Analyzing Preauthentication Timestamps To Crack

Kerberos V Passwords

Ahmed Alazzawe, Anis Alazzawe, Asad Nawaz and *Duminda Wijesekera

*ISE Department, CSIS and C4I,

George Mason University,

Fairfax, VA 22030.

Abstract. Platforms, including Microsoft Windows 2000/2003 Servers, utilize

Kerberos V for authentication services. Kerberos V introduced several improve-

ments over its predecessor including a preauthentication scheme that authenti-

cates KDC bound requests prior to issuing tickets. Timestamps are incorporated

within the preauthentication scheme causing a weakness. The time needed to ob-

tain a password is decreased by capturing and subsequently utilizing this times-

tamp. This paper examines the computational efﬁciency obtained by utilizing the

timestamp in attacking Kerberos V preauthentication data. We developed a pro-

gram that would parse the preauthentication data in an attempt to recover the

client’s password. It uses a well-known cryptographic library and one embodi-

ment thereof omits the last HMAC computation used in the veriﬁcation process.

Instead a timestamp is used to determine the success of the decryption process.

Our ﬁndings indicate that utilizing the timestamp saves considerable processing

time.

1 Introduction

As users of computing devices in securely networked environments, we are often obliv-

ious to the many interactions between numerous computing devices within the network

that assist us in accomplishing our tasks. One of the many transparently executed tasks

is the mapping and provision of services to each individual user. This seemingly simple

task requires quite a bit of sophistication. For example, a user must ﬁrst be authenticated

to a server or service. Sometimes mutual authentication is required where the server is

also authenticated to the user. Many protocols have been implemented to help accom-

plish this task. One such protocol is Kerberos. Kerberos provides a method whereby

a trusted third-party authentication service is utilized in verifying user identities [1].

As with the advent of any technology, there will always be ﬂaws and exploits to its

weaknesses. In an effort to secure a network and its contents against such ﬂaws and

weaknesses, one must understand the root of the problem. Unfortunately, this requires

an in-depth knowledge of the innerworkings of the authentication system. Hence, a

brief overview of the origins of Kerberos, its components, its deployment, and compar-

ison between released versions will be presented prior to a detailed discussion of the

weakness exhibited by a Kerberos-utilizing system.

Alazzawe A., Alazzawe A., Nawaz A. and Wijesekera D. (2006).

Analyzing Pre-authentication Timestamps To Crack Kerberos V Passwords.

In Proceedings of the 4th International Workshop on Security in Information Systems, pages 267-277

 SciTePress