Question

For the following questions I would like you to discuss the particulars of each attack scenario and how Kerberos defends against it.

You will need to consider various elements of the attack scenarios. Some attacks can be implemented between multiple Kerberos components. For example, a MITM attack could occur between various components at various times. State your assumptions about how the attack is occurring, then describe how Kerberos defends against it. Good answers will describe both the particulars of the attack and the Kerberos defenses.

1.) A user gains access to a particular workstation and pretends to be another user from that workstation.

2.) An eavesdropper obtains the IP address of an authenticated workstation and reconfigures another workstation to impersonate the authenticated workstation.

3.) An eavesdropper captures messages and attempts a replay attack to access a server or cause damage.

4.) An eavesdropper obtains the IP address of a server and reconfigures another machine to impersonate the server and capture user requests.

5.) An attacker acts as the “man in the middle” between two computers (e.g. client and the server). The attacker spoofs each computer to “think” they have connected to the correct computer, when in fact the attacker is intercepting all transmissions. The attacker can then monitor or change any of the data before routing it on to the intended computer.

Answer 1

Description: Malicious users who wants to get access into the workstation He will pretend like the another user who is trustworthy Then the malicious users will easily get the access into the workstation Kerberos role: Provides trusted authentication Have trusted third party The password should be more secured High level of physical security is provided It relies on symmetric key encryption Reduces the usage of public key encryption Description: In this scenario the eavesdropper will note which workstation is less authenticated Then he tries to obtain the IP address of it Now he reconfigures himself as another workstation and then contact the workstation whse IP address is obtained Kerberos role: Checks whether the incoming client workstation is authenticated Relies on security policy The client process will themselves authenticate to the server Checks for the user identification This is done when each service is invoked Description: The eavesdropper will prevent himself as the another person and changes the message content This