Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Session Key 
Session Key Distribution Schemes
Needham-Schroeder Scheme
Denning-Sacco Attack on the Needham-Schroeder Scheme
Consequences of the Denning-Sacco Attack
Uses of Kerberos
Advantages of Kerberos Authentication 
Protocol Flow of Kerberos
Comparison between Kerberos and Needham-Schroeder Session key distribution scheme
Flaws of Kerberos and Needham-Schroeder Session Key Distribution Scheme 
Frequently Asked Questions
What is a Validity Check?
What are Kerberos?
What is an Attack Model?
What is an Adversarial Goal?
What is the full form of MAC?
Last Updated: Mar 27, 2024

What are Kerberos?

0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Cyber Crime in today's world is everyday news. It is crazy how widespread the impact it has on internet users is. Have you ever thought of how it can be prevented and what resources, algorithms, and protocols are available to prevent these attacks? 

Well, you're in for a treat because in this article, we will learn about what Kerberos are. Kerberos is a network security protocol used by tech giants like Google and Microsoft. It's literally in its name. Keep reading to learn how! Let's get started right away.

What is Kerberos

Session Key 

Session keys, also known as symmetric keys, are used for encryption and decryption that are generated randomly to ensure the privacy of data exchanged between the users. They are called session keys because they are used for only one session, after which they are discarded, and a new session key is generated. 

Now you may ask what session the key is being developed for. When data is exchanged between the users and the web servers, the interaction between them is called a session.  

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Session Key Distribution Schemes

In a session key distribution system, a session key is chosen and distributed online in an encrypted format at the request of the network users. Session key distribution schemes sometimes do not have mutual identification of users included in the session of the respective scheme. To understand why, let us look at the history of session key distribution schemes and the possible attacks against them. 

Needham-Schroeder Scheme

The Needham-Schroeder scheme (NS) is the first session key distribution scheme introduced in 1978. Let us look at the five flows of the symmetric protocol of the Needham-Schroeder scheme. Here, Let X and Y be two different parties.

  • Flow 1: X is granted a session key by a trusted authority on request to communicate with Y. It is assumed that here, Y is not aware of the request made by X.
  • Flow 2: The trusted authority gives X an encrypted session key.
  • Flow 3: Here, the encrypted session key is now sent to Y by X.
  • Flow 4 and Flow 5: These flows aim to make 'Y' believe that X possesses the session key. The process by which this aim is achieved is called key confirmation.

Note: In Flow 3, the session key is encrypted using the secret keys of both X and Y, distributed amongst them.

The five flows of the symmetric protocol of the Needham-Schroeder Scheme

The process of verification required to check if the decrypted data has the right format and has access to the correct information is called a validity check. In the NS Scheme, the message authentication codes are not used. 

Denning-Sacco Attack on the Needham-Schroeder Scheme

A replay attack was invented in 1981 by Denning and Sacco on the NS session key distribution scheme. Let us understand this attack with an example -

  • Let A record a session between the NS scheme between X and Y. Here, we will assume that A has obtained the session key. This attack model is known as a 'Known session key attack.
  • Now, A may initiate a new session key. Let us assume it to be 'k' of the Needham-Schroeder scheme with Y. 
  • Here, A can decrypt the known key by subtracting one from it and encrypting the final result.
  • The value of the ticket to Y is delivered to Y in 'k's' last flow session.
  • Y then decrypts and accepts this value.

Consequences of the Denning-Sacco Attack

After session k, between A and Y, Y may assume that there is a new session key known to X. But this session key is possessed by Y; therefore, X may or may not have access to this key. Here, the two ways in which Y is being fooled are as follows-

  • X is not aware of the key distributed in session 'k.'
  • Someone has access to this distributed key which is not meant to have this access. In our example, the third party is denoted as 'A.'


Let's talk about what are Kerberos? Kerberos is a network security protocol developed at MIT in the late '80s and early '90s for Project Athena. It is used to authenticate service requests between trusted hosts across the internet. To verify the user's identity, Kerberos uses secret-key cryptography and a trusted authority to authenticate the application. Kerberos is implemented in big tech giants like Microsoft, Unix, Apple, Linux, etc. 

Fun fact, Kerberos gets its name from Cerberus, a three-headed dog that guards the gates of hell in Greek mythology. Here, the three heads symbolize the Key Distribution Centre, the client, and the server. These components help Kerberos ensure that authorized users only access the network resources. It provides three As protection: Authentication, Authorization, and Accounting. 


