Abstract: The introduced simple practical medications to the KDC database to overcome these attacks. In our modified version of Kerberos, the long-term secret key of the network principle will be independent of the principle's password. Instead, the KDC will save a profile for every instance in the realm that it manages. The type of the problem data contents may be audio, video, image, or simply text data. The KDC database may have mixed types of profiles. The network principle may be a client or a server. Every principle in the network is registered in the KDC database by the principle ID. Then the KDC maps this ID to the proper profile where the profile is named with the principle's ID that belongs to that profile. In order to generate the principle's secret key, we apply a hashing algorithm to the principle's profile and then encrypt the output digest. We control the lifetime of the secret key using the current KDC system time that is appended to the principle's profile every predefined period(this period is a design parameter, i.e. a site constant).By this way, we change the input to the hashing function, and consequently, the output of the hashing function and the secret key will change too. In our implementation, we use Triple-DES in CBC mode as an encryption algorithm, SHA-256 as a hashing algorithm, and Blum Shub as a random number algorithm. The introduced medications to the KDC database will enhance the performance of the protocol since the principle’s long-term secret-key will be independent of the user password. Thus, our modified Kerberos version is no longer vulnerable to password guessing attacks. We tested our implementation on a small LAN and we are looking forward to extend our implementation to cover cross-realm operations.

Keywords: Computer security, cryptographic protocols, authentication, multicast communication and random numbers.