Abstract
In Next Generation Networks, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.
Similar content being viewed by others
Notes
Kerberos User Anonymity and Message Exchange Unlinkability.
In this paper, we use the terms realm/domain and user/client indistinctly.
References
Chen, H., Xiao, Y., Hong, X., Hu, F., Xie, J.: A survey of anonymity in wireless communication systems. Secur. Commun. Netw. 2(5), 427–444 (2008)
Bowen, C.L., Martin, T.L.: A survey of location privacy and an approach for solitary users. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, p. 163, Washington, DC, USA (2007)
Bagnulo, M., Garcia-Martines, A., Azcorra, A.: An architecture for network layer privacy. In: ICCC 2007: International Conference on Communications, pp. 1509–1514, Washington, DC, USA (2007)
Christin, D., Hollick, M., Manulis, M.: Security and privacy objectives for sensing applications in wireless community networks. In ICCCN 2010: Proceedings of 19th International Conference on Computer Communications and Networks, pp. 1095–2055. IEEE Computer Society, Washington, DC (2010)
Cardoso, R.S., Speicys, R., Valerie, I.: Architecting pervasive computing systems for privacy: a survey. In: WICSA 2007: Proceedings of the Sixth Working IEEE/IFIP Conference on Software Architecture, p. 26. IEEE Computer Society, Washington, DC (2007)
Yener, B., Edman, M.: On anonymity in an electronic society: a survey of anonymous communication systems. ACM Comput. Surv. 42(1), 1–35 (2009)
Karopoulos, G., Kambourakis, G., Gritzalis, S., Konstantinou, E.: A framework for identity privacy in SIP. J. Netw. Comput. Appl. 33(1), 16–28 (2010)
Ruiz-Martínez, A.: A survey on solutions and main free tools for privacy enhancing web communications. J. Netw. Comput. Appl. 35(5), 1473–1492 (2012)
Sweeney, L.: Uniqueness of simple demographics in the U.S. population. Laboratory for International Data Privacy working paper (2000)
Golle, P.: Revisiting the uniqueness of simple demographics in the US population. In: Proceedings of 5th ACM Workshop on Privacy in Electronic Society, Alexandria, VA, USA, October 2006
Ohm, P.: Broken promises of privacy: responding to the surprising failure of anonymization. Available at SSRN: http://ssrn.com/abstract=1450006. University of Colorado Law Legal Studies research paper no. 09-12, August 2009
Tene, O.: Privacy: the new generations. Oxford Journal, International Data Privacy Law, pp. 1–13, November 2010
Hansen, M., Tschofenig, H., Smith, R.: Privacy terminology. IETF Internet Draft, draft-hansen-privacy-terminology-03, October 2011
King, N.J., Jessen, P.W.: Profiling the mobile customer—privacy concerns when behavioural advertisers target mobile phones. Comput. Law Secur. Rev. 26(5), 455–478 (2010)
Pereniguez, F., Marin-Lopez, R., Kambourakis, G., Gritzalis, S., Gomez, A.F.: PrivaKERB: a user privacy framework for Kerberos. Comput. Secur. 30(6–7), 446–463 (2011)
Ren, J., Wu, J.: Survey on anonymous communications in computer networks. Comput. Commun. 33, 420–431 (2010)
Mccoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.: Shining light in dark places: understanding the Tor network. In: Proceedings of the 8th International Symposium on Privacy Enhancing Technologies, PETS ’08, pp. 63–76. Springer, Berlin (2008)
Chaabane, A., Manils, P., Ali Kaafar, M.: Digging into anonymous traffic: a deep analysis of the Tor anonymizing network. In: Proceedings of the 2010 Fourth International Conference on Network and System Security, NSS ’10, pp. 167–174. IEEE Computer Society, Washington, DC (2010)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, pp. 21–21. USENIX Association (2004)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos network authentication service (V5). IETF RFC 4120, July 2005
Kerberos WG. http://datatracker.ietf.org/wg/krb-wg/
The MIT Kerberos Consortium. http://www.kerberos.org
Medvinsky, A., Cargille, J., Hur, M.: Anonymous credentials in Kerberos. IETF Internet Draft, IETF draft-ietf-cat-kerberos-anoncred-00.txt, March 1998
Zhu, L., Leac,h P., Hartman, S.: Anonymity support for Kerberos. IETF Internet Draft, IETF draft-ietf-krb-wg-anon-12.txt, August 2010
Gulyás, G., Schulcz, R., Imre, S.: Comprehensive analysis of web privacy and anonymous web browsers: Are next generation services based on collaborative filtering? In: Proceedings of the Joint SPACE and TIME Workshops, pp. 17–32 (2008)
Zalewski, M.: Silence on the wire: a field guide to passive reconnaissance and indirect attacks, 1st edn. No Starch Press, San Francisco, CA (2005)
Back, A., Möller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Proceedings of the 4th International Workshop on Information Hiding, pp. 245–257. Springer (2001)
Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak? In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 82–91. ACM (2007)
Schlegel, R., Wong, D.S.: Low latency high bandwidth anonymous overlay network with anonymous routing. Published: Cryptology ePrint Archive. Report 2009/294 (2009). http://eprint.iacr.org/
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)
Freedman, M.J., Morris, R.: Tarzan: a peer-to-peer anonymizing network layer. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 193–206. ACM (2002)
Rebollo-Monedero, D., Forné, J., Solanas, A., Martínez-Ballesté, A.: Private location-based information retrieval through user collaboration. Comput. Commun. 33(6), 762–774 (2010)
Danezis, G., Diaz, C., Syverson, P.: Systems for Anonymous Communication. CRC Cryptography and Network Security Series, pp. 341–389. Chapman & Hall/CRC, London (2009)
Li, B., Erdin, E., Güneş, M.H., Bebis, G., Shipley, T.: An analysis of anonymity technology usage. In: Proceedings of the Third International Conference on Traffic Monitoring and Analysis, TMA’11, pp. 108–121, Springer, Berlin (2011)
Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability, pp. 96–114. Springer, New York, NY (2001)
3proxy tiny free proxy server. http://www.3proxy.ru/
TorifyHOWTO. https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
Whonix. http://sourceforge.net/p/whonix/
Berthold, O., Federrath, H., Köhntopp, M.: Project anonymity and unobservability in the Internet. In: Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, CFP ’00, pp. 57–65. ACM, New York, NY (2000)
Danezis, G.: The traffic analysis of continuous-time mixes. In: PET’04, pp. 35–50. Springer (2005)
Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: ESORICS’6. Springer (2006)
Wiangsripanawan, R., Susilo, W., Safavi-Naini, R.: Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks. In: Proceedings of the fifth Australasian Symposium on ACSW Frontiers, 68, 183–191 (2007)
Johnson, A., Feigenbaum, J., Syverson, P.: Preventing active timing attacks in low-latency anonymous. Communication, July 2010
Rennhard, M., Plattner, B.: Practical anonymity for the masses with MorphMix, vol. 3110 of Lecture Notes in Computer Science, pp. 233–250. Springer, February 2004
Wendolsky, R., Herrmann, D., Federrath, H.: Performance Comparison of Low-Latency Anonymisation Services from a User Perspective, pp. 233–253. Springer, Berlin (2007)
Fabian, B., Goertz, F., Kunz, S., Müller, S., Nitzsche, M.: Privately Waiting—A Usability Analysis of the Tor Anonymity Network, vol. 58, pp. 63–75. Springer, Berlin (2010)
MIT Kerberos Distribution. http://web.mit.edu/Kerberos/
Josefsson, S.: Using Kerberos V5 over the transport layer security (TLS) protocol. IETF RFC 6251, May 2011
Hartman, S., Zhu, L.: A generalized framework for Kerberos pre-authentication. IETF Internet Draft, draft-ietf-krb-wg-preauth-framework-17, June 2010
Shimaoka, M., Hastings, N., Nielsen, R.: Memorandum for multi-domain public key infrastructure interoperability. IETF RFC 5217, July 2008
Kent, S., Seo, K.: Security architecture for the Internet protocol. IETF RFC 4301, December 2005
Zhu, L., Tung, B.: Public key cryptography for initial authentication in Kerberos (PKINIT). IETF RFC 4556, June 2006
Acknowledgments
This work has been partially supported by the Ministerio de Ciencia e Innovación, Spain, under Grant TIN2011-27543-C03 by the European Seventh Framework Program through the INTER-TRUST project (contract 317731) and by the “Seneca Foundation for Excellent Group in the Region 04552/GERM/06”. Also, we would like to thank the anonymous reviewers for their valuable comments and suggestions, which have significantly contributed to improve the quality of this paper.
Author information
Authors and Affiliations
Corresponding author
Appendix: Performance analysis detailed results
Appendix: Performance analysis detailed results
To simplify the performance analysis conducted in Sect. 5.2, numerical results are displayed through different plots. Nevertheless, for the sake of completeness, in the following, we provide the detailed measurements taken for the different metrics used as reference: message length, network time, message processing time and exchange time. Tables 3, 4 and 5 contain results obtained in the single-domain scenario for standard Kerberos, PrivaKERB (level 2) and KAMU, respectively. Similarly, Tables 6, 7 and 8 show values collected in the multi-domain scenario for these schemes.
Rights and permissions
About this article
Cite this article
Pereñíguez-García, F., Marín-López, R., Kambourakis, G. et al. KAMU: providing advanced user privacy in Kerberos multi-domain scenarios. Int. J. Inf. Secur. 12, 505–525 (2013). https://doi.org/10.1007/s10207-013-0201-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-013-0201-1