What are the drawbacks of Kerberos in information security?

Information SecuritySafe & SecurityData Structure

There are several drawbacks of Kerberos which are as follows −

  • Password guessing attacks − Password guessing attacks are not solved by Kerberos. If a user select a poor password, it is applicable for an attacker to successfully mount an offline dictionary attack by constantly attempting to decrypt messages acquired which are encrypted under a key changed from the user's password. The goal is on designing a user authentication protocol that is not affected to password guessing attacks. The main objective is to delete this password guessing attack.

  • KDC spoofing − This define an attack which based essentially on the capability to spoof KDC responses. It is keeping in mind the Kerberos protocol definition, spoofing KDC response should not be a security concern. Indeed, Kerberos has been create to bear an untrusted network.

    IP spoofing is something that appears on untrusted networks. Kerberos protocol implements mutual authentication. End user's and server's identities required to be proven. This provides protection against Man-in-the-Middle attacks.

  • Denial of service attacks − Denial of service attacks are not solved with Kerberos. There are places in these protocols where an intruder can avoid an application from participating in the proper authentication process. Detection and solution of such attacks (some of which can occur to be not-uncommon "normal" failure modes for the system) is generally best left to the human management and users.

    An attacker can mount a DoS attack by flooding the KDC with authentication requests, which can result in poor response time to legitimate requests and in worst cases can even crash the KDC. It can avoid a denial of service attacks, one solution can be to place the KDC behind a firewall and place redundant KDC slaves to service the requests and balance load.

  • Compromise of the KDC Server − KDCs supports an encrypted database of some principals/verifiers (i.e., users and servers) and their secret keys. If the security of the KDC is compromised, the security of the whole network is compromised even though the principal keys are saved in an encrypted form using the master key; the master key itself is saved in the KDC.

    An attacker can gain control of the whole network, can make or change any principal‘s credentials. It can avoid such attack, supports the security of the KDC and defined the access to KDC to limited personnel.

  • Compromise of a verifier/server − If the security of the server is compromised, some services on that server is compromised. The attacker will be capable to impersonate some service running on the server and decrypt some communication between the service and a client/principal. The security of the services running on a server is based upon the security of the server. Security measures of servers shall be proportional to cost of the services and resources saved on that server.

Updated on 09-Mar-2022 08:00:26