Formal analysis of Kerberos 5

Theoretical Computer Science

Volumn 367, Issue 1-2, 2006, Pages 57-87

  Butler, Frederick ^a   Cervesato, Iliano ^b   Jaggard, Aaron D ^c   Scedrov, Andre ^d   Walstad, Christopher ^d  

^a WEST VIRGINIA UNIVERSITY   (United States)

^b CARNEGIE MELLON UNIVERSITY   (Qatar)

^c TULANE UNIVERSITY   (United States)

^d UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 33750568156     PISSN: 03043975     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.tcs.2006.08.040     Document Type: Article

References (46)

1. A Secure European System for Applications in a Multi-vendor Environment 〈https://www.cosic.esat.kuleuven.ac.be/sesame/〉.
2. M. Backes, B. Pfitzmann, M. Waidner, A composable cryptographic library with nested operations, in: Proc. of 10th ACM Conf. on Computer and Communications Security (CCS), ACM Press, Washington, DC, 2003, pp. 220-230.
3. G. Bella, Inductive verification of cryptographic protocols, Ph.D. Thesis, University of Cambridge, 〈http://www.cl.cam.ac.uk/∼gb221/papers
4. G. Bella, L.C. Paulson, Using Isabelle to prove properties of the Kerberos authentication system, in: H. Orman, C. Meadows (Eds.), Proc. DIMACS'97, Workshop on Design and Formal Verification of Security Protocols (CD-ROM), 1997, 〈http://www.cl.cam.ac.uk/∼gb221/papers/bella4.ps.gz〉.
5. G. Bella, L.C. Paulson, Kerberos version IV: inductive analysis of the secrecy goals, in: Proc. ESORICS'98, Lecture Notes in Computer Science, Vol. 1485, Springer, Berlin, 1998, pp. 361-375.
6. M. Bellare, P. Rogaway, Entity authentication and key distribution, in: Advances in Cryptology: CRYPTO'93, Lecture Notes in Computer Science, Vol. 773, Springer, Berlin, 1993, pp. 232-249.
7. A. Birrell, B.W. Lampson, R.M. Needham, M.D. Schroeder, A global authentication service without global trust, in: IEEE Symposium on Security and Privacy, 1986, pp. 223-230.
8. S. Bistarelli, I. Cervesato, G. Lenzini, R. Marangoni, F. Martinelli, On Representing Biological Systems through Multiset Rewriting, in: Proc. EUROCAST'03, Lecture Notes in Computer Science, Vol. 2809, Springer, Berlin, 2003, pp. 415-426.
9. F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, A formal analysis of some properties of Kerberos 5 using MSR, in: Fifteenth Computer Security Foundations Workshop-CSFW-15, IEEE Computer Society Press, Cape Breton, NS, Canada, 2002, pp. 175-190.
10. F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, Verifying confidentiality and authentication in Kerberos 5, in: K. Futatsugi, F. Mizoguchi, N. Yonezaki (Eds.), Software Security-Theories and Systems- ISSS 2003, Lecture Notes in Computer Science, Vol. 3233, Tokyo, Japan, Springer, Berlin, 2003, pp. 1-24.
11. F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, A formal analysis of some properties of Kerberos 5 using MSR, Technical Report MS-CIS-04-04, University of Pennsylvania, Department of Computer and Information Science, 〈ftp://ftp.cis.upenn.edu/pub/papers/scedrov/ms-cis-04-04.pdf〉, April 2004.
12. R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in: 42nd Annu. Symp. on Foundations of Computer Science, FOCS 2001, IEEE Computer Society, Las Vegas, NV, 2001, pp. 136-145.
13. I. Cervesato, Typed MSR: Syntax and examples, in: V. Gorodetski, V. Skormin, L. Popyack (Eds.), First Internat. Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security-MMM'01, Lecture Notes in Computer Science, Vol. 2052, Springer, Berlin, St. Petersburg, Russia, 2001, pp. 159-177.
14. I. Cervesato, Expressing type-flaw attacks in a strongly-typed language, Invited talk at the Second Workshop on Foundations for Secure/Survivable Systems and Networks, Tokyo, Japan, slides available as 〈http://theory.stanford.edu/∼iliano/talks.html〉, 2001.
15. I. Cervesato, A specification language for crypto-protocols based on multiset rewriting, dependent types and subsorting, in: G. Delzanno, S. Etalle, M. Gabbrielli (Eds.), Workshop on Specification, Analysis and Validation for Emerging Technologies-SAVE'01, Paphos, Cyprus, 2001, pp. 1-22.
