Specifying Kerberos 5 cross-realm authentication

Authors:
I. Cervesato;A. D. Jaggard;A. Scedrov;C. Walstad
Affiliations:
Tulane University;Tulane University;University of Pennsylvania;University of Pennsylvania
Venue:
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Year:
2005

Citing 7
Cited 4

Verifying Authentication Protocols in CSP

IEEE Transactions on Software Engineering
Using encryption for authentication in large networks of computers

Communications of the ACM
Kerberos Version 4: Inductive Analysis of the Secrecy Goals

ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A Formal Analysis of Some Properties of Kerberos 5 Using MSR

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Kerberos: The Definitive Guide

Kerberos: The Definitive Guide
Multiset rewriting and the complexity of bounded security protocols

Journal of Computer Security

Formal analysis of Kerberos 5

Theoretical Computer Science - Automated reasoning for security protocol analysis
Breaking and fixing public-key Kerberos

Information and Computation
Breaking and fixing public-key Kerberos

ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Cryptographically sound security proofs for basic and public-key kerberos

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. We present a formalization of Kerberos 5 cross-realm authentication in MSR, a specification language based on multiset rewriting. We also adapt the Dolev-Yao intruder model to the cross-realm setting and prove an important property for a critical field in a cross-realm ticket. Finally, we document several failures of authentication and confidentiality in the presence of compromised intermediate realms. Although the current Kerberos specifications disclaim responsibility for these vulnerabilities, the associated security implications must be highlighted for system administrators to decide whether to adopt this technology and to aid designers with future development.