Página 1 dos resultados de 32 itens digitais encontrados em 0.001 segundos

Typhon: um serviço de autenticação e autorização tolerante a intrusões

Sousa, João Catarino de
Fonte: Universidade de Lisboa Publicador: Universidade de Lisboa
Tipo: Dissertação de Mestrado
Publicado em //2010 POR
Relevância na Pesquisa
28.45%
Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), Universidade de Lisboa, Faculdade de Ciências, 2010; A norma Kerberos v5 especifica como é que clientes e serviços de um sistema distribuído podem autenticar-se mutuamente usando um serviço de autenticação centralizado. Se este serviço falhar, por paragem ou de forma arbitrária (e.g., bug de software, problema de hardware, intrusão), os clientes e serviços que dependem dele deixam de poder autenticar-se. Este trabalho apresenta um serviço de autenticação e autorização que respeita a especificação do Kerberos v5 tal como é descrita no RFC 4120, fazendo uso da técnica da replicação da máquina de estados e de componentes seguros para tornar o serviço mais resiliente. A técnica da replicação da máquina de estados utilizada oferece tolerância a faltas arbitrárias, enquanto os componentes seguros garantem que as chaves dos clientes e dos serviços são mantidas secretas mesmo na presença de intrusões. Neste trabalho foi usada a biblioteca BFT-SMaRt, para concretizar a técnica de replicação da máquina de estados. Este trabalho também foi dedicado a acrescentar uma nova funcionalidade na biblioteca, que consiste de um protocolo de transferência de estado. Os resultados de avaliação mostram que a latência e débito do serviço proposto são similares aos de uma concretização Kerberos bem conhecida...

Using kerberos for enterprise cloud authentication

Costa, Ronivon Candido
Fonte: Instituto Universitário de Lisboa Publicador: Instituto Universitário de Lisboa
Tipo: Dissertação de Mestrado
Publicado em //2013 POR
Relevância na Pesquisa
28.15%
Mestrado em Gestão de Sistemas de Informação; The Kerberos authentication protocol has a maturity of approximately thirty years, being widely used in IT systems in the corporate environment, mainly due to its adoption by Microsoft in its operating systems. Moreover, the practical application of the Cloud computing and its concepts is in its early days regarding its adoption by organizations, especially the large companies. This study aims to investigate the practical applications of the Kerberos protocol for authentication of enterprise applications deployed in the cloud, looking from both the f unctional and security perspective. To achieve this goal, it will be necessary to evaluate its applicability to the Cloud and assess whether it keeps the security characteristics found when using it only inside the corporate network.; O protocolo de autenticação Kerberos apresenta uma maturidade de aproximadamente trinta anos, sendo amplamente utilizado nos sistemas de TI no meio corporativo, principalmente devido à sua adopção pela Microsoft nos seus sistemas operativos. Por outro lado, a aplicação prática dos conceitos de computação na nuvem encontra-se nos seus primeiros passos no que diz respeito à adopção pelas empresas...

Network information security in a phase III Integrated Academic Information Management System (IAIMS).

Shea, S.; Sengupta, S.; Crosswell, A.; Clayton, P. D.
Fonte: American Medical Informatics Association Publicador: American Medical Informatics Association
Tipo: Artigo de Revista Científica
Publicado em //1992 EN
Relevância na Pesquisa
17.44%
The developing Integrated Academic Information System (IAIMS) at Columbia-Presbyterian Medical Center provides data sharing links between two separate corporate entities, namely Columbia University Medical School and The Presbyterian Hospital, using a network-based architecture. Multiple database servers with heterogeneous user authentication protocols are linked to this network. "One-stop information shopping" implies one log-on procedure per session, not separate log-on and log-off procedures for each server or application used during a session. These circumstances provide challenges at the policy and technical levels to data security at the network level and insuring smooth information access for end users of these network-based services. Five activities being conducted as part of our security project are described: (1) policy development; (2) an authentication server for the network; (3) Kerberos as a tool for providing mutual authentication, encryption, and time stamping of authentication messages; (4) a prototype interface using Kerberos services to authenticate users accessing a network database server; and (5) a Kerberized electronic signature.

