CSC8419 Assignment 3: Kerberos Authentication Protocols
VerifiedAdded on  2025/05/04
|15
|2863
|287
AI Summary
Desklib offers solved assignments and past papers to help students succeed.
CSC8419-Assignment 3
Understanding the Kerberos System and Kerberos
Authentication Protocols
Student Name:
Student Id:
Understanding the Kerberos System and Kerberos
Authentication Protocols
Student Name:
Student Id:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Abstract.......................................................................................................................................................3
1. Introduction.........................................................................................................................................4
2. Kerberos system..................................................................................................................................5
3. Kerberos authentication protocol.........................................................................................................7
4. Kerberos framework overview............................................................................................................9
5. Kerberos working..............................................................................................................................11
6. Kerberos limitations..........................................................................................................................13
7. Conclusion.........................................................................................................................................14
References.................................................................................................................................................15
Table of figures
Figure 1: Kerberos Authentication................................................................................................................5
Figure 2: Kerberos authentication protocol...................................................................................................7
Figure 3: Kerberos framework.......................................................................................................................9
Figure 4: Working of the Kerberos system..................................................................................................11
Abstract.......................................................................................................................................................3
1. Introduction.........................................................................................................................................4
2. Kerberos system..................................................................................................................................5
3. Kerberos authentication protocol.........................................................................................................7
4. Kerberos framework overview............................................................................................................9
5. Kerberos working..............................................................................................................................11
6. Kerberos limitations..........................................................................................................................13
7. Conclusion.........................................................................................................................................14
References.................................................................................................................................................15
Table of figures
Figure 1: Kerberos Authentication................................................................................................................5
Figure 2: Kerberos authentication protocol...................................................................................................7
Figure 3: Kerberos framework.......................................................................................................................9
Figure 4: Working of the Kerberos system..................................................................................................11
Abstract
Kerberos is an authentication protocol, used widely in the networking system. Kerberos word has
a Greek origin, which means a three-headed dog, in the networking system; these three heads
represent server, client and KDC, which is a key distribution centre. The functioning of KDC is
very much important, as it helps in the generation of a key, which is being shared between the
two parties. Looking upon this, the information or the message which is being encrypted can be
decrypted. This helps in transferring the data over the untrusted network to the trusted client. It
uses cryptography technique along with password protection but majorly on cryptography as a
password can be easily guessed or can be seen by eavesdropping. Kerberos system and Kerberos
authentication protocol are very much demanding. Microsoft has even set Kerberos as a default
authentication system in windows. Despite being so useful, there is some limitation which makes
it sometimes less reliable. Data encryption standard is used by Kerberos for the ciphering of the
messages and information. Initially, it was developed as a small scale project, and now it has
developed many versions and is used at a much larger organization, which includes name like
Microsoft and apple. Kerberos work on the ticket generation which allows sharing information to
the trusted user over an untrusted network. This report will mainly focus on understanding the
Kerberos system and the Kerberos authentication protocol. It is also noted that with the use of
the Kerberos system, security in transferring the messages have been increased by a much larger
rate.
