On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mi...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2021, Vol.9, p.109289-109319
Hauptverfasser:	Motero, Carlos Diaz, Higuera, Juan Ramon Bermejo, Higuera, Javier Bermejo, Montalvo, Juan Antonio Sicilia, Gomez, Nadia Gamez
Format:	Artikel
Sprache:	eng
Schlagworte:	Authentication Encryption Kerberos Kerberos attack detection Kerberos attacks Kerberos attack’s mitigation Picture archiving and communication systems Protocols Servers Virtual environments Windows active directory
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	109319
container_issue
container_start_page	109289
container_title	IEEE access
container_volume	9
creator	Motero, Carlos Diaz Higuera, Juan Ramon Bermejo Higuera, Javier Bermejo Montalvo, Juan Antonio Sicilia Gomez, Nadia Gamez
description	Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it's necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.
doi_str_mv	10.1109/ACCESS.2021.3101446
format	Article
fullrecord	<record><control><sourceid>proquest_doaj_</sourceid><recordid>TN_cdi_proquest_journals_2560140906</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9501961</ieee_id><doaj_id>oai_doaj_org_article_bda3b4a72eff422b83b5628fcfb882d0</doaj_id><sourcerecordid>2560140906</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-a161d621c7c32568abfb95d05c07d9f014caf99cabde168ae9c0f47ae10454a13</originalsourceid><addsrcrecordid>eNpNUctOwzAQjBBIIOgXcLHEucWPxIm5RaU8RKUiFcTRsp01uJS4OG5R_x6XVBW-2NqdmZ31ZNklwSNCsLiux-PJfD6imJIRI5jkOT_KzijhYsgKxo__vU-zQdctcDpVKhXlWWZnLapjVObTte_oCYKG4DtUr-MHtNEZFZ1v0XPw0Ru_RK5Fb65t_E-CmOg2gG5dABN92KI5hI0z0N2gOhGU2bGXaL4OG9heZCdWLTsY7O_z7PVu8jJ-GE5n94_jejo0Oa7iUBFOGk6JKQ2jBa-UtloUDS4MLhth025GWSGM0g2Q1AZhsM1LBQTnRa4IO88ee93Gq4VcBfelwlZ65eRfwYd3qUIytgSpG8V0rkoK1uaU6orpgtPKGqurijY4aV31Wqvgv9fQRbnw69Am-zJ5S16wwDyhWI8y6d-6APYwlWC5y0f2-chdPnKfT2Jd9iwHAAeGKDARnLBfmRKMzA</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2560140906</pqid></control><display><type>article</type><title>On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Motero, Carlos Diaz ; Higuera, Juan Ramon Bermejo ; Higuera, Javier Bermejo ; Montalvo, Juan Antonio Sicilia ; Gomez, Nadia Gamez</creator><creatorcontrib>Motero, Carlos Diaz ; Higuera, Juan Ramon Bermejo ; Higuera, Javier Bermejo ; Montalvo, Juan Antonio Sicilia ; Gomez, Nadia Gamez</creatorcontrib><description>Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it's necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3101446</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Authentication ; Encryption ; Kerberos ; Kerberos attack detection ; Kerberos attacks ; Kerberos attack’s mitigation ; Picture archiving and communication systems ; Protocols ; Servers ; Virtual environments ; Windows active directory</subject><ispartof>IEEE access, 2021, Vol.9, p.109289-109319</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-a161d621c7c32568abfb95d05c07d9f014caf99cabde168ae9c0f47ae10454a13</citedby><cites>FETCH-LOGICAL-c408t-a161d621c7c32568abfb95d05c07d9f014caf99cabde168ae9c0f47ae10454a13</cites><orcidid>0000-0002-5962-4147 ; 0000-0003-3681-2572 ; 0000-0002-0197-8663</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9501961$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,2096,4010,27610,27900,27901,27902,54908</link.rule.ids></links><search><creatorcontrib>Motero, Carlos Diaz</creatorcontrib><creatorcontrib>Higuera, Juan Ramon Bermejo</creatorcontrib><creatorcontrib>Higuera, Javier Bermejo</creatorcontrib><creatorcontrib>Montalvo, Juan Antonio Sicilia</creatorcontrib><creatorcontrib>Gomez, Nadia Gamez</creatorcontrib><title>On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey</title><title>IEEE access</title><addtitle>Access</addtitle><description>Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it's necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.