Mecanismos de autenticação e autorização em redes sociais virtuais: o caso futweet

Andrade, Marcos Tadeu de
Fonte: Universidade Federal de Pernambuco Publicador: Universidade Federal de Pernambuco
Tipo: Dissertação
PT_BR
Relevância na Pesquisa
27.44%
A crescente penetração da internet entre os mais diversos setores e camadas da sociedade favoreceu a popularização de novas formas de interação entre as pessoas que a utilizam. Dentre estas novas formas de interação, podemos destacar as redes sociais virtuais, que podem agregar usuários com interesses em comum. Várias redes sociais virtuais disponibilizam APIs de acesso às suas funcionalidades, o que gera a necessidade da existência de mecanismos de autenticação e autorização para os usuários ou aplicações que utilizam tais APIs. Alguns mecanismos são sustentados por protocolos já conhecidos e validados tanto no âmbito acadêmico quanto no profissional, como é o caso do Kerberos, que pode ser utilizado no processo de Single Sign-On, em que o usuário é autenticado uma única vez e acessa vários serviços a partir dessa autenticação. Um protocolo que tem sido adotado pelas principais redes sociais é o OAuth, que enfatiza a segurança das credenciais do usuário. Nesse contexto, um problema existente é o de como integrar as diversas formas de autenticação existentes nas mais variadas redes sociais virtuais em uma única aplicação web. Com o objetivo de prover uma solução para esse problema...

Interoperabilidade com Kerberos + Samba + LDAP + Active Directory

Fonte: Universidade Federal de Lavras Publicador: Universidade Federal de Lavras
Tipo: Trabalho de Conclusão de Curso
PT_BR
Relevância na Pesquisa
27.44%

Kerberos com backend LDAP: análise e implantação

Fonte: Universidade Federal de Lavras Publicador: Universidade Federal de Lavras
Tipo: Trabalho de Conclusão de Curso
PT_BR
Relevância na Pesquisa
27.44%

Uso do protocolo de autenticação kerberos em redes linux

Fonte: Universidade Federal de Lavras Publicador: Universidade Federal de Lavras
Tipo: Trabalho de Conclusão de Curso
PT_BR
Relevância na Pesquisa
27.44%

Comparing Remote Data Transfer Rates of Compact Muon Solenoid Jobs with Xrootd and Lustre

Kaganas, Gary H
Fonte: FIU Digital Commons Publicador: FIU Digital Commons
Tipo: Artigo de Revista Científica Formato: application/pdf
Relevância na Pesquisa
27.44%
To explore the feasibility of processing Compact Muon Solenoid (CMS) analysis jobs across the wide area network, the FIU CMS Tier-3 center and the Florida CMS Tier-2 center designed a remote data access strategy. A Kerberized Lustre test bed was installed at the Tier-2 with the design to provide storage resources to private-facing worker nodes at the Tier-3. However, the Kerberos security layer is not capable of authenticating resources behind a private network. As a remedy, an xrootd server on a public-facing node at the Tier-3 was installed to export the file system to the private-facing worker nodes. We report the performance of CMS analysis jobs processed by the Tier-3 worker nodes accessing data from a Kerberized Lustre file. The processing performance of this configuration is benchmarked against a direct connection to the Lustre file system, and separately, where the xrootd server is near the Lustre file system.

Providing Access to Terabytes of Earth Observation Data in an International Organization - Infrastructure and Services

HASENOHR Paul; BURGER Armin
Fonte: OSGeo & GISSA Publicador: OSGeo & GISSA
Tipo: Contributions to Conferences Formato: CD-ROM
ENG
Relevância na Pesquisa
16.77%
The Joint Research Centre (JRC) of the European Commission stores over 60 TB of low, medium, high and very high resolution satellite imagery in an heterogeneous manner. The scientific units within the JRC are the users of these data. Often they are also managing them either by choice or by lack of an alternative solution. An internal project called Community Image Data portal (CID) has been set up to rationalize the situation. One of its core activities was to create a central repository with catalogue, processing and dissemination facilities favouring the use of open source technologies and is now to keep it running and expand it further. The user requirements have been collected by means of a survey last year and have been combined with the requirements from the IT department, from the management and finally from the CID team. We then decided on the approach to take in order to address these requirements and carry on with the implementation. Earth Observation data users mainly require to have a central catalogue referencing all datasets available at the JRC, as well as a central archive which should have a back-up facility, provide fast file based access to data and be reliable. Furthermore, data in this central archive should be available via geographic web services and web mapping while using flexible authentication and authorization schemes. Meanwhile the IT department places a strong emphasis on network security as the data archived are available from outside the JRC via web services and from inside via file protocols. The CID team wishes to favour the use of open source software...

