UNIT II

KEY MANAGEMENT AND AUTHENTICATION

Key Management and Distribution: Symmetric Key Distribution, Distribution of Public

Keys, X.509 Certificates, Public-Key Infrastructure. User Authentication: Remote User-
Authentication Principles, Remote User-Authentication Using Symmetric Encryption,
Kerberos Systems, Remote User Authentication Using Asymmetric Encryption.

KEY MANAGEMENT

One of the major roles of public-key encryption has been to address the
problem of key distribution. Two distinct aspects to use of public key
encryption are present.
The distribution of public keys.
Use of public-key encryption to distribute secret keys.

Symmetric Key Distribution Using Symmetric Encryption:

 In Symmetric key encryption, the two parties to an exchange must share
the same key, and that key must be protected from access by others.
Therefore, the term that refers to the means of delivering a key to two
parties who wish to exchange data, without allowing others to see the
key.
 For two parties A and B, key distribution can be achieved in a number of
ways, as follows:
1. A can select a key and physically deliver it to B.
2. A third party can select the key and physically deliver it to A
and B.
3. If A and B have previously and recently used a key, one
party can transmit the new key to the other, encrypted using
the old key.
 4. If A and B each has an encrypted connection to a third-party
C, C can deliver a key on the encrypted links to A and B.

 Physical delivery (1 & 2) is simplest - but only applicable when there is

personal contact between recipient and key issuer. This is fine for link
encryption where devices & keys occur in pairs, but does not scale as
number of parties who wish to communicate grows. 3 are mostly based
on 1 or 2 occurring first.
 A third party, whom all parties trust, can be used as a trusted
intermediary to mediate the establishment of secure communications
between them (4). Must trust intermediary not to abuse the knowledge of
all session keys. As numbers of parties grow, some variant of 4 is only
practical solution to the huge growth in number of keys potentially
needed.

Key Distribution Centre

The use of a key distribution centre is based on the use of a hierarchy

of keys. At a minimum, two levels of keys are used.
Communication between end systems is encrypted using a temporary
key, often referred to as a Session key.
Typically, the session key is used for the duration of a logical
connection andthen discarded
Master key is shared by the key distribution centre and an end system
or user and used to encrypt the session key.

A Key Distribution Scenario:

Let us assume that user A wishes to establish a logical connection with B and
requires a one-time session key to protect the data transmitted over the
connection. A has a master key, Ka, known only to itself and the KDC;
similarly, B shares the master key Kb with the KDC

1. An issue a request to the KDC for a session key to protect a logical

connection to B. The message includes the identity of A and B and a unique
identifier, N1, for this transaction, which we refer to as a nonce. The nonce may
be a timestamp, a counter, or a random number; the minimum requirement is
that it differs with each request. Also, to prevent masquerade, it should be
difficult for an opponent to guess the nonce. Thus, a random number is a good
choice for a nonce.

2. The KDC responds with a message encrypted using Ka Thus, A is the only
one who can successfully read the message, and A knows that it originated at
the KDC. The message includes two items intended for A:
The one-time session key, Ks, to be used for the session

The original request message, including the nonce, to enable A to match this
response with the appropriate request
Thus, A can verify that its original request was not altered before reception by
the KDC and, because of the nonce, that this is not a replay of some previous
request. In addition, the message includes two items intended for B:
The one-time session key, Ks to be used for the session

An identifier of A (e.g., its network address), IDA

These last two items are encrypted with Kb (the master key that the KDC shares
with B). They are to be sent to B to establish the connection and prove A's
identity.
3. A store the session key for use in the upcoming session and forwards to B the
information that originated at the KDC for B, namely, E (Kb, [Ks || IDA]).
Because this information is encrypted with Kb, it is protected from
eavesdropping. B now knows the session key (Ks), knows that the other party is
A (from IDA), and knows that the information originated at the KDC (because
it is encrypted using Kb). At this point, a session key has been securely
delivered to A and B, and they may begin their protected exchange.

