Abstract
One of the main trends in IT today is the security of user accounts and the correct procedure for authenticating them in systems [1]. As the population moves into the digital age, every user must also have a digital identity [2]. In order to use a particular service, the user must first authenticate against the system and based on this authentication, the user will be assigned rights to the service [3,4,5]. Back in 2014, it was estimated that the average user of web services had approximately 25 web accounts [6], nowadays it is estimated that there are approximately 80 web accounts per user, where some form of identity authentication must be implemented for each of these services [7]. In large enterprise computer networks, services are used to centrally manage users using, for example, a windows server role – Active Directory Domain Services, which uses the Kerberos authentication protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fujdiak, R., Misurec, J., Mlynek, P., Janer L.: Cryptograph key distribution with elliptic curve Diffie-Hellman algorithm in low-power devices for power grids. Rev. Roum. Sci. Techn., 84–88 (2016)
Paolini, A., Scardaci, D., Liampotis, N., Spinoso, V., Grenier, B., Chen, Y.: Authentication, authorization, and accounting. In: Towards Interoperable Research Infrastructures for Environmental and Earth Sciences, pp. 247–271 (2020) [Online]. Available: http://link.springer.com/10.1007/978-3-030-52829-4_14
Fujdiak, R., Mlynek, P., Misurec, J., Masek, P.: Design of low-power random number generator using signal quantization error in smart grid. In: 2016 39th International Conference on Telecommunications and Signal Processing (TSP), pp. 7–10. IEEE (2016)
Raso, O., Mlynek, P., Fujdiak, R., Pospichal, L., Kubicek, P.: Implementation of elliptic curve Diffie Hellman in ultra-low power microcontroller. In: 2015 38th International Conference on Telecommunications and Signal Processing (TSP), pp. 662–666. IEEE (2015)
Fujdiak, R., Masek, P., Hosek, J., Mlynek, P., Misurec, J.: Efficiency evaluation of different types of cryptography curves on low-power devices. In: 2015 7th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT, pp. 269–274). IEEE (2015)
Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: Proceedings 2014 Network and Distributed System Security Symposium (2014) [Online]. Available: https://www.ndss-symposium.org/ndss2014/programme/tangled-web-password-reuse/
New research: most people have 70–80 passwords. Newswire (2020) [Online]. Available: https://www.newswire.com/news/new-research-most-people-have-70-80-passwords-21103705
Desmond, B., Richards, J., Allen, R., Lowe-Norris, A.G.: Active directory, 5th edn. O’Reilly Media Inc, (2013) [Online]. Available: https://www.oreilly.com/library/view/active-directory-5th/9781449361211/
Stava, M.: On precise fault localization and identification in NoC architectures. In: 2019 22nd Euromicro Conference on Digital System Design (DSD), pp. 478–484 (2019)
Stava, M.: Efficient error recovery scheme in fault-tolerant NoC architectures, In: 2019 IEEE 22nd International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS), pp. 1–4 (2019)
Krivtsova, I., Lebedev, I., Sukhoparov, M., Bazhayev, N., Zikratov, I., Ometov, A., Andreev, S., Masek, P., Fujdiak, R., Hosek, J.: Implementing a broadcast storm attack on a mission-critical wireless sensor network. In: International Conference on Wired/Wireless Internet Communication, pp. 297–308. Springer (2016)
Microsoft Workgroup Add-On for Windows, User’s Guide. MICROSOFT CORP. (1993)
Hunter, L.E.: Active Directory Field Guide. Apress (2005)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos network authentication service (v5) (2005)
Burda, K.: Kryptografie okolo nás, 1st edn. CZ.NIC, z. s. p. o., Praha (2019) [Online]. Available: https://knihy.nic.cz/files/edice/Kryptografie_okolo_nas.pdf
Conrad, E., Misenar, S., Feldman, J.: CISSP Study Guide, 3rd edn. Elsevier Inc. (2015)
Grillenmeier, G.: Now’s the time to rethink active directory security. Semperis (2021) [Online]. Available: https://www.semperis.com/blog/rethink-active-directory-security/
Brabety S.: Penetration testing mit mimikatz. MITP Verlags GmbH (2019)
Acknowledgements
This article is created with the support of the KEGA agency project – 034STU-4/2021 Utilization of Web-based Training and Learning Systems at the Development of New Educational Programs in the Area of Optical Wireless Technologies. The work was also part of the research project reg. no. FW01010474 supported by Technology Agency of the Czech Republic.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Pocarovsky, S., Koppl, M., Orgon, M., Bohacik, A. (2023). Kerberos Golden Ticket Attack. In: Silhavy, R., Silhavy, P., Prokopova, Z. (eds) Data Science and Algorithms in Systems. CoMeSySo 2022. Lecture Notes in Networks and Systems, vol 597. Springer, Cham. https://doi.org/10.1007/978-3-031-21438-7_56
Download citation
DOI: https://doi.org/10.1007/978-3-031-21438-7_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21437-0
Online ISBN: 978-3-031-21438-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)