Skip to main content
SpringerLink
Log in

KAMU: providing advanced user privacy in Kerberos multi-domain scenarios

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In Next Generation Networks, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. Kerberos User Anonymity and Message Exchange Unlinkability.

  2. In this paper, we use the terms realm/domain and user/client indistinctly.

References

  1. Chen, H., Xiao, Y., Hong, X., Hu, F., Xie, J.: A survey of anonymity in wireless communication systems. Secur. Commun. Netw. 2(5), 427–444 (2008)

    Article  Google Scholar 

  2. Bowen, C.L., Martin, T.L.: A survey of location privacy and an approach for solitary users. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, p. 163, Washington, DC, USA (2007)

  3. Bagnulo, M., Garcia-Martines, A., Azcorra, A.: An architecture for network layer privacy. In: ICCC 2007: International Conference on Communications, pp. 1509–1514, Washington, DC, USA (2007)

  4. Christin, D., Hollick, M., Manulis, M.: Security and privacy objectives for sensing applications in wireless community networks. In ICCCN 2010: Proceedings of 19th International Conference on Computer Communications and Networks, pp. 1095–2055. IEEE Computer Society, Washington, DC (2010)

  5. Cardoso, R.S., Speicys, R., Valerie, I.: Architecting pervasive computing systems for privacy: a survey. In: WICSA 2007: Proceedings of the Sixth Working IEEE/IFIP Conference on Software Architecture, p. 26. IEEE Computer Society, Washington, DC (2007)

  6. Yener, B., Edman, M.: On anonymity in an electronic society: a survey of anonymous communication systems. ACM Comput. Surv. 42(1), 1–35 (2009)

    Google Scholar 

  7. Karopoulos, G., Kambourakis, G., Gritzalis, S., Konstantinou, E.: A framework for identity privacy in SIP. J. Netw. Comput. Appl. 33(1), 16–28 (2010)

    Article  Google Scholar 

  8. Ruiz-Martínez, A.: A survey on solutions and main free tools for privacy enhancing web communications. J. Netw. Comput. Appl. 35(5), 1473–1492 (2012)

    Article  Google Scholar 

  9. Sweeney, L.: Uniqueness of simple demographics in the U.S. population. Laboratory for International Data Privacy working paper (2000)

  10. Golle, P.: Revisiting the uniqueness of simple demographics in the US population. In: Proceedings of 5th ACM Workshop on Privacy in Electronic Society, Alexandria, VA, USA, October 2006

  11. Ohm, P.: Broken promises of privacy: responding to the surprising failure of anonymization. Available at SSRN: http://ssrn.com/abstract=1450006. University of Colorado Law Legal Studies research paper no. 09-12, August 2009

  12. Tene, O.: Privacy: the new generations. Oxford Journal, International Data Privacy Law, pp. 1–13, November 2010

  13. Hansen, M., Tschofenig, H., Smith, R.: Privacy terminology. IETF Internet Draft, draft-hansen-privacy-terminology-03, October 2011

  14. King, N.J., Jessen, P.W.: Profiling the mobile customer—privacy concerns when behavioural advertisers target mobile phones. Comput. Law Secur. Rev. 26(5), 455–478 (2010)

    Article  Google Scholar 

  15. Pereniguez, F., Marin-Lopez, R., Kambourakis, G., Gritzalis, S., Gomez, A.F.: PrivaKERB: a user privacy framework for Kerberos. Comput. Secur. 30(6–7), 446–463 (2011)

    Article  Google Scholar 

  16. Ren, J., Wu, J.: Survey on anonymous communications in computer networks. Comput. Commun. 33, 420–431 (2010)

    Article  Google Scholar 

  17. Mccoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.: Shining light in dark places: understanding the Tor network. In: Proceedings of the 8th International Symposium on Privacy Enhancing Technologies, PETS ’08, pp. 63–76. Springer, Berlin (2008)

  18. Chaabane, A., Manils, P., Ali Kaafar, M.: Digging into anonymous traffic: a deep analysis of the Tor anonymizing network. In: Proceedings of the 2010 Fourth International Conference on Network and System Security, NSS ’10, pp. 167–174. IEEE Computer Society, Washington, DC (2010)

  19. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, pp. 21–21. USENIX Association (2004)

  20. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos network authentication service (V5). IETF RFC 4120, July 2005

  21. Kerberos WG. http://datatracker.ietf.org/wg/krb-wg/

  22. The MIT Kerberos Consortium. http://www.kerberos.org

  23. Medvinsky, A., Cargille, J., Hur, M.: Anonymous credentials in Kerberos. IETF Internet Draft, IETF draft-ietf-cat-kerberos-anoncred-00.txt, March 1998

  24. Zhu, L., Leac,h P., Hartman, S.: Anonymity support for Kerberos. IETF Internet Draft, IETF draft-ietf-krb-wg-anon-12.txt, August 2010

  25. Gulyás, G., Schulcz, R., Imre, S.: Comprehensive analysis of web privacy and anonymous web browsers: Are next generation services based on collaborative filtering? In: Proceedings of the Joint SPACE and TIME Workshops, pp. 17–32 (2008)

  26. Zalewski, M.: Silence on the wire: a field guide to passive reconnaissance and indirect attacks, 1st edn. No Starch Press, San Francisco, CA (2005)

  27. Back, A., Möller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Proceedings of the 4th International Workshop on Information Hiding, pp. 245–257. Springer (2001)

  28. Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak? In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 82–91. ACM (2007)

  29. Schlegel, R., Wong, D.S.: Low latency high bandwidth anonymous overlay network with anonymous routing. Published: Cryptology ePrint Archive. Report 2009/294 (2009). http://eprint.iacr.org/

  30. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)

    Google Scholar 

  31. Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)