</description><subject>Authentication</subject><subject>Encryption</subject><subject>Kerberos</subject><subject>Kerberos attack detection</subject><subject>Kerberos attacks</subject><subject>Kerberos attack’s mitigation</subject><subject>Picture archiving and communication systems</subject><subject>Protocols</subject><subject>Servers</subject><subject>Virtual environments</subject><subject>Windows active directory</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUctOwzAQjBBIIOgXcLHEucWPxIm5RaU8RKUiFcTRsp01uJS4OG5R_x6XVBW-2NqdmZ31ZNklwSNCsLiux-PJfD6imJIRI5jkOT_KzijhYsgKxo__vU-zQdctcDpVKhXlWWZnLapjVObTte_oCYKG4DtUr-MHtNEZFZ1v0XPw0Ru_RK5Fb65t_E-CmOg2gG5dABN92KI5hI0z0N2gOhGU2bGXaL4OG9heZCdWLTsY7O_z7PVu8jJ-GE5n94_jejo0Oa7iUBFOGk6JKQ2jBa-UtloUDS4MLhth025GWSGM0g2Q1AZhsM1LBQTnRa4IO88ee93Gq4VcBfelwlZ65eRfwYd3qUIytgSpG8V0rkoK1uaU6orpgtPKGqurijY4aV31Wqvgv9fQRbnw69Am-zJ5S16wwDyhWI8y6d-6APYwlWC5y0f2-chdPnKfT2Jd9iwHAAeGKDARnLBfmRKMzA</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Motero, Carlos Diaz</creator><creator>Higuera, Juan Ramon Bermejo</creator><creator>Higuera, Javier Bermejo</creator><creator>Montalvo, Juan Antonio Sicilia</creator><creator>Gomez, Nadia Gamez</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-5962-4147</orcidid><orcidid>https://orcid.org/0000-0003-3681-2572</orcidid><orcidid>https://orcid.org/0000-0002-0197-8663</orcidid></search><sort><creationdate>2021</creationdate><title>On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey</title><author>Motero, Carlos Diaz ; Higuera, Juan Ramon Bermejo ; Higuera, Javier Bermejo ; Montalvo, Juan Antonio Sicilia ; Gomez, Nadia Gamez</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-a161d621c7c32568abfb95d05c07d9f014caf99cabde168ae9c0f47ae10454a13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Authentication</topic><topic>Encryption</topic><topic>Kerberos</topic><topic>Kerberos attack detection</topic><topic>Kerberos attacks</topic><topic>Kerberos attack’s mitigation</topic><topic>Picture archiving and communication systems</topic><topic>Protocols</topic><topic>Servers</topic><topic>Virtual environments</topic><topic>Windows active directory</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Motero, Carlos Diaz</creatorcontrib><creatorcontrib>Higuera, Juan Ramon Bermejo</creatorcontrib><creatorcontrib>Higuera, Javier Bermejo</creatorcontrib><creatorcontrib>Montalvo, Juan Antonio Sicilia</creatorcontrib><creatorcontrib>Gomez, Nadia Gamez</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Motero, Carlos Diaz</au><au>Higuera, Juan Ramon Bermejo</au><au>Higuera, Javier Bermejo</au><au>Montalvo, Juan Antonio Sicilia</au><au>Gomez, Nadia Gamez</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>109289</spage><epage>109319</epage><pages>109289-109319</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it's necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3101446</doi><tpages>31</tpages><orcidid>https://orcid.org/0000-0002-5962-4147</orcidid><orcidid>https://orcid.org/0000-0003-3681-2572</orcidid><orcidid>https://orcid.org/0000-0002-0197-8663</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2021, Vol.9, p.109289-109319
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2560140906
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects	Authentication Encryption Kerberos Kerberos attack detection Kerberos attacks Kerberos attack’s mitigation Picture archiving and communication systems Protocols Servers Virtual environments Windows active directory
title	On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T05%3A27%3A01IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=On%20Attacking%20Kerberos%20Authentication%20Protocol%20in%20Windows%20Active%20Directory%20Services:%20A%20Practical%20Survey&rft.jtitle=IEEE%20access&rft.au=Motero,%20Carlos%20Diaz&rft.date=2021&rft.volume=9&rft.spage=109289&rft.epage=109319&rft.pages=109289-109319&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3101446&rft_dat=%3Cproquest_doaj_%3E2560140906%3C/proquest_doaj_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2560140906&rft_id=info:pmid/&rft_ieee_id=9501961&rft_doaj_id=oai_doaj_org_article_bda3b4a72eff422b83b5628fcfb882d0&rfr_iscdi=true