Kerberos is an authentication protocol, used widely in the networking system. Kerberos word has
a Greek origin, which means a three-headed dog, in the networking system; these three heads
represent server, client and KDC, which is a key distribution centre. The functioning of KDC is
very much important, as it helps in the generation of a key, which is being shared between the
two parties. Looking upon this, the information or the message which is being encrypted can be
decrypted. This helps in transferring the data over the untrusted network to the trusted client. It
uses cryptography technique along with password protection but majorly on cryptography as a
password can be easily guessed or can be seen by eavesdropping. Kerberos system and Kerberos
authentication protocol are very much demanding. Microsoft has even set Kerberos as a default
authentication system in windows. Despite being so useful, there is some limitation which makes
it sometimes less reliable. Data encryption standard is used by Kerberos for the ciphering of the
messages and information. Initially, it was developed as a small scale project, and now it has
developed many versions and is used at a much larger organization, which includes name like
Microsoft and apple. Kerberos work on the ticket generation which allows sharing information to
the trusted user over an untrusted network. This report will mainly focus on understanding the
Kerberos system and the Kerberos authentication protocol. It is also noted that with the use of
the Kerberos system, security in transferring the messages have been increased by a much larger
rate.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1. Introduction
Kerberos is seen as a tool which helps organization ranging from small to large in protecting
their data while transferring files. Kerberos have been in use, since the 1980s. It is an
authentication mechanism used for improving and maintains network security. This network
security is maintained in business as well as the communication industry. These industries are
widespread and require a strong authentication protocol. If the authentication protocol is not
good, then it will cause a huge blunder in the security and data of the company will not be
immune to hackers. It is seen that combining or mixing of authentication system with different
types of encryption technology can help the organization at a huge level. This will help in the
networking sector and as well as in making the profit. This saves the organization from cyber-
attacks and hackers. Encryption technique follows basic logic of, encrypting and decrypting. In
this, the customer or the client has a key which helps in decoding the code given to him by the
company. Three steps are followed in this, which first includes the encryption part, where the
data is encrypted in a language which is known only to the client and the provider. This helps in
saving or making the data opaque in front of hackers. After the encryption part, a certain key is
provided to the client or the customer, which help him in decoding the encryption data, which is
send through some different networks. After the data or the information is reached to the client
than the decryption parts followed. In this, the client takes out the useful data with the help of the
key provided to him by the provider.
The key generation method is used and preferred over the password based protection. Password-
based authentication or protection is not stable and is not reliable. For a large organization,
password-based authentication cannot be used, as it can cause severe damage to the company if
the password is guessed or leaked, and minor and sensitive information can be used. In Kerberos,
it is seen that it does not only work on the feature of the cryptographic technique, but it provides
double protection by marinating a mixed layer of cryptographic technique and password based
authentication. This makes Kerberos, one of the powerful authentication tool in the network
community. Many protocols have come and gone, which helps with the preventive measures for
communication or networking in the computing system. But, Kerberos has withstood its position
Kerberos is seen as a tool which helps organization ranging from small to large in protecting
their data while transferring files. Kerberos have been in use, since the 1980s. It is an
authentication mechanism used for improving and maintains network security. This network
security is maintained in business as well as the communication industry. These industries are
widespread and require a strong authentication protocol. If the authentication protocol is not
good, then it will cause a huge blunder in the security and data of the company will not be
immune to hackers. It is seen that combining or mixing of authentication system with different
types of encryption technology can help the organization at a huge level. This will help in the
networking sector and as well as in making the profit. This saves the organization from cyber-
attacks and hackers. Encryption technique follows basic logic of, encrypting and decrypting. In
this, the customer or the client has a key which helps in decoding the code given to him by the
company. Three steps are followed in this, which first includes the encryption part, where the
data is encrypted in a language which is known only to the client and the provider. This helps in
saving or making the data opaque in front of hackers. After the encryption part, a certain key is
provided to the client or the customer, which help him in decoding the encryption data, which is
send through some different networks. After the data or the information is reached to the client
than the decryption parts followed. In this, the client takes out the useful data with the help of the
key provided to him by the provider.
The key generation method is used and preferred over the password based protection. Password-
based authentication or protection is not stable and is not reliable. For a large organization,
password-based authentication cannot be used, as it can cause severe damage to the company if
the password is guessed or leaked, and minor and sensitive information can be used. In Kerberos,
it is seen that it does not only work on the feature of the cryptographic technique, but it provides
double protection by marinating a mixed layer of cryptographic technique and password based
authentication. This makes Kerberos, one of the powerful authentication tool in the network
community. Many protocols have come and gone, which helps with the preventive measures for
communication or networking in the computing system. But, Kerberos has withstood its position
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
and has developed enormously. This research mainly focuses on the use of the Kerberos system
and Kerberos authentication protocol to help in the networking system.
2. Kerberos system
Kerberos system compromises of authentication system. In the authentication system, service
requests are being used or send between the trusted hosts but with an untrusted network. This
calls for an authentication protocol or the Kerberos system. Kerberos is used almost on all
operating systems, such as Apple OS X, Microsoft Windows, Linux, and FreeBSD. Microsoft
has even included Kerberos as a default authentication system in windows. Not only the
operating system but some broadband service providers to use Kerberos for the safe
communication transfer system across untrusted networks.