However, two additional steps are desirable:

4. Using the newly minted session key for encryption, B sends a nonce, N2, to
A.

5. Also using Ks, A responds with f(N2), where f is a function that performs
some transformation on N2 (e.g., adding one).

Symmetric Key Distribution Using Asymmetric Encryption:

Simple Secret Key Distribution

1. A generates a public/private key pair {PUa, PRa} and transmits a message to
B consisting of PUa and an identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A, which is encrypted with
A’s public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A
can decrypt the message, only A and B will know the identity of Ks.
4. A discards PUa and PRa and B discards PUa.
  A and B can now securely communicate using conventional encryption
and the session key Ks. At the completion of the exchange, both A and B
discard Ks.
 Despite its simplicity, this is an attractive protocol. No keys exist before
the start of the communication and none exist after the completion of
communication. Thus, the risk of compromise of the keys is minimal.
 At the same time, the communication is secure from eavesdropping.

Secret Key Distribution With Confidentiality And Authentication:

 A and B have exchanged public keys by one of the schemes described
subsequently.
 Then the following steps occur.
1. A uses B’s public key to encrypt a message to B containing an
identifier of A(IDA) and a nonce (N1), which is used to identify
this transaction uniquely.
2. B sends a message to A encrypted with PUa and containing A’s
nonce (N1) as well as a new nonce generated by B (N2). Because
only B could have decrypted message (1), the presence of N1 in
message (2) assures A that the correspondent is B.
3. A returns N2, encrypted using B’s public key, to assure B that its
correspondent is A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to
B. Encryption of this message with B’s public key ensures that
 only B can read it; encryption with A’s private key ensures that
only A could have sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.
 The result is that this scheme ensures both confidentiality and
authentication in the exchange of a secret key.

A Hybrid Scheme:
 This scheme retains the use of a key distribution center (KDC) that
shares a secret master key with each user and distributes secret session
keys encrypted with the master key.
 A public-key scheme is used to distribute the master keys. The following
rationale is provided for using this three-level approach:
 Performance: There are many applications, especially
transaction-oriented applications, in which the session keys
change frequently. Distribution of session keys by public-key
encryption could degrade overall system performance because of
the relatively high computational load of public-key encryption
and decryption. With a three-level hierarchy, public-key
encryption is used only occasionally to update the master key
between a user and the KDC.
  Backward compatibility: The hybrid scheme is easily overlaid
on an existing KDC scheme with minimal disruption or software
changes. The addition of a public-key layer provides a secure,
efficient means of distributing master keys. This is an advantage
in a configuration in which a single KDC serves a widely
distributed set of users.

Public Key Distribution in Network Security

There are four methods of public key distribution: Public announcement of

Public Keys, Publicly Available Directory, Public Key Authority and Public Key
Certificates.

Public Announcement of Public Keys

In a public key cryptography, such as RSA, any user can send his/her key to
any other user or broadcast it to the group as shown in figure.

Figure: Public Announcement of Public Keys

 This type of approach is having a biggest drawback. Any user can pretend
to be a user A and send a public to another user or broadcast it. Until user A has
got this thing and alerts to other user, a pretender is able to read all encrypted
message of other users.

Publicly Available Directory

A dynamic publicly available directory is used to achieve the security.

Maintenance and distribution of public directory is controlled by a trust
entity. This technique is explained as follows and shown in figure.

Figure: Publicly Available Directory

 A trusted entity maintains a directory for each user as <name, public

key>
 Each user has to register a public key with the directory.
 A user can replace the existing key with a new one at any time for any
particular reason.
 It is more secure than public announcement but still having some
weakness. A hacker can obtain the private key of directory or temper
with the information kept by directory.
Public-Key Authority

It gives stronger security. As shown in figure a central authority keeps a

dynamic directory of public keys of all users. Additionally, each user knows
the public key of authority.

