Formal Analysis of the Kerberos Authentication Protocol
نویسندگان
چکیده
FORMAL ANALYSIS OF THE KERBEROS AUTHENTICATION PROTOCOL Joe-Kai Tsay Andre Scedrov, Advisor The security of cryptographic protocols has traditionally been verified with respect to one of two mathematical models: One, known as the Dolev-Yao or symbolic model, abstracts cryptographic concepts into an algebra of symbolic messages. Methods based on the Dolev-Yao abstraction, which make use of simple formal languages or logics, have been successfully applied to discover structural flaws in numerous cryptographic protocols, and have also become efficient and robust enough to tackle large commercial protocols, often even automatically. The other, known as the computational or cryptographic model, retains the concrete view of messages as bitstrings and cryptographic operations as algorithmic mappings between bitstrings, while drawing security definitions from complexity theory. Proofs in the computational approach entail strong security guarantees, however, only simple cryptographic protocols, mainly of academic interest, have been verified with respect to the computational model. This dissertation contributes to the ongoing case study of the Kerberos 5 protocol suite, a widely used authentication protocol. We report on a man-in-themiddle attack on PKINIT, the public key extension of Kerberos, which allows an
منابع مشابه
Verifying Mutual Authentication for the DLK Protocol using ProVerif tool
This paper adopts the Distributed Lightweight Kerberos (DLK) protocol, which is a result of enhancing the well-known Kerberos protocol. One of the advantages of the DLK protocol is that it addresses mutual authentication and confidentiality challenges while reducing the required number of messages to securely communicate with multiple service providers. In this paper we formally analyze and ver...
متن کاملBreaking and Fixing Public-Key Kerberos
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the s...
متن کاملFormal analysis of Kerberos 5
We report on the detailed verification of a substantial portion of the Kerberos 5 protocol specification. Because it targeted a deployed protocol rather than an academic abstraction, this multi-year effort led to the development of new analysis methods in order to manage the inherent complexity. This enabled proving that Kerberos supports the expected authentication and confidentiality properti...
متن کاملFormal Analysis of the Kerberos Authentication System
The Gurevich's Abstract State Machine formalism is used to specify the well known Kerberos Authentication System based on the Needham-Schroeder authentication protocol. A complete model of the system is reached through stepwise re nements of ASMs, and is used as a basis both to discover the minimum assumptions to guarantee the correctness of the system and to analyse its security weaknesses. Ea...
متن کاملNonce-based Kerberos is a Secure Delegated AKE Protocol
Kerberos is one of the most important cryptographic protocols, first because it is the basisc authentication protocol in Microsoft’s Active Directory and shipped with every major operating system, and second because it served as a model for all Single-Sign-On protocols (e.g. SAML, OpenID, MS Cardspace, OpenID Connect). Its security has been confirmed with several Dolev-Yao style proofs [1–12], ...
متن کامل