Visible to the public Kerberos 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo




Kerberos supports authentication in distributed systems. Used in intelligent systems, it is an encrypted data structure naming a user and a service the user may access. For the Science of Security community, it is relevant to the broad issues of cryptography and to resilience, human behavior, resiliency, and metrics. The work cited here was presented in 2015.

Hoa Quoc Le, Hung Phuoc Truong, Hoang Thien Van and Thai Hoang Le, “A New Pre-Authentication Protocol in Kerberos 5: Biometric Authentication,” Computing & Communication Technologies - Research, Innovation, and Vision for the Future (RIVF), 2015 IEEE RIVF International Conference on, Can Tho, 2015, pp. 157-162. doi: 10.1109/RIVF.2015.7049892
Abstract: Kerberos is a well-known network authentication protocol that allows nodes to communicate over a non-secure network connection. After Kerberos is used to prove the identity of objects in client-server model, it will encrypt all of their communications in following steps to assure privacy and data integrity. In this paper, we modify the initial authentication exchange in Kerberos 5 by using biometric data and asymmetric cryptography. This proposed method creates a new preauthentication protocol in order to make Kerberos 5 more secure. Due to the proposed method, the limitation of password-based authentication in Kerberos 5 is solved. It is too difficult for a user to repudiate having accessed to the application. Moreover, the mechanism of user authentication is more convenient. This method is a strong authentication scheme that is against several attacks.
Keywords: cryptographic protocols; data integrity; data privacy; message authentication; Kerberos 5; asymmetric cryptography; attacks; authentication exchange; biometric authentication; biometric data; client-server model; data integrity; encryption; network authentication protocol; nonsecure network connection; objects identity; password-based authentication; preauthentication protocol; privacy; user authentication; Authentication; Bioinformatics; Cryptography; Fingerprint recognition; Protocols; Servers; Authentication; Kerberos; biometric; cryptography; fingerprint (ID#: 16-9978)


N. S. Khandelwal and P. Kamboj, “Two Factor Authentication Using Visual Cryptography and Digital Envelope in Kerberos,” Electrical, Electronics, Signals, Communication and Optimization (EESCO), 2015 International Conference on, Visakhapatnam, 2015, pp. 1-6. doi: 10.1109/EESCO.2015.7253638
Abstract: Impersonation is the obvious security risk in an undefended distributed network. An adversary pretends to be a client and can have illicit access to the server. To counter this threat, user authentication is used which is treated as the first line of defense in a networked environment. The most popular and widely used authentication protocol is Kerberos. Kerberos is the de facto standard, used to authenticate users mutually by the use of trusted third party. But this strong protocol is vulnerable to various security attacks. This paper gives an overview of Kerberos protocol and its existing security problems. To enhance security and combat security attacks, it also describes a novel approach of incorporating the features of Visual Cryptography and Digital Envelope into Kerberos. Using Visual cryptography, we have added one more layer of security by considering a secret share as one of the factor of providing mutual authentication. While the session key is securely distributed by using the concept of Digital envelope in which user's private key is considered as another factor of authentication. Thus, our proposed scheme makes the Kerberos protocol highly robust, secure and efficient.
Keywords: computer network security cryptographic protocols; image coding; private key cryptography; Kerberos protocol; authentication protocol; digital envelope; distributed network; factor authentication; security attacks; security risk; session key; user authentication; user private key; visual cryptography; Authentication; Encryption; Protocols; Servers; Visualization;  Digital Envelope; Kerberos; Visual cryptography (ID#: 16-9979)


