Computationally sound mechanized proofs for basic and public-key Kerberos
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Stronger TLS bindings for SAML assertions and SAML artifacts
Proceedings of the 2008 ACM workshop on Secure web services
Security Analysis of Standard Authentication and Key Agreement Protocols Utilising Timestamps
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Formal proofs of cryptographic security of Diffie-Hellman-based protocols
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Provable security of S-BGP and other path vector protocols: model, analysis and extensions
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Many works have analyzed its security, identifying flaws and often suggesting fixes, thus helping the protocol's evolution. Several recent results present successful formal-methodsbased verification of a significant portion of the current version 5, and some even imply security in the computational setting. For these results to hold, encryption in Kerberos should satisfy strong cryptographic security notions. However, neither currently deployed as part of Kerberos encryption schemes nor their proposed revisions are known to provably satisfy such notions. We take a close look at Kerberos' encryption and confirm that most of the options in the current version provably provide privacy and authenticity, some with slight modification that we suggest. Our results complement the formal-methods-based analysis of Kerberos that justifies its current design.