What component of Kerberos helps mitigate replay attacks?
A.
Key Distribution Center
B.
Authenticator
C.
Asymmetric cryptography
D.
Realms
Explanation:
If a Kerberos implementation is configured to use an authenticator, the user sends to a resource her identification information and a timestamp and sequence number encrypted with the session key they share. The resource decrypts this information and compares it with the identification data the KDC sent to it about this requesting user. If the data is the same, the resource believes it is communicating with the authentic user. The timestamp is used to help fight against replay attacks. The resource compares the sent timestamp with its own internal time, which helps determine if the ticket has been sniffed and copied by an attacker, and then submitted at a later time in hopes of impersonating the legitimate user and gaining unauthorized access. The resource checks the sequence number to make sure that this ticket has not been submitted previously. This is another countermeasure to protect against replay attacks.