Figure: Publlic Key Authority

Step – 1: A sends a time stamped message to the public-key authority

containing a request for the current public key of B.

Step – 2: The authority responds with a message that is encrypted using the
authority’s private key, PRauth. Thus, A is able to decrypt the message using
the authority’s public key. Therefore, A is assured that the message
originated with the authority.

The message includes the following: B’s public key, PUb, which A can use
to encrypt messages destined for B. The original request used to enable A to
match this response with the corresponding earlier request and to verify that
the original request was not altered before reception by the authority. The
original timestamp given so A can determine that this is not an old message
from the authority containing a key other than B’s current public key.

Step – 3: A stores B’s public key and also uses it to encrypt a message to B
containing an identifier of A (IDA) and a nonce (N1), which is used to
identify this transaction uniquely.

Step – 4 & 5: B retrieves A’s public key from the authority in the same
manner as A retrieved B’s public key.

Step – 6: B sends a message to A encrypted with PUa and containing A’s

nonce (N1) as well as a new nonce generated by B (N2). Because only B
could have decrypted message (3), the presence of in message (6) assures A
that the correspondent is B.

Step – 7: A returns N2, which is encrypted using B’s public key, to assure B
that its correspondent is A.

Public-Key Certificates

 The directory of names and public keys maintained by the authority is

vulnerable to tampering.
 A certificate consists of a public key, an identifier of the key owner,
and the whole block signed by a trusted third party.
 Typically, the third party is a certificate authority, such as a
government agency or a financial institution that is trusted by the user
community.
 A user can present his or her public key to the authority in a secure
manner and obtain a certificate. The user can then publish the
certificate.
  Anyone needing this user’s public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature.
 A participant can also convey its key information to another by
transmitting its certificate. Other participants can verify that the
certificate was created by the authority.

Figure: Public Key certificates

We can place the following requirements on this scheme:

Step – 1: Any participant can read a certificate to determine the name and
public key of the certificate’s owner.

Step – 2: Any participant can verify that the certificate originated from the
certificate authority and is not counterfeit.

Step – 3: Only the certificate authority can create and update certificates.

Step – 4: Any participant can verify the certificate

X.509 Certificate:
  X.509 is a digital certificate that is built on top of a widely trusted
standard known as ITU or International Telecommunication Union X.509
standard, in which the format of PKI certificates is defined.
 X.509 digital certificate is a certificate-based authentication security
framework that can be used for providing secure transaction processing
and private information.
 These are primarily used for handling the security and identity in
computer networking and internet-based communications.

Working of X.509 Authentication Service Certificate:

 The core of the X.509 authentication service is the public key certificate
connected to each user.
 These user certificates are assumed to be produced by some trusted
certification authority and positioned in the directory by the user or the
certified authority.
 These directory servers are only used for providing an effortless
reachable location for all users so that they can acquire certificates. X.509
standard is built on an IDL known as ASN.1.
 With the help of Abstract Syntax Notation, the X.509 certificate format
uses an associated public and private key pair for encrypting and
decrypting a message.
 Once an X.509 certificate is provided to a user by the certified authority,
that certificate is attached to it like an identity card. The chances of
someone stealing it or losing it are less, unlike other unsecured
passwords. With the help of this analogy, it is easier to imagine how this
authentication works: the certificate is basically presented like an identity
at the resource that requires authentication.
Format of X.509 Authentication Service Certificate:

Generally, the certificate includes the elements given below:

  Version number: It defines the X.509 version that concerns the
certificate.
 Serial number: It is the unique number that the certified authority issues.
 Signature Algorithm Identifier: This is the algorithm that is used for
signing the certificate.
 Issuer name: Tells about the X.500 name of the certified authority which
signed and created the certificate.
 Period of Validity: It defines the period for which the certificate is valid.
 Subject Name: Tells about the name of the user to whom this certificate
has been issued.
 Subject’s public key information: It defines the subject’s public key
along with an identifier of the algorithm for which this key is supposed to
be used.
 Extension block: This field contains additional standard information.
 Signature: This field contains the hash code of all other fields which is
encrypted by the certified authority private key.

