Function Call Tracing Attacks to Kerberos 5

During the authentication process in the Kerberos network au- thentication system, all the information exchanged between the application client and the Kerberos authentication server is the argument of some function calls to Kerberos shared libraries. Since this information is exchanged in the clear, local attacks that intercept function calls may inspect and manipulate it before resuming their execution. This paper describes function call tracing attacks against the Kerberos authentication system in a time-sharing environment. They use the DynInst API library, developed to support the easy construction of tools for the control and manipulation of programs at run-time, and ad hoc interposition libraries. We illustrate the proposed attacks against two Kerberos client applications, namely kinit and kpasswd.