Formal analysis of Kerberos 5
نویسندگان
چکیده
We report on the detailed verification of a substantial portion of the Kerberos 5 protocol specification. Because it targeted a deployed protocol rather than an academic abstraction, this multi-year effort led to the development of new analysis methods in order to manage the inherent complexity. This enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions. Our work also detected a number of innocuous but nonetheless unexpected behaviors, and it clearly described how vulnerable the cross-realm authentication support of Kerberos is to the compromise of remote administrative domains.
منابع مشابه
Formal Analysis of the Kerberos Authentication Protocol
FORMAL ANALYSIS OF THE KERBEROS AUTHENTICATION PROTOCOL Joe-Kai Tsay Andre Scedrov, Advisor The security of cryptographic protocols has traditionally been verified with respect to one of two mathematical models: One, known as the Dolev-Yao or symbolic model, abstracts cryptographic concepts into an algebra of symbolic messages. Methods based on the Dolev-Yao abstraction, which make use of simpl...
متن کاملBreaking and Fixing Public-Key Kerberos
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the s...
متن کاملProvable-Security Analysis of Authenticated Encryption in Kerberos∗
Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Many works have analyzed its security, identifying flaws and often suggesting fixes, thus helping the protocol’s evolution. Several recent results present successful formalmethods-based verification of a significant portion of the current version 5, and some even imply security in the com...
متن کاملA Formal Analysis of Some Properties of Kerberos 5 Using MSR
We give three formalizations of the Kerberos 5 authentication protocol in the Multi-Set Rewriting (MSR)formalism. One is a high-level formalization containing just enough detail to prove authentication andconfidentiality properties of the protocol. A second formalization refines this by adding a variety of protocoloptions; we similarly refine proofs of properties in the first fo...
متن کاملVerifying Mutual Authentication for the DLK Protocol using ProVerif tool
This paper adopts the Distributed Lightweight Kerberos (DLK) protocol, which is a result of enhancing the well-known Kerberos protocol. One of the advantages of the DLK protocol is that it addresses mutual authentication and confidentiality challenges while reducing the required number of messages to securely communicate with multiple service providers. In this paper we formally analyze and ver...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Theor. Comput. Sci.
دوره 367 شماره
صفحات -
تاریخ انتشار 2006