Applications of X.509 Authentication Service Certificate:

Many protocols depend on X.509 and it has many applications, some of them
are given below:

 Document signing and Digital signature

 Web server security with the help of Transport Layer Security
(TLS)/Secure Sockets Layer (SSL) certificates
 Email certificates
 Code signing
 Secure Shell Protocol (SSH) keys
 Digital Identities
PUBLIC-KEY INFRASTRUCTURE (PKI):

 Public-key infrastructure (PKI) is defined as the set of hardware,

software, people, policies, and procedures needed to create, manage,
store, distribute, and revoke digital certificates based on asymmetric
cryptography.
 The principal objective for developing a PKI is to enable secure,
convenient, and efficient acquisition of public keys.
 The Internet Engineering Task Force (IETF) Public Key Infrastructure
X.509 (PKIX) working group has been the driving force behind setting
up a formal (and generic) model based on X.509 that is suitable for
deploying a certificate-based architecture on the Internet.
 The below figure shows the interrelationship among the key elements of
the PKIX model.
 The elements are,
 End entity: A generic term used to denote end users, devices
(e.g., servers, routers), or any other entity that can be identified
in the subject field of a public-key certificate. End entities
typically consume and/or support PKI-related services.
 Certification authority (CA): The issuer of certificates and
(usually) certificate revocation lists (CRLs). It may also support
a variety of administrative functions, although these are often
delegated to one or more Registration Authorities.
 Registration authority (RA): An optional component that can
assume a number of administrative functions from the CA. The
RA is often associated with the end entity registration process
but can assist in a number of other areas as well.
  CRL issuer: An optional component that a CA can delegate to
publish CRLs.
 Repository: A generic term used to denote any method for
storing certificates and CRLs so that they can be retrieved by end
entities.

the key components and concepts associated with PKI:

1. Public and Private Keys:

o Public Key: A cryptographic key that is openly shared and used
for encryption or verification.
 o Private Key: A secret key known only to the owner and used for
decryption or signing.
2. Certificate Authority (CA):
o A trusted third party responsible for verifying the identity of
individuals, organizations, or devices and associating their public
keys with their identities.
o The CA issues digital certificates, which are electronic documents
binding a public key to an entity's identity.
3. Digital Certificates:
o Certificates contain information such as the public key, owner's
identity, expiration date, and the digital signature of the CA.
o They serve as a means to verify the authenticity of the public key
and the identity of the entity.
4. Registration Authority (RA):
o Works with the CA to verify the identity of individuals or entities
requesting digital certificates.
o Acts as a verifier of the information provided during the certificate
enrollment process.
5. Certificate Revocation List (CRL):
o A list maintained by the CA that includes the serial numbers of
certificates that have been revoked before their expiration date.
o Clients can check the CRL to ensure the validity of a certificate.
6. Public and Private Key Pair Generation:
o Users generate their public and private key pairs using
cryptographic algorithms.
o The public key is shared openly, while the private key is kept
secret.
7. Key Distribution Centers (KDC):
 o In some systems, KDCs are used for the secure distribution of
symmetric keys, especially in the context of symmetric key
cryptography. However, this is less common in the context of PKI.
8. X.509 Standard:
o X.509 is a widely used standard that defines the format for public
key certificates.
o It specifies the fields and encoding rules for digital certificates used
in PKI.
9. Secure Sockets Layer (SSL) / Transport Layer Security (TLS):
o Protocols that use PKI for securing communication over the
internet, often seen in web browsers when connecting to secure
websites (HTTPS).
10.Web of Trust (WoT):
o A concept often associated with PGP (Pretty Good Privacy), where
users establish trust in each other's public keys by signing them.

