CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Vulnerability Assessment of Authentication Methods in a Large-Scale Computer System
KTH, School of Electrical Engineering and Computer Science (EECS).
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Sårbarhetsbedömning av autentiseringsmetoder i ett storskaligt datorsystem (Swedish)
Abstract [en]

Vulnerabilities exist in almost all software programs. Some software is more vulnerable than others. A method that can be used to mitigate the vulnerabilities is penetration testing. In this thesis, a penetration test was conducted on a large scale computer system provided by a company. The goal of the thesis was to see if vulnerabilities could be found, with a focus on the field of authentication. After conduction a thorough penetration test there were vulnerabilities found that threaten the confidentiality and integrity of the system. Authentication vulnerabilities were found by leaking password hashes and by performing pass-the-hash and pass-the-ticket exploits.

Abstract [sv]

Sårbarheter finns i nästan alla mjukvaruprogram. Vissa mer allvarliga än andra. En metod som kan användas för att minska risken att ett system blir utsatt för hackerattacker är att utföra så kallade penetrationstest. I den här uppsatsen så presenteras ett sätt att utföra penetrationstest såväl som resultatet av ett penetrationstest som har utförts hos ett företag. Målet var att hitta om det finns sårbarheter i systemet, först och främst inom autentisering. I systemet hittades ett par sårbarheter som hotar konfidentialiteten och integriteten i systemet. Brister i autentisering hittades genom att läcka lösenordshashar och genom att utföra pass-the-hash och pass-the-ticket-exploateringar.

Place, publisher, year, edition, pages
2019. , p. 54
Series
TRITA-EECS-EX ; 2019:504
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-261594OAI: oai:DiVA.org:kth-261594DiVA, id: diva2:1358687
Supervisors
Examiners
Available from: 2019-10-08 Created: 2019-10-08 Last updated: 2019-10-08Bibliographically approved

Open Access in DiVA

fulltext(1849 kB)5 downloads
File information
File name FULLTEXT01.pdfFile size 1849 kBChecksum SHA-512
325f0cd154bea37d90f25bfaff3ff16ae2052ecae250168ec466bf3205b9ea1b03bf2f4ffcbdb1e700b93a2114e58f91f749a0188c215a0aefc1aa269c959b80
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 5 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 49 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf