A Survey of Kerberos V and Public Key Kerberos Security A Survey of Kerberos V and Public Key Kerberos Security Minkyu Kim mk13 cec wustl edu A project report written under the guidance of Prof Raj Jain Download Abstract Kerberos was initially developed at MIT as a part of Project Athena and in these days it is widely deployed single sign on protocol that is developed to authenticate clients to multiple networked services Furthermore Cross realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries Also Kerberos has continued to evolve as new functionalities are added to the basic protocol and one of well known these protocols is PKINIT First I review and analyze the structure of Kerberos recently proposed and the cross realm authentication model of Kerberos Also I discuss PKINT an extension version of Kerberos which modifies the basic protocol to allow public key authentication Although Kerberos has been proven its strengths so far it also has a number of limitations and some flaws I dedicate my efforts to an analysis of PKINIT and mainly focus on a number of vulnerability flaws and attacks lately discovered on Kerberos as well as PKINIT in this paper Lastly I introduce several possible solutions to enhance Kerberos Keywords Kerberos Attack on Kerberos PKINT Kerberos 5 Kerberos security Reply attack Password attack Guessing attack Cross Realm Authentication Table of Contents 1 Introduction 2 Kerberos V Basic 2 1 Principals 2 2 Message Exchange 2 3 Security Consideration 3 Kerberos Cross Realm Authentication 3 1 Issues in Kerberos Cross Realm Operation 4 Public Key Kerberos PKINIT 4 1 Public key encryption mode 4 2 Diffie Hellman mode 5 Attacks on Kerberos V 5 1 Hijacking a Network Connection on a Switched Network 5 1 1 Analysis of this Attack 5 1 2 Protecting your environment against this attack 5 2 Password Attack 5 2 1 Analysis of this Attack 5 2 2 Protecting your environment against this attack http www cse wustl edu jain cse571 09 ftp kerb5 index html 1 of 21 A Survey of Kerberos V and Public Key Kerberos Security 5 3 Reply Attack 5 3 1 Analysis of this Attack 5 3 2 Protecting your environment against this attack 6 Attacks on Public Key Kerberos 6 1 How to break Public Key Kerberos 6 2 Effects of this attack 6 3 Detecting and preventing this attack 7 Improving Kerberos for Cross Realm Collaborative Interactions 7 1 XKDCP protocol 5 1 1 XASP 5 1 2 XTGST 8 Summary 9 References List of Acronyms 1 Introduction Kerberos was initially designed at MIT as a part of Project Athena Neuman06 It has been successfully deployed as a single sign on protocol that is designed to authenticate clients to multiple different network services There have been two different versions of the protocol in widely used known as Kerberos 4 and 5 Kerberos 5 is the most recently proposed and is a trusted third party authentication mechanism designed for TCP IP networks It uses strong symmetric cryptography to enable secure authentication in an insecure network Currently it is available for all major operating systems e g Linux Microsoft Windows as well as Apple s OS X Furthermore Kerberos 5 has been improved as new functionalities are added to the basic protocol and one of these results is known as PKINIT Zhu05 Public Key Cryptography for Initial Authentication which modifies the basic protocol to allow public key authentication and it causes considerable complexity to the protocol Regarding the security issues of Kerberos it has been discussed in several papers which represents possible weak points including replay attacks password attack against Ticket Granting tickets or pre authentication data attacks against network time protocols Kerberos requires time synchronization and malicious client software Furthermore a guessing attack and particularly man in the middle attack in PKINIT have been discovered Before discussing flaws and weakness of Kerberos in Section 2 4 an analysis of the structure of Kerberos 5 intra and cross realm authentication as well as a detailed description of PKINIT will be reviewed In Section 5 7 I discuss the flaws and attacks on Kerberos In Section 5 I focus on the attacks on the basic protocol Kerberos 5 without PKINIT such as the password attack reply attack and guessing attack Firstly regarding the reply attack I reason that it is feasible by presenting attacks on both SMB and LDAPv3 An attacker will be able to access file shares and modify directory entries with the victim s credentials Some server implementations have actual weaknesses while others have default configurations that make the attack possible Secondly I show that a password attack is feasible thus allowing the attacker to discover weak user passwords Pre authentication data are used for this attack A replay attack is presented with the SMB protocol This allows an attacker to access file shares with the victim s credentials without actually knowing the password Lastly in many computer systems users are authenticated via passwords which they choose Unfortunately people tend to choose easy to remember passwords which are vulnerable to guessing attacks A malicious attacker can guess such passwords using the words in a machine readable dictionary I show that Kerberos is one of many existing authentication protocols which are vulnerable to so called off line guessing attacks and In Section 8 I will discuss some useful guidelines to be secure against guessing attack as well as other attacks Based on these guidelines I will discuss a possible solution to enhance Kerberos protocol so that it can resist the each of attacks http www cse wustl edu jain cse571 09 ftp kerb5 index html 2 of 21 A Survey of Kerberos V and Public Key Kerberos Security In Section 6 I discuss the attack on PKINIT particularly man in the middle attack which allows an attacker to impersonate Kerberos administrative principals Key Distribution Center KDC and end servers to a client therefore breaching the authentication guarantees of Kerberos It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client hence defeating confidentiality as well In Section 7 I will discuss about the possible enhancement for scalability and reliability issues in Kerberos cross realm operation followed by in Section 9 I provide some concluding remarks 2 Kerveros V Basic Networked computer systems provide a great number of shared