An authentication server namely Kerberos is grown as a portion of a project named Athena in MIT. The main reason for developing Kerberos was that when a user will be having problem in network in his computers, Kerberos can secure the files and folders of the user [3]. The operating system provided to the users is able to reinforce certain access control policies and can identify the users. However, recently this scenario has changed. There are three strategies that Kerberos is following; but in open environment the strategies are not working.
The report outlines a brief description about the Kerberos authentication server. It covers the problems that Kerberos were facing and the four major threats of Kerberos that are associated with authentication of users over the internet and how Kerberos can reduce it [5]. This report further discusses about the difference between version 4 and version 5 of Kerberos and recommendations of which organization should use this server. The description is given in the following paragraphs.
Kerberos was facing many problems as an authentication server. The problems are as follows:
i) Secret-Key Cryptography: Kerberos is developed to give strong authentication server for the users using a secret key cryptography [4]. However, this idea got back fired. As it does not need the utilization of any password and the handling depends on a trusted third party, the security became a problem for it.
ii) Validation: Designing and implementation is not enough for a security system. Validation is highly recommended [6]. Kerberos has serious flaws and they were not checked before its launch.
iii) Weak Protocol: Another major problem of Kerberos is its weak protocol. It is not as strong and resistant as it should have been [1]. Thus attacks are possible with such weak protocols.
iv) Secured Time Services: Machine clocks are not always synchronized. Therefore, authenticators do not depend on them much [2]. As Kerberos is made of time based protocols, it relies on the secured time services and it becomes a huge problem.
v) Cost: Kerberos is not at all cost effective and it incurs huge cost. Thus small organizations will not be able to install it.
vi) Login Spoofing: This is another major problem in Kerberos [6]. False login or spoofing in login is extremely common in Kerberos, which is dangerous for the authenticators.
The four basic threats that are associated with the authentication of user over internet are as follows:
a) Migration: The main threat is the migration of user’s passwords from a basic database to the Kerberos database of password, because no automatic system is present to undergo this job [4].
b) Partial Compatibility: It has compatibility but only partial with the PAM or Pluggable Authentication Modules system.
c) Security: This is another major threat for Kerberos. It considers all users as trusted ones and therefore provides the key to everyone [2].
d) All or Nothing: This is another threat for Kerberos. It is an all or nothing solution [3]. When Kerberos is utilized over the network, all decrypted passwords that are transferred to the non Kerberos server is at high risk.
The above threats however, can be reduced or solved. Kerberos can mitigate these threats with certain steps. They are as follows:
A) Migration: This threat can be overcome by installing an automatic system in it, to migrate the user’s passwords from the standard database to the Kerberos database of passwords [7].
B) Partial Compatibility: Kerberos should be compatible completely to avoid any kind of complexities within it.
C) Security: All users cannot be trusted. Special system should be installed to verify the authenticated users and thus Kerberos can mitigate security risks [5].
D) All or Nothing: Kerberos should install any security verification system that can reduce the risk of transferring passwords to the non Kerberos servers.
There are various differences between Kerberos version 4 and version 5. They are as follows:
i) Key Salt Algorithm: Kerberos v4 utilizes the name of the principal partially whereas Kerberos v5 utilizes the name of the principal completely [8].
ii) Network Address: Kerberos v4 comprises only some of the IP addresses and different addresses for the network protocol types [4]. Whereas, v5 comprises many IP addresses and different addresses for the network protocol types.
iii) Encoding: Kerberos v4 utilizes the receiver makes right system of encoding and v5 utilizes the ASN 1 system of encoding [7].
iv) Ticket Support: Kerberos v4 has a satisfactory capability for ticket support and ticket support of Kerberos v5 is well extended [1]. The facilities are postdating, forwarding and renewing the tickets.
v) Cross Realm Authentication Support: Kerberos v4 does not support such authentication. However, v5 has a reasonable support for such authentication.
Kerberos is an authentication server developed by MIT. It secures the files and folders of users when their systems have problem in network. However, Kerberos have advantages and disadvantages. It is recommended for all sorts of network oriented organizations [2]. Kerberos serves well in a closed server environment, where all the systems are operated and owned by any one organization. There are three approaches. First is to be dependable on every individual workstation to ensure the recognition the users and to rely on the server to enforce security policies. The second strategy is to require the authentication of the client systems to the servers and trust the client system about the identity of the users [5]. The final approach is to require the user to prove the user’s identity for each service. Kerberos is recommended for big companies because of the cost and complexities.
Conclusion
Therefore, from the above discussion it can be concluded that, Kerberos has many advantages and disadvantages. In spite of the limitations Kerberos is a highly secured system developed by MIT. The above report describes about the problems that Kerberos is facing for its protocols. The report also outlines the major threats of Kerberos and the ways to mitigate them. The report further describes the difference between version 4 and version 5 of Kerberos and the recommended organizations for it.
References
[1]C. Guivarch and S. Hallegatte, “2C or not 2C?”, Global Environmental Change, vol. 23, no. 1, pp. 179-192, 2013.
[2]K. Rao, Bharadwaj and N. Ram, “Application of Time Synchronization Process to Kerberos”, Procedia Computer Science, vol. 85, pp. 249-254, 2016.
[3]L. Thanh and N. H?i, “Developping Kerberos-role authentication protocol for resource management system.”, Journal of Computer Science and Cybernetics, vol. 20, no. 4, 2012.
[4]I. Downnard, “Public-key cryptography extensions into Kerberos”, IEEE Potentials, vol. 21, no. 5, pp. 30-34, 2002.
[5]K. Bashir and M. Khalid Khan, “Modification in Kerberos Assisted Authentication in Mobile Ad-Hoc Networks to Prevent Ticket Replay Attacks”, International Journal of Engineering and Technology, vol. 4, no. 3, pp. 307-310, 2012.
[6]J. Wang and Z. Kissel, Introduction to network security. .
[7]”Analysing the Combined Kerberos Timed Authentication Protocol and Frequent Key Renewal Using CSP and Rank Functions”, KSII Transactions on Internet and Information Systems, vol. 8, no. 12, 2014.
[8]J. Dastidar, “An Authentication Protocol based on Kerberos”, International Journal of Engineering Research and Applications, vol. 07, no. 07, pp. 70-74, 2017.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download