B. Bakhache and R. Rostom, “Kerberos Secured Address Resolution Protocol (KARP),” Digital Information and Communication Technology and its Applications (DICTAP), 2015 Fifth International Conference on, Beirut, 2015, pp. 210-215. doi: 10.1109/DICTAP.2015.7113201
Abstract: Network security has become more significant to users computers, associations, and even in military applications. With the presence of internet, security turned into a considerable issue. The Address Resolution Protocol (ARP) is used by computers on a Local Area Network (LAN) in order to map each network address (IP) to its physical address (MAC). This protocol has been verified to function well under regular conditions. Thus, it is a stateless and an all trusting protocol which makes it vulnerable to numerous ARP cache poisoning attacks such as Man-in-the-Middle (MITM) and Denial of service (DoS). However, ARP spoofing is a simple attack that can be done on data link layer profiting from the weak points of the ARP protocol. In this paper, we propose a new method called KARP (Kerberos ARP) to secure the ARP by integrating the Kerberos protocol. KARP is designed to add authentication to ARP inspiring from the procedures used in the famous Kerberos protocol. The simulated results of the new method show the advantage of KARP in highly securing ARP against spoofing attacks providing the lowest computational cost possible.
Keywords: access protocols; security of data; ARP cache poisoning attacks; KARP; LAN; MAC; all trusting protocol; denial of service attacks; kerberos secured address resolution protocol; local area network; man-in-the-middle attacks; network security; physical address; spoofing attacks; Authentication; IP networks; Protocols; Public key; Servers; ARP; ARP Spoofing; K-ARP; Kerberos Protocol; authentication (ID#: 16-9980)


T. A. T. Nguyen and T. K. Dang, “Combining Fuzzy Extractor in Biometric-Kerberos Based Authentication Protocol,” 2015 International Conference on Advanced Computing and Applications (ACOMP), Ho Chi Minh City, 2015, pp. 1-6. doi: 10.1109/ACOMP.2015.23
Abstract: Kerberos is a distributed authentication protocol which guarantees the mutual authentication between client and server over an insecure network. After the identification, all the subsequent communications are encrypted by session keys to ensure privacy and data integrity. In this paper, we have proposed a biometric authentication protocol based on Kerberos scheme. This protocol is not only resistant against attacks on the insecure network such as man-in-the-middle attack, replay attack, but also able to protect the biometric for using fuzzy extractor. This technique conceals the user's biometric into the cryptographic key called biometric key. This key is used to verify a user in authentication phase. Therefore, there is no need to store users' biometric in the database. Even if biometric keys is revealed, it is impossible for an attack to infer the users' biometric for the high security of the fuzzy extractor scheme. The protocol also supports multi-factor authentication to enhance security of the entire system.
Keywords: client-server systems; cryptographic protocols; data integrity; data privacy; fuzzy set theory; private key cryptography; public key cryptography; Kerberos scheme; biometric key; biometric-Kerberos based authentication protocol; client-server mutual authentication; cryptographic key; distributed authentication protocol; fuzzy extractor scheme; insecure network; man-in-the-middle attack; replay attack; session keys; user biometric; Authentication; Cryptography; Databases; Mobile communication; Protocols; Servers; Kerberos; biometric; fuzzy extractor; mutual authentication; remote authentication (ID#: 16-9981)


R. Maheshwari, A. Gupta and N. Chandra, “Secure Authentication Using Biometric Templates in Kerberos,” Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on, New Delhi, 2015, pp. 1247-1250. doi: (not provided)
Abstract: The paper suggests the use of biometric templates for achieving the authentication in distributed systems and networks using Kerberos. The most important advantage in using the biometric templates is implying biologically inspired passwords such as pupil, fingerprints, face, iris, hand geometry, voice, palm print, handwritten signatures and gait. Using biometric templates in Kerberos gives more reliability to client server architectures for analysis in distributed platform while dealing with sensitive and confidential information. Even today the companies face challenge of security of confidential data. Although the main focus of the development of Hadoop, CDBMS like technologies was primarily oriented towards the big data analysis, data management and further conversion of huge chunks of raw data into useful information. Hence, implementing biometric templates in Kerberos makes various frameworks on master slave architecture to be more reliable providing an added security advantage.
Keywords: biometrics (access control); client-server systems; cryptographic protocols; message authentication; parallel processing; software architecture; CDBMS; Hadoop; Kerberos; biologically inspired passwords; biometric templates; client server architectures; confidential data security; confidential information; distributed networks; distributed platform; distributed systems; face; fingerprints; gait; hand geometry; handwritten signatures; Iris; master slave architecture; palm print; pupil; secure authentication; sensitive information; voice; Authentication; Authorization; Computer architecture; Cryptography; Databases; Servers; Biometric templates; Data Security; Hadoop; Kerberos; distributed system; master slave architecture (ID#: 16-9982)


M. Colombo, S. N. Valeije and L. Segura, “Issues and Disadvantages that Prevent the Native Implementation of Single Sign On Using Kerberos on Linux Based Systems,” 2015 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), Santiago, 2015, pp. 885-889. doi: 10.1109/Chilecon.2015.7404677
Abstract: This paper discusses the problems and disadvantages users have to deal with when they attempt to use the Single Sign On mechanism, in conjunction with the Kerberos V5 protocol as a means of authenticating users on Linux based environments. Some known incompatibilities and Security problems are exposed for which, today, native Single Sign On in Kerberos is not a standard in Linux. Finally, the future prospects regarding the possibility of accomplishing this goal will be discussed.
Keywords: Linux; authorisation; user interfaces; Kerberos V5 protocol; Linux based systems; single sign; user authentication; Java; Protocols; Security; Servers; Silicon compounds; Standards; Authenticaton; Kerberos;  Single Sign On (ID#: 16-9983)


S. Gulhane and S. Bodkhe, “DDAS Using Kerberos with Adaptive Huffman Coding to Enhance Data Retrieval Speed and Security,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-6. doi: 10.1109/PERVASIVE.2015.7086987
Abstract: The increasing fad of deploying application over the web and store as well as retrieve database to/from particular server. As data stored in distributed manner so scalability, flexibility, reliability and security are important aspects need to be considered while established data management system. There are several systems for database management. After reviewing Distributed data aggregation service(DDAS) system which is relying on Blobseer it found that it provide a high level performance in aspects such as data storage as a Blob (Binary large objects) and data aggregation. For complicated analysis and instinctive mining of scientific data, Blobseer serve as a repository backend. WS-Aggregation is another framework which is viewed as a web services but it is actually carried out aggregation of data. In this framework for executing multi-site queries a single-site interface is provided to the clients. Simple storage service (S3) is another type of storage utility. This S3 system provides an anytime available and low cost service. Kerberos is a method which provides a secure authentication as only authorized clients are able to access distributed database. Kerberos consist of four steps i.e. Authentication Key exchange, Ticket granting service Key exchange, Client/Server service exchange and Build secure communication. Adaptive Huffman method to writing (also referred to as Dynamic Huffman method) is associate accommodative committal to writing technique basic of Huffman coding. It permits compression as well as decompression of data and also permits building the code because the symbols square measure is being transmitted, having no initial information of supply distribution, that enables one-pass cryptography and adaptation to dynamical conditions in data.
Keywords: Huffman codes; Web services; cryptography; data mining; distributed databases; query processing; Blob; Blobseer; DDAS; Kerberos; WS-Aggregation; Web services; adaptive Huffman coding; authentication key exchange; binary large objects; client-server service exchange; data aggregation; data management system; data retrieval security; data retrieval speed; data storage; distributed data aggregation service system; distributed database; dynamic Huffman method; instinctive scientific data mining; multisite queries; one-pass cryptography; secure communication; Authentication; Catalogs; Distributed databases; Memory; Servers; XML; adaptive huffman method; blobseer; distributed database; kerberos; simple storage service; ws aggregation (ID#: 16-9984)


H. Zhang, Q. You and J. Zhang, “A Lightweight Electronic Voting Scheme Based on Blind Signature and Kerberos Mechanism,” Electronics Information and Emergency Communication (ICEIEC), 2015 5th International Conference on, Beijing, 2015, pp. 210-214. doi: 10.1109/ICEIEC.2015.7284523
Abstract: Blind signature has been widely used in electronic voting because of its anonymity. However, all existing electronic voting schemes based on it require maintaining a Certificate Authority to distribute key pairs to voters, which is a huge burden to the electronic voting system. In this paper, we present a lightweight electronic voting system based on blind signature that removes the Certificate Authority by integrating the Kerberos authentication mechanism into the blind signature electronic voting scheme. It uses symmetric keys to encrypt the exchanged information instead of asymmetric keys to avoid the requirement for the Certificate Authority, and thus greatly reduces the cost of the electronic voting system. We have implemented the proposed system, and demonstrated it not only satisfies all the criteria for a practical and secure electronic voting system but also can resist most likely attacks depicted by the three threat models.
Keywords: cryptography; digital signatures; government data processing; Kerberos authentication mechanism; anonymity; blind signature; certificate authority; encryption; exchanged information; lightweight electronic voting scheme; lightweight electronic voting system; secure electronic voting system; symmetric keys; threat models; Authentication; Cryptography; Electronic voting; Nominations and elections; Radiation detectors; Servers; Kerberos; electronic voting; security (ID#: 16-9985)


