Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password

TL;DR

This paper proposes a novel triple password scheme in Kerberos to effectively prevent replay and password attacks without significantly increasing system complexity.

Contribution

It introduces a triple password method that enhances Kerberos security by preventing replay and password attacks with minimal added complexity.

Findings

Effective prevention of replay attacks demonstrated

Enhanced security against password attacks

Maintains system complexity at acceptable levels

Abstract

Replay attack and password attacks are serious issues in the Kerberos authentication protocol. Many ideas have been proposed to prevent these attacks but they increase complexity of the total Kerberos environment. In this paper we present an improved method which prevents replay attacks and password attacks by using Triple password scheme. Three passwords are stored on Authentication Server and Authentication Server sends two passwords to Ticket Granting Server (one for Application Server) by encrypting with the secret key shared between Authentication server and Ticket Granting server. Similarly,Ticket Granting Server sends one password to Application Server by encrypting with the secret key shared between TGS and application server. Meanwhile, Service-Granting-Ticket is transferred to users by encrypting it with the password that TGS just received from AS. It helps to prevent Replay attack.