Analyzing threads and processes in Windows CE

Burns, Titus R.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
16.77%
Windows CE 3.0, also known as Pocket PC for palm-sized devices, is becoming increasingly popular among professionals and corporate enterprises. It is estimated that by 2004 Windows CE will have a share of 40% of the marketplace for palm-sized devices. The documented vulnerabilities against a major competitor of WinCE, Palm, and the proliferation of palm-sized devices highlight the need for security for these small-scale systems. This thesis is part of a larger project to enhance the security in WinCE. This thesis analyzed the threads and processes in WinCE, and discusses authentication, public key infrastructure (PKI) and future technologies as each relates to WinCE. The research discovered that Talisker, the next generation of WinCE, supports Kerberos an authentication protocol, and it also supports PKI (a key management system) components. Results of this thesis show that security can be enhanced in WinCE without requiring a change to its code base.

Internetworking: integrating IP/ATM LAN/WAN security

Dennis, Ronald M.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
17.44%
Approved for public release; distribution is unlimited; Computer and network security is a complex problem that is not solely restricted to classified computer systems and networks. Accelerating trends in networking and the emphasis on open interoperable networks has left many unclassified systems vulnerable to a wide variety of attacks. Computer and network professionals must understand the scope of security, recognize the need for security even in unclassified systems, and then take appropriate action to protect their systems. Transmission of static passwords in plaintext over the Internet is one of the most widely publicized network vulnerabilities. Cue-time password mechanisms (such as S-Key) or other secure network access mechanisms (such as Kerberos) have been recommended to improve access security for computer systems connected to the Internet. This thesis examines many of the issues that must be addressed when assessing the need for computer and network security. This work provides the results of a site security survey for the unclassified IP/ATM LAN in the Systems Technology Lab (STL) at the Naval Postgraduate School (NPS). These results highlight new security vulnerabilities and strengths that occur when standard Internet Protocol (P) local-area networks (LANs) are internetworked with Asynchronous Transfer Mode (ATM) wide-area networks (WANs). Finally...

Migrating from Win NT 4.0 to Win NT 5.0 in the Marine corps Enterprise Network (MCEN)

Thiry, Douglas B.; Rowlette, Robert A.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
16.77%
Approved for public release; distribution is unlimited; The purpose of this study is to provide the United States Marine Corps (USMC) with an analysis of Windows NT 5.0 Network Operating System (NOS). This analysis will assist the Network Operations Center (NOC) in preparation for the eventual migration of Windows NT 5.0 into the Marine Corps Enterprise Network (MCEN). NT 5.0 offers some significant enhancements over earlier versions. Active Directory provides a unified platform to manage NOS resources by storing user information, network shares and policies. NT File System (NTFS) version 5 permits dynamic allocation of primary storage space to each user. NT 5.0 also improves network security by incorporating use of the Kerberos Version 5 protocol, providing integrated security for authentication and file encryption. A top-down migration strategy should be incorporated by the NOC. Particularly important is how the NOC builds the Domain Naming Service (DNS) conventions for the MCEN. This will require every subordinate unit to adhere to the naming convention of its chain of command. Migrating from Banyan Vines to Windows NT presents a significant change to the organization. An effective Change Management strategy can assist members of the organization in understanding the sense of loss and uncertainty that occur in times of transition...

