Verifying Authentication Protocols in CSP
IEEE Transactions on Software Engineering
Using encryption for authentication in large networks of computers
Communications of the ACM
Kerberos Version 4: Inductive Analysis of the Secrecy Goals
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A Formal Analysis of Some Properties of Kerberos 5 Using MSR
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Kerberos: The Definitive Guide
Kerberos: The Definitive Guide
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Theoretical Computer Science - Automated reasoning for security protocol analysis
Breaking and fixing public-key Kerberos
Information and Computation
Breaking and fixing public-key Kerberos
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Cryptographically sound security proofs for basic and public-key kerberos
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. We present a formalization of Kerberos 5 cross-realm authentication in MSR, a specification language based on multiset rewriting. We also adapt the Dolev-Yao intruder model to the cross-realm setting and prove an important property for a critical field in a cross-realm ticket. Finally, we document several failures of authentication and confidentiality in the presence of compromised intermediate realms. Although the current Kerberos specifications disclaim responsibility for these vulnerabilities, the associated security implications must be highlighted for system administrators to decide whether to adopt this technology and to aid designers with future development.