Kerberos V5: Vulnerabilities and perspectives

Kerberos V5 is one of the protocols that allow the user´s single sign authentication without sending the password. It´s a distributed authentication system that many organizations adopt to ensure the confidential exchange of sensitive data cross-domain. It´s characterized by two main functions: a string-to-key function to generate a basic key and derived keys function to generate three keys from a basic key. Both functions are vulnerable to brute force and dictionary attacks. Our purpose in this paper is to strengthen the security of those functions. We then start by describing the Kerberos V5 model of keys generation functions. We cite the various functions used to generate keys for reviewing and analyzing their features. This allows us to offer improved Kerberos V5 to strengthen its authentication mechanisms based on New Random Generator of a Safe Cryptographic Salt per session (RGSCS) to generation the basic keys and a behavior study to prove the impact of this regenerator on the output of this function and how our proposition declined the dictionary attacks by studying different cases. Finally, we will finish by a conclusion.