A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
On the security of SPLICE/AS—the authentication system in WIDE Internet
Information Processing Letters
On the security of recent protocols
Information Processing Letters
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Using encryption for authentication in large networks of computers
Communications of the ACM
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Security Analysis of IKE's Signature-Based Key-Exchange Protocol
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
A Formal Analysis of Some Properties of Kerberos 5 Using MSR
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Analyzing security protocols with secrecy types and logic programs
Journal of the ACM (JACM)
Specifying Kerberos 5 cross-realm authentication
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Cryptographically Sound Theorem Proving
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Theoretical Computer Science - Automated reasoning for security protocol analysis
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Computationally Sound Mechanized Proofs of Correspondence Assertions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
Searching for shapes in cryptographic protocols
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Breaking and fixing public-key Kerberos
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Cryptographically sound security proofs for basic and public-key kerberos
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Computationally sound mechanized proofs for basic and public-key Kerberos
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Inductive trace properties for computational security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
A formal model of identity mixer
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Bounded memory Dolev-Yao adversaries in collaborative systems
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Composition theorems without pre-established session identifiers
Proceedings of the 18th ACM conference on Computer and communications security
FMOODS'10/FORTE'10 Proceedings of the 12th IFIP WG 6.1 international conference and 30th IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Security enhancement of the communication-efficient AUTHMAC_DH protocols
Security and Communication Networks
A security enhanced authentication and key distribution protocol for wireless networks
Security and Communication Networks
Privacy supporting cloud computing: confichair, a case study
POST'12 Proceedings of the First international conference on Principles of Security and Trust
New privacy issues in mobile telephony: fix and verification
Proceedings of the 2012 ACM conference on Computer and communications security
Privacy-supporting cloud computing by in-browser key translation
Journal of Computer Security - Security and Trust Principles
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.01 |
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client, hence defeating confidentiality as well. The discovery of this attack caused the IETF to change the specification of PKINIT and Microsoft to release a security update for some Windows operating systems. We discovered this attack as part of an ongoing formal analysis of the Kerberos protocol suite, and we have formally verified several possible fixes to PKINIT-including the one adopted by the IETF-that prevent our attack as well as other authentication and secrecy properties of Kerberos with PKINIT.