A Browser-Based Kerberos Authentication Scheme

Authors:
Sebastian Gajek;Tibor Jager;Mark Manulis;Jörg Schwenk
Affiliations:
Horst Görtz Institute for IT-Security, Ruhr-University, Bochum, Germany;Horst Görtz Institute for IT-Security, Ruhr-University, Bochum, Germany;UCL Crypto Group, Louvain-la-Neuve, Belgium;Horst Görtz Institute for IT-Security, Ruhr-University, Bochum, Germany
Venue:
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Year:
2008

Citing 14
Cited 2

Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Risks of the passport single signon protocol

Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Universally Composable Security: A New Paradigm for Cryptographic Protocols

FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Analysis of Liberty Single-Sign-on with Enabled Clients

IEEE Internet Computing
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Noxes: a client-side solution for mitigating cross-site scripting attacks

Proceedings of the 2006 ACM symposium on Applied computing
The Emperor's New Security Indicators

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Dynamic pharming attacks and locked same-origin policies for web browsers

Proceedings of the 14th ACM conference on Computer and communications security
Provably secure browser-based user-aware mutual authentication over TLS

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Drive-by pharming

ICICS'07 Proceedings of the 9th international conference on Information and communications security

The power of recognition: secure single sign-on using TLS channel bindings

Proceedings of the 7th ACM workshop on Digital identity management
Options for integrating eID and SAML

Proceedings of the 2013 ACM workshop on Digital identity management

Quantified Score

Hi-index	0.00

Visualization

Abstract

When two players wish to share a security token (e.g., for the purpose of authentication and accounting), they call a trusted third party. This idea is the essence of Kerberos protocols, which are widely deployed in a large scale of computer networks. Browser-based Kerberos protocols are the derivates with the exception that the Kerberos client application is a commodity Web browser. Whereas the native Kerberos protocol has been repeatedly peer-reviewed without finding flaws, the history of browser-based Kerberos protocols is tarnished with negative results due to the fact that subtleties of browsers have been disregarded. We propose a browser-based Kerberos protocol based on client certificates and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS'08.