WEKO3
アイテム
Detection of the Silver Ticket for Seamless Single Sign-On Focusing on a Ticket Lifetime
https://ipsj.ixsq.nii.ac.jp/records/242317
https://ipsj.ixsq.nii.ac.jp/records/24231726282ab8-9315-404a-ac9c-cbf1e87ca2b6
名前 / ファイル | ライセンス | アクション |
---|---|---|
![]() |
Copyright (c) 2025 by the Information Processing Society of Japan
|
|
オープンアクセス |
Item type | Trans(1) | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
公開日 | 2025-01-15 | |||||||||||||
タイトル | ||||||||||||||
タイトル | Detection of the Silver Ticket for Seamless Single Sign-On Focusing on a Ticket Lifetime | |||||||||||||
タイトル | ||||||||||||||
言語 | en | |||||||||||||
タイトル | Detection of the Silver Ticket for Seamless Single Sign-On Focusing on a Ticket Lifetime | |||||||||||||
言語 | ||||||||||||||
言語 | eng | |||||||||||||
キーワード | ||||||||||||||
主題Scheme | Other | |||||||||||||
主題 | [一般投稿論文] azure hybrid, seamless single sign-on, the silver ticket | |||||||||||||
資源タイプ | ||||||||||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
資源タイプ | journal article | |||||||||||||
著者所属 | ||||||||||||||
Nagoya Institute of Technology | ||||||||||||||
著者所属 | ||||||||||||||
Toyo University | ||||||||||||||
著者所属 | ||||||||||||||
Toyo University | ||||||||||||||
著者所属 | ||||||||||||||
Nagoya Institute of Technology | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Nagoya Institute of Technology | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Toyo University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Toyo University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Nagoya Institute of Technology | ||||||||||||||
著者名 |
Wataru, Matsuda
× Wataru, Matsuda
× Mariko, Fujimoto
× Takuho, Mitsunaga
× Kenji, Watanabe
|
|||||||||||||
著者名(英) |
Wataru, Matsuda
× Wataru, Matsuda
× Mariko, Fujimoto
× Takuho, Mitsunaga
× Kenji, Watanabe
|
|||||||||||||
論文抄録 | ||||||||||||||
内容記述タイプ | Other | |||||||||||||
内容記述 | Active Directory (AD) is widely used as an authentication server in many organizations. AD centrally manages users and computers and their authentications. Thus, it is very useful but also tends to be leveraged by attackers. Attacks leveraging ADs such as a Silver Ticket have been observed, but they are challenging to detect since they abuse specifications of Kerberos authentication, not vulnerabilities. Recently, some organizations have been migrating their AD environment to Azure Active Directory (Azure AD) and operating hybrid environments on-premise AD and Azure AD. In some forms of hybrid environments, seamless single sign-on, called SSSO can be an option; SSSO allows the on-premise AD Kerberos Ticket to be used for authentication to some Azure services as well. In such an environment, attackers can compromise the on-premise AD and abuse the Silver Ticket to spread the compromise to Azure services. Not only in a hybrid environment but also in an on-premise environment, detection of the Silver Ticket exploits is difficult. In this study, we especially focus on the behavior that the client computers always request the Service Ticket to the Domain Controller every time they access the Azure services if the Kerberos Ticket expiration time setting is reduced to 10 minutes (default value is 600 minutes.) Our study introduces a method to detect the abuse of the Silver Ticket in SSSO environments with high detection accuracy. We also introduce a detection method for malicious access to the on-premise Domain Controller with the Silver Ticket. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.33(2025) (online) ------------------------------ |
|||||||||||||
論文抄録(英) | ||||||||||||||
内容記述タイプ | Other | |||||||||||||
内容記述 | Active Directory (AD) is widely used as an authentication server in many organizations. AD centrally manages users and computers and their authentications. Thus, it is very useful but also tends to be leveraged by attackers. Attacks leveraging ADs such as a Silver Ticket have been observed, but they are challenging to detect since they abuse specifications of Kerberos authentication, not vulnerabilities. Recently, some organizations have been migrating their AD environment to Azure Active Directory (Azure AD) and operating hybrid environments on-premise AD and Azure AD. In some forms of hybrid environments, seamless single sign-on, called SSSO can be an option; SSSO allows the on-premise AD Kerberos Ticket to be used for authentication to some Azure services as well. In such an environment, attackers can compromise the on-premise AD and abuse the Silver Ticket to spread the compromise to Azure services. Not only in a hybrid environment but also in an on-premise environment, detection of the Silver Ticket exploits is difficult. In this study, we especially focus on the behavior that the client computers always request the Service Ticket to the Domain Controller every time they access the Azure services if the Kerberos Ticket expiration time setting is reduced to 10 minutes (default value is 600 minutes.) Our study introduces a method to detect the abuse of the Silver Ticket in SSSO environments with high detection accuracy. We also introduce a detection method for malicious access to the on-premise Domain Controller with the Silver Ticket. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.33(2025) (online) ------------------------------ |
|||||||||||||
書誌レコードID | ||||||||||||||
収録物識別子タイプ | NCID | |||||||||||||
収録物識別子 | AA12894091 | |||||||||||||
書誌情報 |
情報処理学会論文誌デジタルプラクティス(TDP) 巻 6, 号 1, 発行日 2025-01-15 |
|||||||||||||
ISSN | ||||||||||||||
収録物識別子タイプ | ISSN | |||||||||||||
収録物識別子 | 2435-6484 | |||||||||||||
出版者 | ||||||||||||||
言語 | ja | |||||||||||||
出版者 | 情報処理学会 |