Kerberos Authentication Scheme

ADB.

Kerberos is a network authentication protocol designed to provide a secure method of verifying the identity of clients and servers over an insecure network. The protocol utilizes symmetric key cryptography to secure communications between the parties involved in the authentication process.

Let's examine each statement to see if it's true or false:

A. Kerberos requires continuous availability of a central server. This statement is true. Kerberos relies on a centralized authentication server, known as the Key Distribution Center (KDC), to authenticate clients and servers. Without the KDC, authentication cannot take place, so it is necessary for the KDC to be continuously available for the duration of the authentication process.

B. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject's passwords. This statement is false. The Ticket-Granting Service (TGS) response does not contain the user's password. Instead, it contains a session key that is used to encrypt subsequent communications between the client and server. While dictionary and brute force attacks may be used to attempt to guess the session key, they cannot be used to directly reveal the user's password.

C. Kerberos builds on Asymmetric key cryptography and requires a trusted third party. This statement is false. Kerberos is based on symmetric key cryptography, not asymmetric key cryptography. The KDC acts as a trusted third party, but it does not use asymmetric key cryptography.

D. Kerberos requires the clocks of the involved hosts to be synchronized. This statement is true. Kerberos relies on timestamps to prevent replay attacks, where an attacker attempts to reuse a previously captured authentication ticket. To prevent replay attacks, the clocks of the KDC, client, and server must be synchronized within a certain tolerance to ensure that the timestamps in the authentication tickets are accurate.

In summary, statements A and D are true, while statements B and C are false.