5

I'm studying Kerberos and other Key Exchange Protocols.

They always (or very often) require that the clocks are synchronized. To this purpose they periodically probe a time-server. This is said to be a critical operation because new kind of attacks arise. But which attacks?

e-sushi
  • 17,891
  • 12
  • 83
  • 229
Luigi2405
  • 167
  • 2
  • This may be rather Kerberos specific. If you don't get an answer here then please try a different Q/A site as well - one that specializes in Kerberos / Operating Systems that use Kerberos (Windows?) or instance. Statements such as "This is said..." usually require a link so that we can find out the context of the statement. – Maarten Bodewes Jul 03 '18 at 15:19
  • 1
    My question has been modified. Anyway it was on my teacher's powerpoint presentiaion that he showed during the lecture. He went deeplier but I don't remember, I just need some good reading – Luigi2405 Jul 04 '18 at 08:58

1 Answers1

4

Kerberos requires synchronised clocks mainly to ensure the messages are fresh and to thwart replay attacks. The messages include timestamps so that those with outdated timestamps (e.g. more than 5 minutes) will be thrown away (although there is still a time window in which replay is possible).

Many key exchange protocols don't use timestamps because clock synchronisation is often problematic and difficult. Nonce based based challenge response is used instead to prevent replay attacks.

Changyu Dong
  • 4,168
  • 14
  • 15
  • Thanks for answering but I didn't ask that. My question has been modified. Anyway I was interested at knowing why synchronization is problematic and difficult – Luigi2405 Jul 04 '18 at 09:00
  • Synchronization is difficult because it has to rely on a globally trusted source of time, and the communication between the client and the source server has to be reliable and authenticated. – Changyu Dong Jul 04 '18 at 09:29