Implementing Zero Trust Model for SSH Security with kerberos and OpenLDAP

Salwa Deta Mediana, lindawati lindawati, Mohammad Fadhli

Abstract


In order to remove trust presumptions towards the internal network, this study addresses the use of the Zero Trust Model in SSH (Secure Shell) security. The study approach is conducting tests by incorporating the Kerberos and OpenLDAP protocols into the SSH infrastructure. While OpenLDAP acts as a central directory for user management and permission access, Kerberos is utilized for single authentication and security resources like Kerberos tickets. As the server operating system for this investigation, Debian was used. Strong justification exists for securing SSH with Kerberos and OpenLDAP. SSH protocol assaults commonly target the standard port 22 (SSH), which is used for SSH. To ensure the security and integrity of the server system, the SSH port must be protected with Kerberos and OpenLDAP. SSH access is limited by Kerberos single authentication, which lowers the possibility of brute-force assaults and password theft. User administration and authorisation are facilitated by the integration of OpenLDAP. Implementing the Zero Trust strategy enables strong authentication and defends the system from insider threats. The system is protected from internal and external network assaults thanks to robust authentication, accurate authorisation, and isolating internal and external networks. An essential step in maintaining the security of the server system, data integrity, and information confidentiality is to secure port 22 and improve SSH with this integration. The research findings show that applying the Zero Trust model through this protocol integration greatly improves system security, resulting in better authentication and authorisation.

Full Text:

PDF

References


J. H. Ir Juanda No, K. Bandung, and J. Barat, “PENERAPAN KEAMANAN REMOTE SERVER MELALUI SSH DENGAN KOMBINASI KRIPTOGRAFI ASIMETRIS DAN AUTENTIKASI DUA LANGKAH Tohirin Program Studi Pascasarana Sistem Informasi, STIMK LIKMI,” Jurnal Teknologi Informasi, vol. 4, no. 1, 2020.

A. W. Wastumirad and M. I. Darmawan, “Implementasi Honeypot Menggunakan Dionaea Dan Kippo Sebagai Penunjang Keamanan Jaringan Komunikasi Komputer,” J Teknol, vol. 9, no. 1, pp. 80–91, Nov. 2021, doi: 10.31479/jtek.v9i1.119.

H. Mutaher and P. Kumar, “Security-enhanced SDN controller based kerberos authentication protocol,” in Proceedings of the Confluence 2021: 11th International Conference on Cloud Computing, Data Science and Engineering, Institute of Electrical and Electronics Engineers Inc., Jan. 2021, pp. 672–677. doi: 10.1109/Confluence51648.2021.9377044.

H. Li, Y. Niu, J. Yi, and H. Li, “Securing offline delivery services by using kerberos authentication,” IEEE Access, vol. 6, pp. 40735–40746, Jul. 2018, doi: 10.1109/ACCESS.2018.2856904.

Sichuan Institute of Electronics and Institute of Electrical and Electronics Engineers, 2018 International Conference on Electronics Technology (ICET) : May 23 -May 27,2018, Chengdu, China.

Y. Yang, H. Li, X. Cheng, X. Yang, and Y. Huo, “A High Security Signature Algorithm Based on Kerberos for REST-style Cloud Storage Service,” in 2020 11th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conference, UEMCON 2020, Institute of Electrical and Electronics Engineers Inc., Oct. 2020, pp. 0176–0182. doi: 10.1109/UEMCON51285.2020.9298140.

H. Arabnia, L. Deligiannidis, M. Q. Yang, American Council on Science and Education, IEEE Computer Society, and Institute of Electrical and Electronics Engineers., 2016 International Conference on Computational Science and Computational Intelligence : CSCI 2016 : proceedings : 15-17 December 2016, Las Vegas, Nevada, USA.

M. C. Rao, “A Fixed Network Transmission Based on Kerberos Authentication Protocol.” [Online]. Available: www.ijert.org

P. K. Shukla, G. S. Mishra, P. G. Shambharkar, P. Rusia, and V. Kapoor, “Implementation comparison of Kerberos passwords by RC-5 encryption type analysis with RC-4 encryption,” in ITNG 2009 - 6th International Conference on Information Technology: New Generations, 2009, pp. 1581–1582. doi: 10.1109/ITNG.2009.304.

Fangchun. Yang et al., Proceedings IC-BNMT : 2010 3rd IEEE International Conference on Broadband Network & Multimedia Technology : October 26-28, Beijing, China. IEEE Press, 2010.

Z. Wang and Y. Wang, “Research and design of campus network unified identity authentication system based on Kerberos,” in Advanced Materials Research, 2012, pp. 1086–1089. doi: 10.4028/www.scientific.net/AMR.546-547.1086.




DOI: https://doi.org/10.32520/stmsi.v12i3.3330

Article Metrics

Abstract view : 844 times
PDF - 222 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.