OPNET performance simulation of Network Security Services

Carlson, Frederick R.
Fonte: Monterey, California ; Naval Postgraduate School Publicador: Monterey, California ; Naval Postgraduate School
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
17.44%
Approved for public release; distribution is unlimited; This thesis conducts a performance simulation of Asynchronous Transfer Mode (ATM) and Kerberos security solutions. Specifically the study will build a working modeling framework of the Kerberos security service and the CeilCase ATM encryption service. The model will be used to look at how these services will affect throughput by inserting waiting times in a series of queues in a small sized network. The algorithms for calculating cryptographic delay are then inserted in an OPNET model and examined against a control model for validation. These models assume a linear relationship between the cryptographic service time and the throughput. Further relationships between service time and throughput are suggested for use in other security systems. This thesis concludes that the modeling framework presented is viable for creating higher fidelity performance simulations of network security services. Further, this thesis suggests model validation directions for future research.

Authentication in SAAM routers

Szczepankiewicz, Peter J.; Velazquez, Luis E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
16.77%
Approved for public release, distribution unlimited.; Authentication is particularly important in the SAAM system because SAAM uses mobile codes, called resident agents. These resident agents are loaded onto SAAM routers dynamically, and execute on the destination SAAM router. Mobile code in the SAAM system requires an authentication scheme to prevent an outsider from sending a malicious resident agent. The primary focus of this research is to find the best-fit authentication scheme for the SAAM system. SAAM with authentication can be used as the technical network infrastructure to support Network Centric Warfare (NCW) as described in JV2OlO. The prototype in this thesis authenticates new nodes that join a SAAM network using Kerberos. Signaling data, called control traffic, is authenticated with a dynamic signature key that changes every two minutes. Once a SAAM node is authenticated, its identity is protected throughout the battle.

Diseño de un sistema de control de acceso en redes heterogéneas con privacidad basado en Kerberos

Pereñíguez García, Fernando
Fonte: Universidad de Murcia Publicador: Universidad de Murcia
Tipo: Tese de Doutorado Formato: application/pdf
SPA
Relevância na Pesquisa
16.77%
Esta tesis doctoral aborda el problema de la definición de movimientos rápidos sin interrupciones (seamless handoffs) en redes heterogéneas de próxima generación (NGNs) mediante definición de un proceso de distribución de claves seguro, que habilite un proceso de re-autenticación rápida a la vez que un acceso autenticado anónimo y que no se pueda trazar. Concretamente, el sistema de control de acceso desarrollado ofrece un conjunto de características que, hasta la fecha, no han confluido en una misma solución: (1) aplicable a las futuras redes NGN basadas en EAP; (2) reducción de la latencia introducida por el proceso de autenticación en entornos móviles, con independencia del tipo de handoff realizado por el usuario; (3) que el proceso cumpla fuertes requisitos de seguridad; (4) fácil despliegue en redes existentes; (5) compatibilidad con las actuales tecnologías estandarizadas; y (6) soporte de protección de privacidad del usuario. This PhD thesis deals with the problem of defining fast movements without interruptions (seamless handoffs) in the next generation of heterogeneous networks. This objective is achieved through a secure key distribution process, which enables a fast re-authentication process providing both user anonymity and untraceability. The developed access control system offers a set of features not covered so far by a single solution: (1) applicable for EAP-based NGNs; (2) reduction of the authentication latency in mobile environments irrespective of the type of handoff performed by the user; (3) provision of strong security properties; (4) easy deployment in current networks; (5) compatibility with current standardized technologies; and (6) user privacy support

Proporcionando acceso federado y SSO a servicios de internet mediante kerberos e infraestructuras AAA = Providing federated access and SSO to internet services by means of kerberos and AAA infrastructures

Pérez Méndez, Alejandro
Fonte: Universidade de Múrcia Publicador: Universidade de Múrcia
Tipo: Tese de Doutorado Formato: application/pdf
SPA; ENG
Relevância na Pesquisa
28.73%
A día de hoy las federaciones de identidad para servicios web y para el acceso a la red están bastante asentadas y aceptadas. Pero, ¿qué ocurre con otros tipos de servicio que no soportan estas tecnologías? El objetivo de esta tesis es diseñar soluciones que permitan el establecimiento de federaciones de identidad más allá del Web, evitando los problemas que presentan las soluciones disponibles en el estado del arte. Para ello se han analizado y seleccionado un conjunto de tecnologías asociadas al control de acceso que, una vez integradas, proporcionan la funcionalidad completa deseada: • Kerberos, para realizar el control de acceso a los servicios de aplicación, dadas las grandes cualidades que presenta (seguro, ligero, SSO, etc.), su amplio despliegue y su gran rango de servicios y sistemas operativos soportados. • Infraestructuras AAA, para el soporte de federación, por su amplio uso para proporcionar acceso federado a la red (p.ej. eduroam). • SAML, para el soporte de autorización, por su gran historial de éxito y amplio despliegue en federaciones basadas en Web. Por tanto, el objetivo general de esta tesis puede expresarse como: Analizar, diseñar y validar soluciones que permitan a los usuarios obtener credenciales Kerberos para un proveedor de servicios específico...