Uses of Kerberos

Kerberos is found everywhere in this digital era. Some of its uses are listed below - 

  • After Microsoft rolled out its version of Kerberos in 2000, it became a go-to security protocol for websites. 
  • It is used in Active Directory, Posix authentication, and Samba.
  • Kerberos is implemented on secure systems as it offers authentication features and reliable auditing.
  • It is also used as an alternate authentication system.  
Uses of Kerberos

Advantages of Kerberos Authentication 

The following are some of the advantages of Kerberos Authentication -

  • Kerberos helps users keep track of their login details and enforce security policies. 
  • The timestamp, authentication duration, and data of each of the Kerberos tickets are controlled and managed by the administrator.
  • In Kerberos, the service systems can authenticate users and vice versa.
  • The user authentication in Kerberos is durable and reusable, meaning that the system needs to verify them at just one time.
  • Kerberos security protocol promises a strong and secure defense. All the secret keys here are encrypted.
Advantages of Kerberos

Protocol Flow of Kerberos

The following steps show the protocol flow of Kerberos -

  • When X sends a request for a session key to a trusted authority, the trusted authority generates a new session key with a specified time limit within which the session key will be considered valid. This information is first encrypted and then communicated to X.
  • X can use its secret key to decrypt the above-encrypted information, after which it will attain both the session key and the lifespan of this session key.
  • X can verify if the current time is within the key's lifespan and if the encrypted information contains X's random challenge. These measures prevent A from interrupting again.
  • Next, X will relay the 'ticket to Y' to Y by using a new session key and sending the final ciphertext to Y
  • When Y receives the 'ticket to Y' from X, it decrypts the received message to obtain both the session key and the lifespan of that session key. This new key is then used by Y to decrypt the random challenge and ensure that the session key encrypted within 'ticket to Y' is the same key that was used to encrypt the random challenge. 
  • The final step taken by Y is to encrypt the value 'time+1' using this new session key and send the resulting output to X. When X receives this message, it uses the session key to decrypt it and verifies that the result is 'time+1'. 

Comparison between Kerberos and Needham-Schroeder Session key distribution scheme

Comparison between Kerberos and Needham-Schroeder Session Key Distribution Scheme

The following points will help us to draw a comparison between Kerberos and the NS Session key distribution scheme -

  • Mutual Key confirmation in Kerberos is ensured in flows three and four, as discussed above. Here, X and Y try to convince each other that they know the value of the key. 
  • In the NS session key distribution scheme, information meant for Y is doubly encrypted, meaning that the ticket to Y is encrypted again using X's secret key. This, however, does not add any meaning to the scheme. This double encryption is not present in Kerberos.
  • Kerberos protects against the Denning-Sacco Attack on the NS scheme by verifying that the current time is well within the lifetime. In simpler words, this process cuts down the time for which the Denning-Sacco Attack can be performed.

Flaws of Kerberos and Needham-Schroeder Session Key Distribution Scheme 

The following are the features of Kerberos and the NS Session key distribution scheme that are not relevant in today's digital world -

  • Timestamps need reliable and synchronized clocks. This makes providing proofs for schemes using timestamps difficult as they are hard to analyze.
  • Key distribution is not considered a necessary component of the session key distribution scheme. This is because a key possessed in one session does not mean it will be possessed in the next session.
  • In Kerberos and the NSsession key distribution scheme, both secrecy and authenticity are provided by encryption. It is preferred that encryption should be used for delivering secrecy, and a Message Authentication Code should be used for providing authentication.
  • Even though Kerberos can prevent the Denning-Sacco Attack to some extent, the flow structure of the NS session key distribution scheme has a scope for improvement.  

Frequently Asked Questions

What is a Validity Check?

The process of verification required to check if the decrypted data has the suitable format and has access to the correct information is called a validity check.

What are Kerberos?

Kerberos are a network security protocol.

What is an Attack Model?

The first aspect of security in cryptography is the Attack Model. It tells us about the information that the attacker can access. 

What is an Adversarial Goal?

Adversarial Goal is the second aspect of security in cryptography. It tells us what the attacker is attempting to do and the motive behind the attacks. 

What is the full form of MAC?

MAC refers to the Message Authentication Code.


This article explored all the concepts related to ‘what are Kerberos’, the session key distribution scheme, and the attack on these schemes, and discussed the features and flaws of the Kerberos. If you want to dig deeper, here are some related articles 

You may refer to our Guided Path on Code Studios to enhance your skill set on DSACompetitive ProgrammingSystem Design, and many more. Check out essential interview questions, practice our available mock tests, and so much more!

Previous article
The Denning Sacco Attack on the NS Scheme
Next article
The Bellare Rogaway Scheme
Live masterclass