ログイン 新規登録
言語:

WEKO3
  • トップ
  • ランキング
To
lat lon distance
To

Field does not validate



インデックスリンク

インデックスツリー

メールアドレスを入力してください。

WEKO

One fine body…

WEKO

One fine body…

アイテム

  1. 論文誌(トランザクション)
  2. デジタルプラクティス(TDP)
  3. Vol.6
  4. No.1

Detection of the Silver Ticket for Seamless Single Sign-On Focusing on a Ticket Lifetime

https://ipsj.ixsq.nii.ac.jp/records/242317
https://ipsj.ixsq.nii.ac.jp/records/242317
26282ab8-9315-404a-ac9c-cbf1e87ca2b6
名前 / ファイル ライセンス アクション
IPSJ-TDP0601009.pdf IPSJ-TDP0601009.pdf (2.1 MB)
Copyright (c) 2025 by the Information Processing Society of Japan
オープンアクセス
Item type Trans(1)
公開日 2025-01-15
タイトル
タイトル Detection of the Silver Ticket for Seamless Single Sign-On Focusing on a Ticket Lifetime
タイトル
言語 en
タイトル Detection of the Silver Ticket for Seamless Single Sign-On Focusing on a Ticket Lifetime
言語
言語 eng
キーワード
主題Scheme Other
主題 [一般投稿論文] azure hybrid, seamless single sign-on, the silver ticket
資源タイプ
資源タイプ識別子 http://purl.org/coar/resource_type/c_6501
資源タイプ journal article
著者所属
Nagoya Institute of Technology
著者所属
Toyo University
著者所属
Toyo University
著者所属
Nagoya Institute of Technology
著者所属(英)
en
Nagoya Institute of Technology
著者所属(英)
en
Toyo University
著者所属(英)
en
Toyo University
著者所属(英)
en
Nagoya Institute of Technology
著者名 Wataru, Matsuda

× Wataru, Matsuda

Wataru, Matsuda
Search repository
Mariko, Fujimoto

× Mariko, Fujimoto

Mariko, Fujimoto
Search repository
Takuho, Mitsunaga

× Takuho, Mitsunaga

Takuho, Mitsunaga
Search repository
Kenji, Watanabe

× Kenji, Watanabe

Kenji, Watanabe
Search repository
著者名(英) Wataru, Matsuda

× Wataru, Matsuda

en Wataru, Matsuda
Search repository
Mariko, Fujimoto

× Mariko, Fujimoto

en Mariko, Fujimoto
Search repository
Takuho, Mitsunaga

× Takuho, Mitsunaga

en Takuho, Mitsunaga
Search repository
Kenji, Watanabe

× Kenji, Watanabe

en Kenji, Watanabe
Search repository
論文抄録
内容記述タイプ Other
内容記述 Active Directory (AD) is widely used as an authentication server in many organizations. AD centrally manages users and computers and their authentications. Thus, it is very useful but also tends to be leveraged by attackers. Attacks leveraging ADs such as a Silver Ticket have been observed, but they are challenging to detect since they abuse specifications of Kerberos authentication, not vulnerabilities. Recently, some organizations have been migrating their AD environment to Azure Active Directory (Azure AD) and operating hybrid environments on-premise AD and Azure AD. In some forms of hybrid environments, seamless single sign-on, called SSSO can be an option; SSSO allows the on-premise AD Kerberos Ticket to be used for authentication to some Azure services as well. In such an environment, attackers can compromise the on-premise AD and abuse the Silver Ticket to spread the compromise to Azure services. Not only in a hybrid environment but also in an on-premise environment, detection of the Silver Ticket exploits is difficult. In this study, we especially focus on the behavior that the client computers always request the Service Ticket to the Domain Controller every time they access the Azure services if the Kerberos Ticket expiration time setting is reduced to 10 minutes (default value is 600 minutes.) Our study introduces a method to detect the abuse of the Silver Ticket in SSSO environments with high detection accuracy. We also introduce a detection method for malicious access to the on-premise Domain Controller with the Silver Ticket.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.33(2025) (online)
------------------------------
論文抄録(英)
内容記述タイプ Other
内容記述 Active Directory (AD) is widely used as an authentication server in many organizations. AD centrally manages users and computers and their authentications. Thus, it is very useful but also tends to be leveraged by attackers. Attacks leveraging ADs such as a Silver Ticket have been observed, but they are challenging to detect since they abuse specifications of Kerberos authentication, not vulnerabilities. Recently, some organizations have been migrating their AD environment to Azure Active Directory (Azure AD) and operating hybrid environments on-premise AD and Azure AD. In some forms of hybrid environments, seamless single sign-on, called SSSO can be an option; SSSO allows the on-premise AD Kerberos Ticket to be used for authentication to some Azure services as well. In such an environment, attackers can compromise the on-premise AD and abuse the Silver Ticket to spread the compromise to Azure services. Not only in a hybrid environment but also in an on-premise environment, detection of the Silver Ticket exploits is difficult. In this study, we especially focus on the behavior that the client computers always request the Service Ticket to the Domain Controller every time they access the Azure services if the Kerberos Ticket expiration time setting is reduced to 10 minutes (default value is 600 minutes.) Our study introduces a method to detect the abuse of the Silver Ticket in SSSO environments with high detection accuracy. We also introduce a detection method for malicious access to the on-premise Domain Controller with the Silver Ticket.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.33(2025) (online)
------------------------------
書誌レコードID
収録物識別子タイプ NCID
収録物識別子 AA12894091
書誌情報 情報処理学会論文誌デジタルプラクティス(TDP)

巻 6, 号 1, 発行日 2025-01-15
ISSN
収録物識別子タイプ ISSN
収録物識別子 2435-6484
出版者
言語 ja
出版者 情報処理学会
戻る
0
views
See details
Views

Versions

Ver.1 2025-01-19 07:21:11.532926
Show All versions

Share

Mendeley Twitter Facebook Print Addthis

Cite as

エクスポート

OAI-PMH
  • OAI-PMH JPCOAR
  • OAI-PMH DublinCore
  • OAI-PMH DDI
Other Formats
  • JSON
  • BIBTEX

Confirm

Powered by WEKO3

Powered by WEKO3