Orbits of Potential Pluto Satellites and Rings Between Charon and Hydra

Porter, Simon B.; Stern, S. Alan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 21/05/2015
Relevância na Pesquisa
16.77%
Pluto and its five known satellites form a complex dynamic system. Here we explore where additional satellites could exist exterior to Charon (the innermost moon) but interior of Hydra (the outermost). We also provide dynamical constraints for the masses of the known satellites. We show that there are significant stable regions interior of Styx and between Nix and Kerberos. In addition, we show that coorbitals of the known small satellites are stable, even at high inclinations, and discuss mass constraints on undiscovered satellites in such orbits.; Comment: (7 pages, 3 figures, submitted to ApJ Letters)

On the Origin of Pluto's Small Satellites by Resonant Transport

Cheng, W. H.; Peale, S. J.; Lee, Man Hoi
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 03/07/2014
Relevância na Pesquisa
16.77%
The orbits of Pluto's four small satellites (Styx, Nix, Kerberos, and Hydra) are nearly circular and coplanar with the orbit of the large satellite Charon, with orbital periods nearly in the ratios 3:1, 4:1, 5:1, and 6:1 with Charon's orbital period. These properties suggest that the small satellites were created during the same impact event that placed Charon in orbit and had been pushed to their current positions by being locked in mean-motion resonances with Charon as Charon's orbit was expanded by tidal interactions with Pluto. Using the Pluto-Charon tidal evolution models developed by Cheng et al. (2014), we show that stable capture and transport of a test particle in multiple resonances at the same mean-motion commensurability is possible at the 5:1, 6:1, and 7:1 commensurabilities, if Pluto's zonal harmonic $J_{2P} = 0$. However, the test particle has significant orbital eccentricity at the end of the tidal evolution of Pluto-Charon in almost all cases, and there are no stable captures and transports at the 3:1 and 4:1 commensurabilities. Furthermore, a non-zero hydrostatic value of $J_{2P}$ destroys the conditions necessary for multiple resonance migration. Simulations with finite but minimal masses of Nix and Hydra also fail to yield any survivors. We conclude that the placing of the small satellites at their current orbital positions by resonant transport is extremely unlikely.; Comment: 22 pages...

Kerberos Authentication in Wireless Sensor Networks

Siddique, Qasim
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 03/03/2012
Relevância na Pesquisa
28%
We proposed an authentication mechanism in the wireless sensor network. Sensor network uses the Kerberos authentication scheme for the authentication of bases station in the network. Kerberos provides a centralized authentication server whose function is to authenticate user by providing him the ticket to grant request to the base station. In this paper we have provided architecture for the authentication of base station in the wireless sensor network based on the Kerberos server authentication scheme.; Comment: 14 pages

Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password

Dua, Gagan; Gautam, Nitin; Sharma, Dharmendar; Arora, Ankit
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 12/04/2013
Relevância na Pesquisa
27.79%
Replay attack and password attacks are serious issues in the Kerberos authentication protocol. Many ideas have been proposed to prevent these attacks but they increase complexity of the total Kerberos environment. In this paper we present an improved method which prevents replay attacks and password attacks by using Triple password scheme. Three passwords are stored on Authentication Server and Authentication Server sends two passwords to Ticket Granting Server (one for Application Server) by encrypting with the secret key shared between Authentication server and Ticket Granting server. Similarly,Ticket Granting Server sends one password to Application Server by encrypting with the secret key shared between TGS and application server. Meanwhile, Service-Granting-Ticket is transferred to users by encrypting it with the password that TGS just received from AS. It helps to prevent Replay attack.; Comment: 12 pages, 2 Figures, 2 Tables