P. P. Gaikwad, J. P. Gabhane and S. S. Golait, “3-level Secure Kerberos Authentication for Smart Home Systems Using IoT,” Next Generation Computing Technologies (NGCT), 2015 1st International Conference on, Dehradun, 2015, pp. 262-268. doi: 10.1109/NGCT.2015.7375123
Abstract: Uses of Internet-of-Things have been increased almost in all domains. Smart Home System can be made using Internet-of-Things. This paper presents the design and an effective implementation of smart home system using Internet of things. The designed system is very effective and ecofriendly having the advantage of low cost. This system ease out the home automation task and user can easily monitor control home appliances from anywhere and anytime using internet. Embedded system, GPRS module and RF modules are used for making this system. Security has been increased in this system on the server side by using 3 level Kerberos authentication. Hence, the system is now more secure to use than the current smart homes systems. Design of hardware and software is also presented in paper.
Keywords: Internet of Things; authorisation; cellular radio; domestic appliances; embedded systems; home automation; packet radio networks; 3-level secure Kerberos authentication; GPRS module; Internet-of-Things; IoT; RF modules; embedded system; hardware design; home appliance monitoring; home automation task; server side; smart home systems; software design; Microcontrollers; Modems; Radio frequency; Relays; Servers; Smart homes; Switches; Kerberos; RF Identification; Smart home (ID#: 16-9986)


A. Desai, Nagegowda K S and Ninikrishna T, “Secure and QoS Aware Architecture for Cloud Using Software Defined Networks and Hadoop,” 2015 International Conference on Computing and Network Communications (CoCoNet), Trivandrum, 2015, pp. 369-373. doi: 10.1109/CoCoNet.2015.7411212
Abstract: Cloud services have become a daily norm in today's world. Many services today are been migrated to the cloud. Although it has its own benefits it is difficult to manage due to the sheer volume of data and the various different types of services provided. Adhering to the Service Level Agreement (SLA) becomes a challenging task. Also the security of the cloud is very important since if broken all the services provided by the cloud distributor are at risk. Thus there is need of an architecture which is better equipped with security as well as adhering to the quality of service (QoS) written in the SLA given to the tenants of the cloud. In this paper we propose an architecture which will be use software defined networking (SDN) and Hadoop to provide QoS aware and secure architecture. We will also use Kerberos for authentication and single sign on (SSO). In this paper we have shown the sequence of flows of data in a cloud center and how the proposed architecture takes care of it and is equipped to manage the cloud compared to the existing system.
Keywords: cloud computing; contracts; cryptographic protocols; data handling; quality of service; software defined networking; Hadoop; Kerberos; QoS aware architecture; SDN; SLA; SSO; cloud center; cloud distributor; cloud services; secure architecture; service level agreement; single sign on; software defined network; Authentication; Cloud computing; Computer architecture; Control systems; Quality of service; Servers; Big data; Quality of service (QoS); Software defined networks (SDN) (ID#: 16-9987)