Kerberos was first designed in MIT institute on a small scale to help with project Athena. But it
is huge advantage have made it come from a small project to globally operating system
technology (Ali Sabir & Ullah, 2019). Kerberos word has a Greek origin, which means three-
headed dog. In a networking system, these three head defines, server, client and KDC, which is
Key distribution center. These three head acts as a third-party service for authentication.
Kerberos helps with client-server communication, which is needed by the organization or an
individual to save their data or useful information from other people.
Users and clients only need to trust the Key provided to them by the server or the provider, as
that is the main backbone of the Kerberos system which is required to decode the information
sent to them by the organization. KDC works on authentication service and TGS, which is a
ticket-granting service. This TGS is used to prove or to identify the identity of the node only to
the particular person by secure manner. To avoid eavesdropping, as seen in password-based
protection in this, shared secret cryptography technique is used. This does not help only against
the eavesdropping but also helps in preventing the packets, which are travelling against an
unsecured network from being attacked by another entity or hacker.
Figure 1: Kerberos Authentication
(Source: Red Hat Customer Portal, 2019)
and Kerberos authentication protocol to help in the networking system.
2. Kerberos system
Kerberos system compromises of authentication system. In the authentication system, service
requests are being used or send between the trusted hosts but with an untrusted network. This
calls for an authentication protocol or the Kerberos system. Kerberos is used almost on all
operating systems, such as Apple OS X, Microsoft Windows, Linux, and FreeBSD. Microsoft
has even included Kerberos as a default authentication system in windows. Not only the
operating system but some broadband service providers to use Kerberos for the safe
communication transfer system across untrusted networks.
Kerberos was first designed in MIT institute on a small scale to help with project Athena. But it
is huge advantage have made it come from a small project to globally operating system
technology (Ali Sabir & Ullah, 2019). Kerberos word has a Greek origin, which means three-
headed dog. In a networking system, these three head defines, server, client and KDC, which is
Key distribution center. These three head acts as a third-party service for authentication.
Kerberos helps with client-server communication, which is needed by the organization or an
individual to save their data or useful information from other people.
Users and clients only need to trust the Key provided to them by the server or the provider, as
that is the main backbone of the Kerberos system which is required to decode the information
sent to them by the organization. KDC works on authentication service and TGS, which is a
ticket-granting service. This TGS is used to prove or to identify the identity of the node only to
the particular person by secure manner. To avoid eavesdropping, as seen in password-based
protection in this, shared secret cryptography technique is used. This does not help only against
the eavesdropping but also helps in preventing the packets, which are travelling against an
unsecured network from being attacked by another entity or hacker.
Figure 1: Kerberos Authentication
(Source: Red Hat Customer Portal, 2019)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3. Kerberos authentication protocol
Kerberos is a protocol which helps in the client-server networking management. To be more
specific, it is a type of authentication protocol used in many security systems. This is used to
ensure secure authentication and system security. This protocol is structured or based on the
symmetric cryptography of key used in the authentication (Ma & Ning, 2018). Cryptography is
more preferred than password-based authentication, as it can be easily guessed or the knowledge
about it can be easily taken by eavesdropping or guessing. Securing the computing networks and
all the connected system architectures related to communication and networking between the
organizations or individuals are becoming more and more important. To secure information and
knowledge, it is important to have a strong authentication system. Kerberos is sub-divided into
two different elements, the KDC, and the TGS. As stated earlier, these two, when combined,
create the backbone for the authentication protocol in the Kerberos system. The KDC is the key
which is generated by the provider for the client, used for decoding the authentication
information and the TGS stores the digitally developed ticket which is used to identify clients
and different servers. This means that if they are the true client or not or can be trusted or not.
It is seen that in the Kerberos authentication protocol, confidentiality and integrity of data is
maintained, which makes it highly trustable (Raziel Bhargav-Spantzel & Khosrav, 2018). Many
versions of Kerberos have been seen since the 1980s but, now despite being the use of version 4
at a high rate in many countries, version 5 is seen as a more standard version for the Kerberos
authentication protocol. This is the reason why Microsoft has trusted Kerberos with its windows
and uses Kerberos as a default authentication protocol in windows. The main part of Kerberos is
its framework, which will be discussed in the coming sections.
