KAMU: providing advanced user privacy in Kerberos multi-domain scenarios
In Next Generation Networks , Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain inf...
Gespeichert in:
| Veröffentlicht in: | International journal of information security 2013-11, Vol.12 (6), p.505-525 |
|---|---|
| Hauptverfasser: | , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 525 |
|---|---|
| container_issue | 6 |
| container_start_page | 505 |
| container_title | International journal of information security |
| container_volume | 12 |
| creator | Pereñíguez-García, F. Marín-López, R. Kambourakis, G. Ruiz-Martínez, A. Gritzalis, S. Skarmeta-Gómez, A. F. |
| description | In
Next Generation Networks
, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor. |
| doi_str_mv | 10.1007/s10207-013-0201-1 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1464554704</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3093274821</sourcerecordid><originalsourceid>FETCH-LOGICAL-c379t-66dee250f6305e4b58f4385fd46a5cc0f1f6f33cd9295ee8e1d7120ae68af5753</originalsourceid><addsrcrecordid>eNp1kE9Lw0AQxYMoWKsfwFtABC_Rmc3-SbyVolZa8WLPy3YzW1LSRHebQr-9WypFBE8zzPzm8eYlyTXCPQKoh4DAQGWAeRYbzPAkGaBEkQmm4PTYS3aeXISwAmAIJQ6SyXT0Nn9MP323rau6Xaam2prWUpX2gXyc11tjd2ndplPyC_JdSNd9s6mzqlubOA2WWuPrLlwmZ840ga5-6jCZPz99jCfZ7P3ldTyaZTZX5SaTsiJiApzMQRBfiMLxvBCu4tIIa8Ghky7PbVWyUhAVhJVCBoZkYZxQIh8mdwfdaPmrp7DR6zqaaBrTUtcHjVxyIbgCHtGbP-iq630b3UWKAxYcyzJSeKBsfC54cjo-vTZ-pxH0Plt9yFbHbPU-W43x5vZH2QRrGudjZHU4HjKlykIgRI4duBBX7ZL8Lwf_in8D2weHjA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1440184199</pqid></control><display><type>article</type><title>KAMU: providing advanced user privacy in Kerberos multi-domain scenarios</title><source>EBSCOhost Business Source Complete</source><source>SpringerLink Journals - AutoHoldings</source><creator>Pereñíguez-García, F. ; Marín-López, R. ; Kambourakis, G. ; Ruiz-Martínez, A. ; Gritzalis, S. ; Skarmeta-Gómez, A. F.</creator><creatorcontrib>Pereñíguez-García, F. ; Marín-López, R. ; Kambourakis, G. ; Ruiz-Martínez, A. ; Gritzalis, S. ; Skarmeta-Gómez, A. F.</creatorcontrib><description>In
Next Generation Networks
, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-013-0201-1</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Applied sciences ; Authentication ; Authentication protocols ; Coding and Information Theory ; Communication systems ; Communications Engineering ; Communications systems ; Computer Communication Networks ; Computer information security ; Computer Science ; Computer science; control theory; systems ; Computer systems and distributed systems. User interface ; Cryptography ; Cryptology ; Cybersecurity ; Exact sciences and technology ; Information, signal and communications theory ; International ; Internet ; Management of Computing and Information Systems ; Memory and file management (including protection and security) ; Memory organisation. Data processing ; Messages ; Networks ; Operating Systems ; Personal information ; Privacy ; Proposals ; Protocol ; Regular Contribution ; Servers ; Signal and communications theory ; Software ; Studies ; Telecommunications and information theory ; Weight reduction ; Wireless networks</subject><ispartof>International journal of information security, 2013-11, Vol.12 (6), p.505-525</ispartof><rights>Springer-Verlag Berlin Heidelberg 2013</rights><rights>2014 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c379t-66dee250f6305e4b58f4385fd46a5cc0f1f6f33cd9295ee8e1d7120ae68af5753</citedby><cites>FETCH-LOGICAL-c379t-66dee250f6305e4b58f4385fd46a5cc0f1f6f33cd9295ee8e1d7120ae68af5753</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-013-0201-1$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-013-0201-1$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27922,27923,41486,42555,51317</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=27798510$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>Pereñíguez-García, F.</creatorcontrib><creatorcontrib>Marín-López, R.</creatorcontrib><creatorcontrib>Kambourakis, G.</creatorcontrib><creatorcontrib>Ruiz-Martínez, A.</creatorcontrib><creatorcontrib>Gritzalis, S.</creatorcontrib><creatorcontrib>Skarmeta-Gómez, A. F.</creatorcontrib><title>KAMU: providing advanced user privacy in Kerberos multi-domain scenarios</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>In