S. C. Patel, R. S. Singh and S. Jaiswal, “Secure and Privacy Enhanced Authentication Framework for Cloud Computing,” Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, Coimbatore, 2015, pp. 1631-1634. doi: 10.1109/ECS.2015.7124863
Abstract: Cloud computing is a revolution in information technology. The cloud consumer outsources their sensitive data and personal information to cloud provider's servers which is not within the same trusted domain of data-owner so most challenging issues arises in cloud are data security users privacy and access control. In this paper we also have proposed a method to achieve fine grained security with combined approach of PGP and Kerberos in cloud computing. The proposed method provides authentication, confidentiality, integrity, and privacy features to Cloud Service Providers and Cloud Users.
Keywords: authorisation; cloud computing; data integrity; data privacy; outsourcing; personal information systems; sensitivity; trusted computing; Kerberos approach; PGP approach; access control; authentication features cloud computing; cloud consumer; cloud provider servers; cloud service providers; cloud users; confidentiality features; data security user privacy; data-owner; information technology; integrity features; personal information outsourcing; privacy enhanced authentication framework; privacy features; secure authentication framework; sensitive data outsourcing; Access control; Authentication; Cloud computing; Cryptography; Privacy; Servers; Kerberos; Pretty Good Privacy; access control; authentication; privacy; security (ID#: 16-9988)


S. V. Baghel and D. P. Theng, “A Survey for Secure Communication of Cloud Third Party Authenticator,” Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, Coimbatore, 2015, pp. 51-54. doi: 10.1109/ECS.2015.7124959
Abstract: Cloud computing is an information technology where user can remotely store their outsourced data so as enjoy on demand high quality application and services from configurable resources. Using information data exchange, users can be worried from the load of local data storage and protection. Thus, allowing freely available auditability for cloud data storage is more importance so that user gives change to check data integrity through external audit party. In the direction of securely establish efficient third party auditor (TPA), which has next two primary requirements to be met: 1) TPA should able to audit outsourced data without demanding local copy of user outsourced data; 2) TPA process should not bring in new threats towards user data privacy. To achieve these goals this system will provide a solution that uses Kerberos as a Third Party Auditor/ Authenticator, RSA algorithm for secure communication, MD5 algorithm is used to verify data integrity, Data centers is used for storing of data on cloud in effective manner with secured environment and provides Multilevel Security to Database.
Keywords: authorisation; cloud computing; computer centres; data integrity; data protection; outsourcing; public key cryptography; MD5 algorithm; RSA algorithm; TPA; cloud third party authenticator; data centers; data outsourcing; external audit party; information data exchange; information technology; local data protection; local data storage; multilevel security; on demand high quality application; on demand services; secure communication; third party auditor; user data privacy; user outsourced data; Algorithm design and analysis; Authentication; Cloud computing; Heuristic algorithms; Memory; Servers; Cloud Computing; Data center; Multilevel database; Public Auditing; Third Party Auditor (ID#: 16-9989)


J. Song, H. Kim and S. Park, “Enhancing Conformance Testing Using Symbolic Execution for Network Protocols,” in IEEE Transactions on Reliability, vol. 64, no. 3, pp. 1024-1037, Sept. 2015. doi: 10.1109/TR.2015.2443392
Abstract: Security protocols are notoriously difficult to get right, and most go through several iterations before their hidden security vulnerabilities, which are hard to detect, are triggered. To help protocol designers and developers efficiently find non-trivial bugs, we introduce SYMCONF, a practical conformance testing tool that generates high-coverage test input packets using a conformance test suite and symbolic execution. Our approach can be viewed as the combination of conformance testing and symbolic execution: (1) it first selects symbolic inputs from an existing conformance test suite; (2) it then symbolically executes a network protocol implementation with the symbolic inputs; and (3) it finally generates high-coverage test input packets using a conformance test suite. We demonstrate the feasibility of this methodology by applying SYMCONF to the generation of a stream of high quality test input packets for multiple implementations of two network protocols, the Kerberos Telnet protocol and Dynamic Host Configuration Protocol (DHCP), and discovering non-trivial security bugs in the protocols.
Keywords: conformance testing; cryptographic protocols; DHCP; Kerberos Telnet protocol; SYMCONF; conformance testing enhancement; dynamic host configuration protocol; hidden security vulnerability; high-coverage test input packets; network protocols; nontrivial security bugs; security protocols; symbolic execution; symbolic inputs; Computer bugs; IP networks; Interoperability; Protocols; Security; Software; Testing; Conformance testing; Kerberos; Telnet; protocol verification; test packet generation
(ID#: 16-9990)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.