User authentication:

 User authentication is the process of verifying the identity of an

individual or system attempting to access a computer system or network.
 It is a critical aspect of cybersecurity, ensuring that only authorized users
gain access to protected resources.
 Authentication typically involves the presentation of credentials, which
could be something a user knows (such as a password), something they
have (such as a smart card), or something they are (such as biometric
data).

Here are some common methods of user authentication:

1. Password-Based Authentication:
 o Users provide a unique alphanumeric password associated with
their account.
o Weaknesses include susceptibility to password cracking, phishing,
and the challenge of remembering complex passwords.
2. Multi-Factor Authentication (MFA):
o Requires users to present two or more types of credentials from
different authentication factors.
o Factors include something you know (password), something you
have (smart card or mobile token), and something you are
(biometric data like fingerprint or iris scan).
3. Biometric Authentication:
o Involves the use of unique biological traits for identification, such
as fingerprints, retina scans, voice recognition, or facial
recognition.
o Enhances security by adding a physical aspect to authentication.
4. Smart Cards and Tokens:
o Users carry a physical device (smart card or token) that contains an
embedded chip or generates time-based codes.
o The device is used in conjunction with a PIN or password to
authenticate the user.
5. Single Sign-On (SSO):
o Allows a user to log in once and gain access to multiple systems
without being prompted to log in again for each system.
o Increases convenience but requires robust security measures to
protect against unauthorized access.
6. Certificate-Based Authentication:
o Involves the use of digital certificates issued by a certificate
authority (CA) to verify the identity of the user.
o Commonly used in Public Key Infrastructure (PKI) systems.
 7. Time-Based Authentication:
o Authentication is valid only for a specific time period.
o Temporary codes generated by authentication apps or sent via SMS
are examples.
8. Knowledge-Based Authentication (KBA):
o Users answer questions based on personal information, such as
date of birth or favorite color.
o Often used as an additional layer of security.
9. Behavioral Authentication:
o Analyzes patterns of behavior, such as typing speed or mouse
movements, to verify the user's identity.
o Provides continuous authentication based on user behavior.
10.Adaptive Authentication:
o Adjusts the level of authentication required based on contextual
factors, such as the user's location, device, or behavior.
o Enhances security while providing a smoother user experience.

Remote User-Authentication Principles:

 The process of verifying an identity claimed by or for a system entity.
An authentication process consists of two steps:
 Identification step: Presenting an identifier to the security
system. (Identifiers should be assigned carefully, because
authenticated identities are the basis for other security services,
such as access control service.)
 Verification step: Presenting or generating authentication
information that corroborates the binding between the entity and
the identifier.
 There are four general means of authenticating a user’s identity, which
can be used alone or in combination:
  Something the individual knows: Examples include a
password, a personal identification number (PIN), or answers to
a prearranged set of questions.
 Something the individual possesses: Examples include
cryptographic keys, electronic keycards, smart cards, and
physical keys. This type of authenticator is referred to as a token.
 Something the individual is (static biometrics): Examples
include recognition by fingerprint, retina, and face.
 Something the individual does (dynamic biometrics):
Examples include recognition by voice pattern, handwriting
characteristics, and typing rhythm.