Figure 2: Kerberos authentication protocol
(Source: Al-Janabi & Rasheed, 2011)
Kerberos is a protocol which helps in the client-server networking management. To be more
specific, it is a type of authentication protocol used in many security systems. This is used to
ensure secure authentication and system security. This protocol is structured or based on the
symmetric cryptography of key used in the authentication (Ma & Ning, 2018). Cryptography is
more preferred than password-based authentication, as it can be easily guessed or the knowledge
about it can be easily taken by eavesdropping or guessing. Securing the computing networks and
all the connected system architectures related to communication and networking between the
organizations or individuals are becoming more and more important. To secure information and
knowledge, it is important to have a strong authentication system. Kerberos is sub-divided into
two different elements, the KDC, and the TGS. As stated earlier, these two, when combined,
create the backbone for the authentication protocol in the Kerberos system. The KDC is the key
which is generated by the provider for the client, used for decoding the authentication
information and the TGS stores the digitally developed ticket which is used to identify clients
and different servers. This means that if they are the true client or not or can be trusted or not.
It is seen that in the Kerberos authentication protocol, confidentiality and integrity of data is
maintained, which makes it highly trustable (Raziel Bhargav-Spantzel & Khosrav, 2018). Many
versions of Kerberos have been seen since the 1980s but, now despite being the use of version 4
at a high rate in many countries, version 5 is seen as a more standard version for the Kerberos
authentication protocol. This is the reason why Microsoft has trusted Kerberos with its windows
and uses Kerberos as a default authentication protocol in windows. The main part of Kerberos is
its framework, which will be discussed in the coming sections.
Figure 2: Kerberos authentication protocol
(Source: Al-Janabi & Rasheed, 2011)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4. Kerberos framework overview
The Kerberos framework consists of client, server, KDC, which is a key distribution centre, TGT
(ticket granting ticket) and TGS (ticket granting server). All these, when combined, constitute the
framework. Needham and Schroeder authentication protocol is the base on which Kerberos
protocol works. But Kerberos protocol is very much different from these protocol based on
authentication methods used. In Kerberos, it uses password-based protection along with
cryptography. According to (Ali & Alaa, 2018), the use of timestamps is noted in this. It is seen
that by using timestamps, messages numbers are reduced, which is needed for the basic
authentication. In this, the authentication server present uses Kerberos ticket for granting access
to the server. And after that, a session key is created, which depends on the client’s password. It
is seen, that the TGT (Ticket granting ticket) is used to send it to the TGS (ticket granting
server), and for this, the same authentication server is required and is used.
The client receives a TGS encrypted key along with the service ticket and time stamp, which is
further decrypted when it reaches the receiver. After this, the role of the requester is seen like
that; it sends the Ticket granting server the information and sends the encrypted key to the
provider to gain the device which is desired (Chattaraj Sarma & Das, 2018). If all these steps are
executed carefully than the server will accept the request send to him by the client and act
towards giving the desired outcome needed by the client. Forgiving the desired outcome, the
server performs three steps. The first is the decrypting of the key; second is to verify the time
stamp and lastly to communicate to the distribution center to acquire session keys. The acquired
sensor key is forwarded to the client or the requester, which decrypts the ticket.
This only happens when the time stamp and keys are verified and turns out to be valid;
otherwise, the client-server communication will be disconnected (Jan et al., 2019). Timestamp
main motive is to allow requests in the given time frame only. This is the reason why ticket
granting server ticket is made to be time stamped. Also, a ticket granting service helps in the
authentication without needing re-entry of the password.
Figure 3: Kerberos framework
(Source: Sciencedirect, 2019)
The Kerberos framework consists of client, server, KDC, which is a key distribution centre, TGT
(ticket granting ticket) and TGS (ticket granting server). All these, when combined, constitute the
framework. Needham and Schroeder authentication protocol is the base on which Kerberos
protocol works. But Kerberos protocol is very much different from these protocol based on
authentication methods used. In Kerberos, it uses password-based protection along with
cryptography. According to (Ali & Alaa, 2018), the use of timestamps is noted in this. It is seen
that by using timestamps, messages numbers are reduced, which is needed for the basic
authentication. In this, the authentication server present uses Kerberos ticket for granting access
to the server. And after that, a session key is created, which depends on the client’s password. It
is seen, that the TGT (Ticket granting ticket) is used to send it to the TGS (ticket granting
server), and for this, the same authentication server is required and is used.