    Google Scholar 

  32. Freedman, M.J., Morris, R.: Tarzan: a peer-to-peer anonymizing network layer. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 193–206. ACM (2002)

  33. Rebollo-Monedero, D., Forné, J., Solanas, A., Martínez-Ballesté, A.: Private location-based information retrieval through user collaboration. Comput. Commun. 33(6), 762–774 (2010)

    Google Scholar 

  34. Danezis, G., Diaz, C., Syverson, P.: Systems for Anonymous Communication. CRC Cryptography and Network Security Series, pp. 341–389. Chapman & Hall/CRC, London (2009)

  35. Li, B., Erdin, E., Güneş, M.H., Bebis, G., Shipley, T.: An analysis of anonymity technology usage. In: Proceedings of the Third International Conference on Traffic Monitoring and Analysis, TMA’11, pp. 108–121, Springer, Berlin (2011)

  36. Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability, pp. 96–114. Springer, New York, NY (2001)

  37. 3proxy tiny free proxy server. http://www.3proxy.ru/

  38. TorifyHOWTO. https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

  39. Whonix. http://sourceforge.net/p/whonix/

  40. Berthold, O., Federrath, H., Köhntopp, M.: Project anonymity and unobservability in the Internet. In: Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, CFP ’00, pp. 57–65. ACM, New York, NY (2000)

  41. Danezis, G.: The traffic analysis of continuous-time mixes. In: PET’04, pp. 35–50. Springer (2005)

  42. Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: ESORICS’6. Springer (2006)

  43. Wiangsripanawan, R., Susilo, W., Safavi-Naini, R.: Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks. In: Proceedings of the fifth Australasian Symposium on ACSW Frontiers, 68, 183–191 (2007)

  44. Johnson, A., Feigenbaum, J., Syverson, P.: Preventing active timing attacks in low-latency anonymous. Communication, July 2010

  45. Rennhard, M., Plattner, B.: Practical anonymity for the masses with MorphMix, vol. 3110 of Lecture Notes in Computer Science, pp. 233–250. Springer, February 2004

  46. Wendolsky, R., Herrmann, D., Federrath, H.: Performance Comparison of Low-Latency Anonymisation Services from a User Perspective, pp. 233–253. Springer, Berlin (2007)

  47. Fabian, B., Goertz, F., Kunz, S., Müller, S., Nitzsche, M.: Privately Waiting—A Usability Analysis of the Tor Anonymity Network, vol. 58, pp. 63–75. Springer, Berlin (2010)

  48. MIT Kerberos Distribution. http://web.mit.edu/Kerberos/

  49. Josefsson, S.: Using Kerberos V5 over the transport layer security (TLS) protocol. IETF RFC 6251, May 2011

  50. Hartman, S., Zhu, L.: A generalized framework for Kerberos pre-authentication. IETF Internet Draft, draft-ietf-krb-wg-preauth-framework-17, June 2010

  51. Shimaoka, M., Hastings, N., Nielsen, R.: Memorandum for multi-domain public key infrastructure interoperability. IETF RFC 5217, July 2008

  52. Kent, S., Seo, K.: Security architecture for the Internet protocol. IETF RFC 4301, December 2005

  53. Zhu, L., Tung, B.: Public key cryptography for initial authentication in Kerberos (PKINIT). IETF RFC 4556, June 2006

Download references

Acknowledgments

This work has been partially supported by the Ministerio de Ciencia e Innovación, Spain, under Grant TIN2011-27543-C03 by the European Seventh Framework Program through the INTER-TRUST project (contract 317731) and by the “Seneca Foundation for Excellent Group in the Region 04552/GERM/06”. Also, we would like to thank the anonymous reviewers for their valuable comments and suggestions, which have significantly contributed to improve the quality of this paper.

Author information

Authors and Affiliations

  1. Department of Information and Communications Engineering (DIIC), Faculty of Computer Science, University of Murcia, 30100 , Espinardo, Murcia, Spain

    F. Pereñíguez-García, R. Marín-López, A. Ruiz-Martínez & A. F. Skarmeta-Gómez

  2. Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of Aegean, Samos, 83200, Greece

    G. Kambourakis & S. Gritzalis

Authors
  1. F. Pereñíguez-García
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Marín-López
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. G. Kambourakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. Ruiz-Martínez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. S. Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. A. F. Skarmeta-Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to F. Pereñíguez-García.

Appendix: Performance analysis detailed results

Appendix: Performance analysis detailed results

To simplify the performance analysis conducted in Sect. 5.2, numerical results are displayed through different plots. Nevertheless, for the sake of completeness, in the following, we provide the detailed measurements taken for the different metrics used as reference: message length, network time, message processing time and exchange time. Tables 34 and 5 contain results obtained in the single-domain scenario for standard Kerberos, PrivaKERB (level 2) and KAMU, respectively. Similarly, Tables 67 and 8 show values collected in the multi-domain scenario for these schemes.

Table 3 Results for standard Kerberos in single-domain scenario
Full size table
Table 4 Results for PrivaKERB (level 2) in single-domain scenario
Full size table
Table 5 Results for KAMU in single-domain scenario
Full size table
Table 6 Results for standard Kerberos in multi-domain scenario
Full size table
Table 7 Results for PrivaKERB (level 2) in multi-domain scenario
Full size table
Table 8 Results for KAMU in Multi-Domain Scenario
Full size table

Rights and permissions

Reprints and permissions

About this article

Cite this article

Pereñíguez-García, F., Marín-López, R., Kambourakis, G. et al. KAMU: providing advanced user privacy in Kerberos multi-domain scenarios. Int. J. Inf. Secur. 12, 505–525 (2013). https://doi.org/10.1007/s10207-013-0201-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0201-1

Keywords

Search

Navigation