Next Generation Networks
, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.</description><subject>Applied sciences</subject><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Coding and Information Theory</subject><subject>Communication systems</subject><subject>Communications Engineering</subject><subject>Communications systems</subject><subject>Computer Communication Networks</subject><subject>Computer information security</subject><subject>Computer Science</subject><subject>Computer science; control theory; systems</subject><subject>Computer systems and distributed systems. User interface</subject><subject>Cryptography</subject><subject>Cryptology</subject><subject>Cybersecurity</subject><subject>Exact sciences and technology</subject><subject>Information, signal and communications theory</subject><subject>International</subject><subject>Internet</subject><subject>Management of Computing and Information Systems</subject><subject>Memory and file management (including protection and security)</subject><subject>Memory organisation. Data processing</subject><subject>Messages</subject><subject>Networks</subject><subject>Operating Systems</subject><subject>Personal information</subject><subject>Privacy</subject><subject>Proposals</subject><subject>Protocol</subject><subject>Regular Contribution</subject><subject>Servers</subject><subject>Signal and communications theory</subject><subject>Software</subject><subject>Studies</subject><subject>Telecommunications and information theory</subject><subject>Weight reduction</subject><subject>Wireless networks</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp1kE9Lw0AQxYMoWKsfwFtABC_Rmc3-SbyVolZa8WLPy3YzW1LSRHebQr-9WypFBE8zzPzm8eYlyTXCPQKoh4DAQGWAeRYbzPAkGaBEkQmm4PTYS3aeXISwAmAIJQ6SyXT0Nn9MP323rau6Xaam2prWUpX2gXyc11tjd2ndplPyC_JdSNd9s6mzqlubOA2WWuPrLlwmZ840ga5-6jCZPz99jCfZ7P3ldTyaZTZX5SaTsiJiApzMQRBfiMLxvBCu4tIIa8Ghky7PbVWyUhAVhJVCBoZkYZxQIh8mdwfdaPmrp7DR6zqaaBrTUtcHjVxyIbgCHtGbP-iq630b3UWKAxYcyzJSeKBsfC54cjo-vTZ-pxH0Plt9yFbHbPU-W43x5vZH2QRrGudjZHU4HjKlykIgRI4duBBX7ZL8Lwf_in8D2weHjA</recordid><startdate>20131101</startdate><enddate>20131101</enddate><creator>Pereñíguez-García, F.</creator><creator>Marín-López, R.</creator><creator>Kambourakis, G.</creator><creator>Ruiz-Martínez, A.</creator><creator>Gritzalis, S.</creator><creator>Skarmeta-Gómez, A. F.</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><general>Springer Nature B.V</general><scope>IQODW</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>0U~</scope><scope>1-H</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L.0</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>20131101</creationdate><title>KAMU: providing advanced user privacy in Kerberos multi-domain scenarios</title><author>Pereñíguez-García, F. ; Marín-López, R. ; Kambourakis, G. ; Ruiz-Martínez, A. ; Gritzalis, S. ; Skarmeta-Gómez, A. F.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c379t-66dee250f6305e4b58f4385fd46a5cc0f1f6f33cd9295ee8e1d7120ae68af5753</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Applied sciences</topic><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Coding and Information Theory</topic><topic>Communication systems</topic><topic>Communications Engineering</topic><topic>Communications systems</topic><topic>Computer Communication Networks</topic><topic>Computer information security</topic><topic>Computer Science</topic><topic>Computer science; control theory; systems</topic><topic>Computer systems and distributed systems. User interface</topic><topic>Cryptography</topic><topic>Cryptology</topic><topic>Cybersecurity</topic><topic>Exact sciences and technology</topic><topic>Information, signal and communications theory</topic><topic>International</topic><topic>Internet</topic><topic>Management of Computing and Information Systems</topic><topic>Memory and file management (including protection and security)</topic><topic>Memory organisation. Data processing</topic><topic>Messages</topic><topic>Networks</topic><topic>Operating Systems</topic><topic>Personal information</topic><topic>Privacy</topic><topic>Proposals</topic><topic>Protocol</topic><topic>Regular Contribution</topic><topic>Servers</topic><topic>Signal and communications theory</topic><topic>Software</topic><topic>Studies</topic><topic>Telecommunications and information theory</topic><topic>Weight reduction</topic><topic>Wireless networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Pereñíguez-García, F.</creatorcontrib><creatorcontrib>Marín-López, R.</creatorcontrib><creatorcontrib>Kambourakis, G.</creatorcontrib><creatorcontrib>Ruiz-Martínez, A.</creatorcontrib><creatorcontrib>Gritzalis, S.</creatorcontrib><creatorcontrib>Skarmeta-Gómez, A. F.</creatorcontrib><collection>Pascal-Francis</collection><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>Global News & ABI/Inform Professional</collection><collection>Trade PRO</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Professional Standard</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Criminal Justice Database</collection><collection>Military Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Pereñíguez-García, F.</au><au>Marín-López, R.</au><au>Kambourakis, G.</au><au>Ruiz-Martínez, A.</au><au>Gritzalis, S.</au><au>Skarmeta-Gómez, A. F.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>KAMU: providing advanced user privacy in Kerberos multi-domain scenarios</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2013-11-01</date><risdate>2013</risdate><volume>12</volume><issue>6</issue><spage>505</spage><epage>525</epage><pages>505-525</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>In
Next Generation Networks
, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-013-0201-1</doi><tpages>21</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1615-5262 |
| ispartof | International journal of information security, 2013-11, Vol.12 (6), p.505-525 |
| issn | 1615-5262 1615-5270 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1464554704 |
| source | EBSCOhost Business Source Complete; SpringerLink Journals - AutoHoldings |
| subjects | Applied sciences Authentication Authentication protocols Coding and Information Theory Communication systems Communications Engineering Communications systems Computer Communication Networks Computer information security Computer Science Computer science control theory systems Computer systems and distributed systems. User interface Cryptography Cryptology Cybersecurity Exact sciences and technology Information, signal and communications theory International Internet Management of Computing and Information Systems Memory and file management (including protection and security) Memory organisation. Data processing Messages Networks Operating Systems Personal information Privacy Proposals Protocol Regular Contribution Servers Signal and communications theory Software Studies Telecommunications and information theory Weight reduction Wireless networks |
| title | KAMU: providing advanced user privacy in Kerberos multi-domain scenarios |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-10T05%3A33%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=KAMU:%20providing%20advanced%20user%20privacy%20in%20Kerberos%20multi-domain%20scenarios&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Pere%C3%B1%C3%ADguez-Garc%C3%ADa,%20F.&rft.date=2013-11-01&rft.volume=12&rft.issue=6&rft.spage=505&rft.epage=525&rft.pages=505-525&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-013-0201-1&rft_dat=%3Cproquest_cross%3E3093274821%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1440184199&rft_id=info:pmid/&rfr_iscdi=true |