Mutual Authentication:
 The protocols enable communicating parties to satisfy themselves
mutually about each other’s identity and to exchange session keys.
 Central to the problem of authenticated key exchange are two issues:
 Confidentiality: To prevent masquerade and to prevent
compromise of session keys, essential identification and session-
key information must be communicated in encrypted form. This
requires the prior existence of secret or public keys that can be
used for this purpose.
 Timeliness: It is important because of the threat of message
replays. Such replays, at worst, could allow an opponent to
compromise a session key or successfully impersonate another
party. At minimum, a successful replay can disrupt operations by
presenting parties with messages that appear genuine but are not.
 Some of the examples of replay attacks:
1. The simplest replay attack is one in which the opponent simply
copies a message and replays it later.
 2. An opponent can replay a time stamped message within the valid
time window. If both the original and the replay arrive within
then time window, this incident can be logged.
3. As with example (2), an opponent can replay a time stamped
message within the valid time window, but in addition, the
opponent suppresses the original message. Thus, the repetition
cannot be detected.
4. Another attack involves a backward replay without modification.
This is a replay back to the message sender. This attack is
possible if symmetric encryption is used and the sender cannot
easily recognize the difference between messages sent and
messages received on the basis of content.
 One approach to coping with replay attacks is to attach a sequence
number to each message used in an authentication exchange. A new
message is accepted only if its sequence number is in the proper order.
 The difficulty with this approach is that it requires each party to keep
track of the last sequence number for each claimant it has dealt with.
Because of this overhead, sequence numbers are generally not used for
authentication and key exchange.
 Instead, one of the following two general approaches is used:
 Timestamps: Party A accepts a message as fresh only if the
message contains a timestamp that, in A’s judgment, is close
enough to A’s knowledge of current time. This approach requires
that clocks among the various participants be synchronized.
 Challenge/response: Party A, expecting a fresh message from
B, first sends B a nonce (challenge) and requires that the
subsequent message (response) received from B contain the
correct nonce value.
One-Way Authentication:
 One application for which encryption is growing in popularity is
electronic mail (email).
 The very nature of electronic mail, and its chief benefit, is that it is not
necessary for the sender and receiver to be online at the same time.
 Instead, the e-mail message is forwarded to the receiver’s electronic
mailbox, where it is buffered until the receiver is available to read it.
 The “envelope” or header of the e-mail message must be in the clear, so
that the message can be handled by the store-and-forward e-mail
protocol, such as the Simple Mail Transfer Protocol (SMTP) or X.400.
 However, it is often desirable that the mail-handling protocol not require
access to the plaintext form of the message, because that would require
trusting the mail-handling mechanism.
 Accordingly, the e-mail message should be encrypted such that the mail-
handling system is not in possession of the decryption key.
Remote User-Authentication Using Symmetric Encryption:
Mutual Authentication:
 An important application area is that of mutual authentication
protocols. Such protocols enable communicating parties to satisfy
themselves mutually about each other’s identity and to exchange
session keys.
 To prevent masquerade and to prevent compromise of session keys,
essential identification and session-key information must be
communicated in encrypted form.
Suppress replay attack:
 The Denning protocol requires reliance on clocks that are synchronized
throughout the network.
  A risk involved is based on the fact that the distributed clocks can
become unsynchronized as a result of sabotage on or faults in the clocks
or the synchronization mechanism.
 The problem occurs when a sender’s clock is ahead of the intended
recipient’s clock
 An opponent can intercept a message from the sender and replay
it later when the timestamp in the message becomes current at
the recipient’s site
 Such attacks are referred to as suppress-replay attacks
lists the following examples of replay attacks:

 Simple replay: The opponent simply copies a message and replays

it later.
 Repetition that can be logged: An opponent can replay a
timestamped message within the valid time window.
 Repetition that cannot be detected: This situation could arise
because the original message could have been suppressed and thus
did not arrive at its destination; only the replay message arrives.
ONE-WAY AUTHENTICATION:

 One application for which encryption is growing in popularity is

electronic mail (e-mail).

 The very nature of electronic mail, and its chief benefit, is that it is
not necessary for the sender and receiver to be online at the same
time.

 the e-mail message is forwarded to the receiver’s electronic

mailbox, where it is buffered until the receiver is available to read
it.
 The “envelope” or header of the e-mail message must be in the
 clear, so that the message can be handled by the store-and-forward
e-mail protocol, such as the Simple Mail Transfer Protocol (SMTP)
or X.400.
 The e-mail message should be encrypted such that the mail-
handling system is not in possession of the decryption key.
 A second requirement is that of authentication. Typically, the
recipient wants some assurance that the message is from the alleged
sender.
KERBEROS SYSTEMS:

 Kerberos provides a centralized authentication server whose function is

to authenticate users to servers and servers to users.
 In Kerberos Authentication server and database is used for client
authentication.
 Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a
principal.