The client receives a TGS encrypted key along with the service ticket and time stamp, which is
further decrypted when it reaches the receiver. After this, the role of the requester is seen like
that; it sends the Ticket granting server the information and sends the encrypted key to the
provider to gain the device which is desired (Chattaraj Sarma & Das, 2018). If all these steps are
executed carefully than the server will accept the request send to him by the client and act
towards giving the desired outcome needed by the client. Forgiving the desired outcome, the
server performs three steps. The first is the decrypting of the key; second is to verify the time
stamp and lastly to communicate to the distribution center to acquire session keys. The acquired
sensor key is forwarded to the client or the requester, which decrypts the ticket.
This only happens when the time stamp and keys are verified and turns out to be valid;
otherwise, the client-server communication will be disconnected (Jan et al., 2019). Timestamp
main motive is to allow requests in the given time frame only. This is the reason why ticket
granting server ticket is made to be time stamped. Also, a ticket granting service helps in the
authentication without needing re-entry of the password.
Figure 3: Kerberos framework
(Source: Sciencedirect, 2019)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5. Kerberos working
Kerberos encryption and Kerberos ticket are the main things to focus here, as when working of
these will be understood, then only the working of the Kerberos protocol system can be
understood.
The Kerberos encryption key can be stated as a password, but which cannot be guessed or
acquired through eavesdropping. Each client or the user has a certain key which is given to him
by the server and is used for the encryption and decryption of the useful information. This key is
known as the server key. Data encryption standard is used by Kerberos in the encryption. Des
property is seen that if the key which is used in the first place for encrypting the data is used
again for decrypting that particular data than the original text is seen (Aujla, 2018). If different
keys are used for decryption and encryption then the result will be hampered. And the result will
not be the same as the Kerberos message. Checksum and encryption together provide
confidentiality and integrity to the Kerberos messages which are encrypted.
It is seen that the client and server do not have the same encryption key in the initial stage. But in
fact, a new key is generated every time by the authentication server when the client proves
himself to the new verifier. Then only a new key is generated, which is shared among both the
parties securely. This new key, which is created by the authentication server, is known as the
session key and to distribute it among the client and server Kerberos ticket is needed. The
Kerberos ticket can be seen as an official document made by the authentication server (Brannon,
2019).
Along with server and session key, the ticket also has a random session key, which is used for
the authentication. Also, there is an expiration time, extending which the session key will no
longer be valid. This is how the key, ticket and the encryption in the Kerberos work.
Figure 4: Working of the Kerberos system
(Source: Author, 2019)
Kerberos encryption and Kerberos ticket are the main things to focus here, as when working of
these will be understood, then only the working of the Kerberos protocol system can be
understood.
The Kerberos encryption key can be stated as a password, but which cannot be guessed or
acquired through eavesdropping. Each client or the user has a certain key which is given to him
by the server and is used for the encryption and decryption of the useful information. This key is
known as the server key. Data encryption standard is used by Kerberos in the encryption. Des
property is seen that if the key which is used in the first place for encrypting the data is used
again for decrypting that particular data than the original text is seen (Aujla, 2018). If different
keys are used for decryption and encryption then the result will be hampered. And the result will
not be the same as the Kerberos message. Checksum and encryption together provide
confidentiality and integrity to the Kerberos messages which are encrypted.
It is seen that the client and server do not have the same encryption key in the initial stage. But in
fact, a new key is generated every time by the authentication server when the client proves
himself to the new verifier. Then only a new key is generated, which is shared among both the
parties securely. This new key, which is created by the authentication server, is known as the
session key and to distribute it among the client and server Kerberos ticket is needed. The
Kerberos ticket can be seen as an official document made by the authentication server (Brannon,
2019).
Along with server and session key, the ticket also has a random session key, which is used for
the authentication. Also, there is an expiration time, extending which the session key will no
longer be valid. This is how the key, ticket and the encryption in the Kerberos work.
Figure 4: Working of the Kerberos system
(Source: Author, 2019)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.