Difference Between Kerberos And SSL

SHARE

What Is Kerberos?

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It uses secrete-key cryptography and a trusted third party for authenticating client-server applications and verifying user’s identities.

Users, machines and services using Kerberos need only trust the Key Distribution Center (KDC), which runs as a single process and provides two services: an authentication service and a ticket granting service. Kerberos is built in to all major operating systems, including Microsoft windows, Apple OS X, FreeBSD and Linux.

What You Need To Know About Kerberos

  • Kerberos works on a private key encryption.
  • Kerberos depends on a reliable third party.
  • Kerberos is an open source software and offers free services.
  • In Kerberos, key cancellation is achieved by disabling any user on authentication server.
  • Kerberos is generally implemented in Microsoft products like Windows 2000, Windows XP and later windows.
  • Kerberos is best suited for WWW.
  • Password resides in user’s minds where they are usually not subjected to secrete attack.

What Is SSL?

SSL is an encryption-based internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication and data integrity in internet communications.

SSL is an acronym for Secure Sockets Layer which is the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing hackers from getting access and modifying any information transferred including potential personal details. The two systems can be a server and a client (shopping website and browser) or server to server (an application with personal identifiable information).

In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. SSL initiates an authentication process referred to as handshake between two communicating devices. SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.

What You Need To Know About SSL

  • SSL works on public encryption.
  •  SSL is asynchronous as it depends on the certificate.
  • SSL does not offer free service as it is patented.
  • In SSL, revocation server control records of bad certificate for key cancellation.
  • SSL is implemented in web browsing, messaging and other protocols like FTP.
  • SSL is most suited and effective for the networked environments.
  • Certificates sit on a user hard drive where they can be subjected to being hacked.

Also Read: Difference Between IPsec And SSL

Difference Between Kerberos And SSL In Tabular Form

AspectKerberosSSL
PurposeAuthentication and single sign-onSecure communication over a network
AuthenticationTicket-based authenticationCertificate-based authentication
Key ExchangeSession keys exchanged via KDCPublic-private key exchange during handshake
EncryptionTypically symmetric key encryptionAsymmetric key (public-private key) encryption
UsagePrimarily used for authentication within a networkUsed for securing data transmission over the internet
Typical PortPort 88 (TCP and UDP) for Kerberos protocolPort 443 (TCP) for HTTPS (SSL/TLS)
Key DistributionCentralized key distribution through KDCDecentralized key distribution through certificates
Ticket-based SystemUses tickets for authentication and session managementNo ticket-based system; relies on certificates for authentication
Session ManagementKerberos creates a session ticket for user sessionsSSL uses session IDs and session tickets for session management
Supported ApplicationsCommonly used in enterprise environments, especially with Windows systemsWidely used for securing web applications and online transactions
ImplementationIntegrated into various operating systems like Windows Active DirectoryImplemented as a protocol for securing communication in applications and services