The main components of Kerberos are:

Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for
Ticket Granting Service.
Database:
The Authentication Server verifies the access rights of users in the database.
Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
Kerberos Overview:
Step-1:
User login and request services on the host. Thus user requests for ticket-
granting service.
Step-2:
Authentication Server verifies user’s access right using database and then gives
ticket-granting-ticket and session key. Results are encrypted using the Password
of the user.
Step-3:
The decryption of the message is done using the password then send the ticket
to Ticket Granting Server. The Ticket contains authenticators like user names
and network addresses.
Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator
verifies the request then creates the ticket for requesting services from the
Server.
Step-5:
The user sends the Ticket and Authenticator to the Server.
Step-6:
The server verifies the Ticket and authenticators then generate access to the
service. After this User can access the services.
Kerberos Version 4 :

Kerberos version 4 is an update of the Kerberos software that is a computer-

network authentication system. Kerberos version 4 is a web-based
authentication software which is used for authentication of users information
while logging into the system by DES technique for encryption.

Features of Kerberos V4:

 Authentication: Kerberos V4 provides authentication and encryption

services to network clients and servers.
 Encryption: Kerberos V4 uses a simple encryption algorithm that is less
secure than the encryption used in Kerberos V5.
 Ticket-granting service (TGS): Kerberos V4 uses a single TGS for all
network services, which means that the TGS has to handle a large number
of requests.
 No support for timestamps: Kerberos V4 does not support timestamps,
which makes it vulnerable to replay attacks.

Kerberos Version 5 :

Kerberos version 5 is a later version of the Kerberos software came after

Kerberos version 4, developed for enhancing security in the authentication.
Kerberos version 5 provides a single authentication service in a network which
is distributed over an enterprise.

Features of Kerberos V5:

 Authentication: Kerberos V5 provides authentication, encryption, and

authorization services to network clients and servers.
 Encryption: Kerberos V5 uses a more secure encryption algorithm than
Kerberos V4, which makes it less vulnerable to attacks.
  Ticket-granting service (TGS): Kerberos V5 uses multiple TGS servers to
handle requests for different network services. This improves scalability
and reduces the load on individual TGS servers.
 Support for timestamps: Kerberos V5 supports timestamps, which makes
it less vulnerable to replay attacks.
 Support for renewable tickets: Kerberos V5 supports renewable tickets,
which allows users to extend their authentication without having to re-
enter their passwords.

Difference between Kerberos Version 4 and Kerberos Version 5 :

S.No. Kerberos Version 4 Kerberos Version 5

Kerberos version 4 was launched in Kerberos version 5 was launched in
1.
late 1980s. 1993.
It provides ticket support with extra
2. It provides ticket support. facilities for forwarding, renewing
and postdating tickets.
Kerberos version 4 works on the
Kerberos version 5 works on the
3. Receiver-makes-Right encoding
ASN.1 encoding system.
system.
It does not support transitive cross- It supports transitive cross-realm
4.
realm authentication. authentication.
It uses any encryption techniques as
It uses Data Encryption Standard
5. the cipher text is tagged with an
technique for encryption.
encryption identifier.
In Kerberos version 4, the ticket In Kerberos version 5, the ticket
6. lifetime has to be specified in units lifetime is specified with the
for a lifetime of 5 minutes. freedom of arbitrary time.
Kerberos Limitations

 Each network service must be modified individually for use with

Kerberos
 It doesn’t work well in a timeshare environment
 Secured Kerberos Server
 Requires an always-on Kerberos server
 Stores all passwords are encrypted with a single key
 Assumes workstations are secure
 May result in cascading loss of trust.
 Scalability