Formal analysis of Kerberos 5

Authors:
Frederick Butler;Iliano Cervesato;Aaron D. Jaggard;Andre Scedrov;Christopher Walstad
Affiliations:
West Virginia University, Morgantown, WV;Carnegie Mellon University -- Qatar campus, Doha, Qatar and Tulane University;Tulane University, New Orleans, LA and Mathematics Department at the University of Pennsylvania;University of Pennsylvania, Philadelphia, PA;University of Pennsylvania, Philadelphia, PA
Venue:
Theoretical Computer Science - Automated reasoning for security protocol analysis
Year:
2006

Citing 18
Cited 14

Conditional rewriting logic as a unified model of concurrency

Selected papers of the Second Workshop on Concurrency and compositionality
Verifying Authentication Protocols in CSP

IEEE Transactions on Software Engineering
Using encryption for authentication in large networks of computers

Communications of the ACM
Kerberos Version 4: Inductive Analysis of the Secrecy Goals

ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Entity Authentication and Key Distribution

CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Using state space exploration and a natural deduction style message derivation engine to verify security protocols

PROCOMET '98 Proceedings of the IFIP TC2/WG2.2,2.3 International Conference on Programming Concepts and Methods
Honest Ideals on Strand Spaces

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
A Formal Analysis of Some Properties of Kerberos 5 Using MSR

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Universally Composable Security: A New Paradigm for Cryptographic Protocols

FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A composable cryptographic library with nested operations

Proceedings of the 10th ACM conference on Computer and communications security
Kerberos: The Definitive Guide

Kerberos: The Definitive Guide
Multiset rewriting and the complexity of bounded security protocols

Journal of Computer Security
Specifying Kerberos 5 cross-realm authentication

WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
A comparison between strand spaces and multiset rewriting for security protocol analysis

Journal of Computer Security
A decision procedure for the existence of a rank function

Journal of Computer Security
Representing the MSR Cryptoprotocol Specification Language in an Extension of Rewriting Logic with Dependent Types

Electronic Notes in Theoretical Computer Science (ENTCS)

Protocol Composition Logic (PCL)

Electronic Notes in Theoretical Computer Science (ENTCS)
Breaking and fixing public-key Kerberos

Information and Computation
Rule-based static analysis of network protocol implementations

Information and Computation
Computationally sound mechanized proofs for basic and public-key Kerberos

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Type-checking zero-knowledge

Proceedings of the 15th ACM conference on Computer and communications security
Looking at a class of RFID APs through GNY logic

International Journal of Security and Networks
Breaking and fixing public-key Kerberos

ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Computational soundness of symbolic zero-knowledge proofs

Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Bounded memory Dolev-Yao adversaries in collaborative systems

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Union and intersection types for secure protocol implementations

TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
G2C: cryptographic protocols from goal-driven specifications

TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Security enhancement of the communication-efficient AUTHMAC_DH protocols

Security and Communication Networks
A security enhanced authentication and key distribution protocol for wireless networks

Security and Communication Networks
Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Journal of Computer Security - Foundational Aspects of Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We report on the detailed verification of a substantial portion of the Kerberos 5 protocol specification. Because it targeted a deployed protocol rather than an academic abstraction, this multiyear effort led to the development of new analysis methods in order to manage the inherent complexity. This enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions. Our work also detected a number of innocuous but nonetheless unexpected behaviors, and it clearly described how vulnerable the cross-realm authentication support of Kerberos is to the compromise of remote administrative domains.