A Formal Analysis of Some Properties of Kerberos 5 Using MSR

We give three formalizations of the Kerberos 5 authentication protocol in the Multi-Set Rewriting (MSR)formalism. One is a high-level formalization containing just enough detail to prove authentication andconfidentiality properties of the protocol. A second formalization refines this by adding a variety of protocoloptions; we similarly refine proofs of properties in the first formalization to prove properties of the secondformalization. Our third formalization adds timestamps to the first formalization but has not been analyzedextensively. The various proofs make use of rank and corank functions, inspired by work of Schneider in CSP,and provide examples of reasoning about real-world protocols in MSR.We also note some potentially curiousprotocol behavior; given our positive results, this does not compromise the security of the protocol. CommentsUniversity of Pennsylvania Department of Computer and Information Science Technical Report No. MS-CIS-04-04 This technical report is available at ScholarlyCommons: http://repository.upenn.edu/cis_reports/892 A Formal Analysis of Some Properties of Kerberos 5 Using MSR ∗ University of Pennsylvania Department of Computer & Information Science Technical Report MS-CIS-04-04 Frederick Butler† Iliano Cervesato‡ Aaron D. Jaggard†¶ Andre Scedrov¶♦ Department of MathematicsUniversity of PennsylvaniaPhiladelphia, PA USA{fbutler@math,[email protected]}.upenn.eduITT Industries, Inc.Advanced Engineering & Sciences2560 Huntington AvenueAlexandria, VA [email protected] Department of MathematicsTulane UniversityNew Orleans, LA [email protected]