Defending Against Sequence Number Attacks

IP spoofing attacks based on sequence number spoofing have become a serious threat on the Internet (CERT Advisory CA-95:01). While ubiquitous crypgraphic authentication is the right answer, we propose a simple modification to TCP implementations that should be a very substantial block to the current wave of attacks

Automatic Kerberos Key Rotation

Práce je zaměřena na autentizační systém Kerberos a jeho správu, převážne v oblasti Keytab souborů. Práce popisuje základní součásti celého systému, které jsou v těchto operacích zapojeny, a jejich hlavní vlastnosti. Částečně je také popsán administrační systém FreeIPA, jenž pro autentizaci uživatelů Kerberos využívá. Hlavním cílem bylo vytvořit aplikaci schopnou automaticky a bez uživatelova přičinění rotovat klíče Kerbera a zvýšit tak úroveň zabezpečení celého systému pro případy odposlechů komunikace.This thesis is focused on the Kerberos authentication system and itsmanagement, primarily in the area of the Keytab files. The thesis describes the basic components of the whole system which are involved in these operations and their main properties. The FreeIPA administration system is partly described as well. It uses the Kerberos for the users' authentication. The main objective of this work was to develop an application capable of ,automatically and without user's effort, rotation of the Kerberos keys and thus enhance the security level of the whole system in cases of the communication eavesdropping.

AAA architectures applied in multi-domain IMS (IP multimedia subsystem)

There is a group of communication services that use\ud resources from multiple domains in order to deliver their service.\ud Authorization of the end-user is important for such services,\ud because several domains are involved. There are no current\ud solutions for delivering authentication, authorization and\ud accounting (AAA) to multi-domain services. In our study we\ud present two architectures for the delivery of AAA to such\ud services. The architectures are analyzed on their qualitative\ud aspects. A result of this analysis is that direct interconnection of\ud AAA servers is an effective architectural solution. In current\ud multi-domain IP Multimedia Subsystem (IMS) architectures,\ud direct interconnection of AAA servers, such as the Home\ud Subscriber Servers (HSS), is not yet possible. In this paper we\ud argue and recommend to extend the IMS specification by adding\ud a new interface to HSS in order to support the direct\ud interconnection of HSS/AAA servers located in different IMS\ud administrative domains

Service re-routing for service network graph: efficiency, scalability and implementation

The key to success in Next Generation Network is service routing in which service requests may need to be redirected as in the case of the INVITE request in Session Initiation Protocol. Service Path (SPath) holds the authentication and server paths along side with service information. As the number of hops in a redirection increases, the length of SPath increases. The overhead for service routing protocols which uses SPath increases with the length of SPath. Hence it is desirable to optimize SPath to ensure efficiency and scalability of protocols involving service routing. In this paper, we propose a re-routing strategy to optimize service routing, and demonstrate how this strategy can be implemented using SPath to enhance the efficiency and scalability of Service Network Graph (SNG)

Provisions Relating to IETF Documents

Additional Kerberos Naming Constraints This document defines new naming constraints for well-known Kerberos principal names and well-known Kerberos realm names

Single Sign-On in Cloud Computing Scenarios: A Research Proposal

Cloud computing and Software as a Service infrastructure are becoming important factors in E-commerce and E-business processes. Users may access simultaneously to different E-services supplied by several providers. An efficient approach to authenticate and authorize users is needed to avoid problems about trust and redundancy of procedure. In this paper we will focus on main approaches in managing Authentication and Authorization Infrastructures (AAI): i.e. federated and centralized and cloud based. Then we will discuss about related some critical issues in Cloud computing and SaaS contexts and will highlight the possible future researches.Cloud computing and Software as a Service infrastructure are becoming important factors in E-commerce and E-business processes. Users may access simultaneously to different E-services supplied by several providers. An efficient approach to authenticate and authorize users is needed to avoid problems about trust and redundancy of procedure. In this paper we will focus on main approaches in managing Authentication and Authorization Infrastructures (AAI): i.e. federated and centralized and cloud based. Then we will discuss about related some critical issues in Cloud computing and SaaS contexts and will highlight the possible future researches.Monograph's chapter