A Survey of Kerberos V and Public-Key Kerberos Security

Kerberos was initially developed at MIT as a part of Project Athena and in these days it is widely deployed single sign-on protocol that is developed to authenticate clients to multiple networked services. Furthermore, Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. Also, Kerberos has continued to evolve as new functionalities are added to the basic protocol and one of well-known these protocols is PKINIT. First, I review and analyze the structure of Kerberos recently proposed and the cross-realm authentication model of Kerberos. Also, I discuss PKINT, an extension version of Kerberos, which modifies the basic protocol to allow public-key authentication. Although Kerberos has been proven its strengths so far, it also has a number of limitations and some flaws. I dedicate my efforts to an analysis of PKINIT and mainly focus on a number of vulnerability, flaws and attacks lately discovered on Kerberos as well as PKINIT in this paper. Lastly, I introduce several possible solutions to enhance Kerberos.