (tbas) for cloud computing environment with Kerberos protocol using distributed controller and prevention attack

Benjula Anbu Malar Manickam Bernard, P. Jayagopal
{"title":"Trust based authentication scheme (tbas) for cloud computing environment with Kerberos protocol using distributed controller and prevention attack","authors":"Benjula Anbu Malar Manickam Bernard, P. Jayagopal","doi":"10.1108/IJPCC-03-2020-0009","DOIUrl":null,"url":null,"abstract":"\nPurpose\nThis paper aims to discuss the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.\n\n\nDesign/methodology/approach\nThe methodology designed in this paper is discussed in this section. The existing models are designed in such a way that the client ID first asked to send an authorization request to the Authentication Server. The server looks up the user in its database and then sends back a ticket generated by it to the client to obtain services for the Service center. Numerous models have some additional features to these systems where the theme of KDC was introduced. The Key Distribution Centre (KDC), which is a set of nodes in a network where the data could be distributed and stored, such that any kind of attack on a single KDC will not impact other KDC and the data stored in it. The nodes other than the KDC in the network are termed as the slave nodes. The slave nodes communicate with each other within the network depending on the topology of the entire network. In this paper, the authors have used the Kerberos protocol for adding more security functions in the entire network. The system developed consists of a client, server and a set of nodes connected to each other in a ring fashion.\n\n\nFindings\nThe proposed model provides security to the information being used by making use of the Kerberos protocol. Additional features and algorithms such as the use of the ticket-granting approach have been added at the protocol to make it more secure than the existing models. The ticket generation is done at the server-side that makes the user have proper authentication to make use of the services available from the server-side. The model is designed in such a way that it could remain operational even during the time of denial of service. As future work, use of machine learning and deep learning could be used to predict the attack on the network well before it is being misused.\n\n\nOriginality/value\nThe paper discusses the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.\n","PeriodicalId":210948,"journal":{"name":"Int. J. Pervasive Comput. Commun.","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Pervasive Comput. Commun.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/IJPCC-03-2020-0009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Purpose This paper aims to discuss the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated. Design/methodology/approach The methodology designed in this paper is discussed in this section. The existing models are designed in such a way that the client ID first asked to send an authorization request to the Authentication Server. The server looks up the user in its database and then sends back a ticket generated by it to the client to obtain services for the Service center. Numerous models have some additional features to these systems where the theme of KDC was introduced. The Key Distribution Centre (KDC), which is a set of nodes in a network where the data could be distributed and stored, such that any kind of attack on a single KDC will not impact other KDC and the data stored in it. The nodes other than the KDC in the network are termed as the slave nodes. The slave nodes communicate with each other within the network depending on the topology of the entire network. In this paper, the authors have used the Kerberos protocol for adding more security functions in the entire network. The system developed consists of a client, server and a set of nodes connected to each other in a ring fashion. Findings The proposed model provides security to the information being used by making use of the Kerberos protocol. Additional features and algorithms such as the use of the ticket-granting approach have been added at the protocol to make it more secure than the existing models. The ticket generation is done at the server-side that makes the user have proper authentication to make use of the services available from the server-side. The model is designed in such a way that it could remain operational even during the time of denial of service. As future work, use of machine learning and deep learning could be used to predict the attack on the network well before it is being misused. Originality/value The paper discusses the Silver and Golden ticket exploits that usually exists in the existing systems. To overcome these challenges, the data is first encrypted and then the ticket is granted to the validated user. The users are validated using the user privileges. The security levels of the proposed model are compared with the existing models and provide a better performance using the Key Distribution Centre (KDC). The number of authentication and authorization levels present in the existing and proposed model is also evaluated.
基于Kerberos协议的云计算环境下基于信任的身份验证方案,采用分布式控制器和防攻击
目的针对现有系统中常见的银票和金票漏洞进行讨论。为了克服这些挑战,首先对数据进行加密,然后将票据授予经过验证的用户。使用用户权限对用户进行验证。将该模型的安全级别与现有模型进行比较,并使用密钥分发中心(KDC)提供更好的性能。还评估了现有模型和建议模型中存在的身份验证和授权级别的数量。本节将讨论本文设计的方法。现有模型是这样设计的:客户机ID首先请求向身份验证服务器发送授权请求。服务器在其数据库中查找用户,然后将它生成的票证发送回客户机,以获取Service center的服务。在引入KDC主题的这些系统中,许多模型都具有一些附加功能。密钥分发中心(KDC),它是网络中的一组节点,数据可以在其中分发和存储,这样对单个KDC的任何攻击都不会影响其他KDC及其中存储的数据。网络中除KDC以外的节点称为从节点。从节点根据整个网络的拓扑结构在网络内相互通信。在本文中,作者使用Kerberos协议在整个网络中添加了更多的安全功能。所开发的系统由客户端、服务器和一组以环形方式相互连接的节点组成。发现建议的模型通过使用Kerberos协议为正在使用的信息提供安全性。协议中增加了额外的功能和算法,例如使用票据授予方法,使其比现有模型更安全。票据生成是在服务器端完成的,它使用户具有适当的身份验证,以便使用服务器端提供的服务。该模型的设计方式使其即使在拒绝服务期间也能保持运行。作为未来的工作,机器学习和深度学习的使用可以在网络被滥用之前很好地预测对网络的攻击。本文讨论了现有系统中通常存在的银票和金票漏洞。为了克服这些挑战,首先对数据进行加密,然后将票据授予经过验证的用户。使用用户权限对用户进行验证。将该模型的安全级别与现有模型进行比较,并使用密钥分发中心(KDC)提供更好的性能。还评估了现有模型和建议模型中存在的身份验证和授权级别的数量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信