16. I. Cervesato, Fine-Grained MSR specifications for quantitative security analysis, in: Fourth Workshop on Issues in the Theory of Security-WITS'04, Barcelona, Spain, 2004, pp. 111-127.
17. Cervesato I., Durgin N., Lincoln P.D., Mitchell J.C., and Scedrov A. A comparison between strand spaces and multiset rewriting for security protocol analysis. J. Comput. Security 13 2 (2005) 265-316
18. I. Cervesato, A.D. Jaggard, A. Scedrov, C. Walstad, Specifying Kerberos 5 cross-realm authentication, in: Proc. WITS'05, ACM Digital Library, 2005, pp. 12-26.
19. I. Cervesato, C. Meadows, D. Pavlovic, An encapsulated authentication logic for reasoning about key distribution protocol, in: Eighteenth Computer Security Foundations Workshop-CSFW-18, IEEE Computer Society Press, Aix-en-Provence, France, 2005, pp. 48-61.
20. I. Cervesato, M.-O. Stehr, Representing the MSR cryptoprotocol specification language in an extension of rewriting logic with dependent types, in: N. Martí-Oliet (Ed.), Fifth Internat. Workshop on Rewriting Logic and its Applications-WRLA'04, Electronic Notes in Theoretical Computer Science, Vol. 117, Barcelona, Spain, Elsevier, Amsterdam, 2004, pp. 183-207.
21. J. Clark, J. Jacob, A survey of authentication protocol literature, Technical Report, Department of Computer Science, University of York, web Draft Version 1.0 available from 〈http://www.cs.york.ac.uk/∼jac〉, 1997.
22. E.M. Clarke, S. Jha, W.R. Marrero, Using state space exploration and a natural deduction style message derivation engine to verify security protocols, in: Proc. IFIP Working Conference on Programming Concepts and Methods (PROCOMET), 1998, pp. 87-106.
23. M. Clavel, F. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer, J. Quesada, Maude: specification and programming in rewriting logic, SRI International, 〈http://maude.csl.sri.com〉, January 1999.
24. Dolev D., and Yao A. On the security of public-key protocols. IEEE Trans. Inform. Theory 2 29 (1983) 198-208
25. Durgin N.A., Lincoln P.D., Mitchell J.C., and Scedrov A. Multiset rewriting and the complexity of bounded security protocols. J. Comput. Security 12 2 (2004) 247-311
26. Garman J. Kerberos: the definitive guide (2003), O'Reilly
27. Gligor V.D., Luan S.-W., and Pato J.N. On inter-realm authentication in large distributed systems. J. Comput. Security 2 2-3 (1993) 137-158
28. Gollmann D. Authentication-myths and misconceptions. Progress Comput. Sci. Appl. Logic 20 (2001) 203-225
29. Heather J., and Schneider S. A decision procedure for the existence of a rank function. J. Comput. Security 13 2 (2005) 317-344
30. Kerberos working group meeting at IETF-64, November 2005. Summary archived at 〈http://www3.ietf.org/proceedings/05nov/minutes/krb-wg.html〉.
31. Kerberos working group meeting at IETF-65, March 2006. Summary archived at 〈http://www3.ietf.org/proceedings/06mar/minutes/krb-wg.html〉.
32. C. Meadows, Analysis of the internet key exchange protocol using the NRL protocol analyzer, in: Proc. IEEE Symp. Security and Privacy, 1999, pp. 216-231.
33. C. Meadows, D. Pavlovic, Deriving, attacking and defending the gdoi protocol, in: Proc. ESORICS 2004, Lecture Notes in Computer Science, Vol. 3193, Springer, Berlin, 2004, pp. 33-53.
34. Meseguer J. Conditional rewriting logic as a unified model of concurrency. Theoret. Comput. Sci. 96 (1992) 73-155
35. J.C. Mitchell, M. Mitchell, U. Stern, Automated analysis of cryptographic protocols using Murφ{symbol}, in: Proc. IEEE Symp. Security and Privacy, IEEE Computer Society Press, Silver Spring, MD, 1997, pp. 141-153.
36. Needham R., and Schroeder M. Using encryption for authentication in large networks of computers. Comm. ACM 21 12 (1978) 993-999
37. C. Neuman, Personal communication, June 2002.
38. C. Neuman, J. Kohl, T. Ts'o, K. Raeburn, T. Yu, The Kerberos Network authentication service (V5), Internet draft, expires 20 May 2002 〈http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-revisi ons-10.txt〉, November 20, 2001.
39. Neuman C., and Ts'o T. Kerberos: an authentication service for computer networks. IEEE Commun. 32 9 (1994) 33-38
40. C. Neuman, T. Yu, S. Hartman, K. Raeburn, The Kerberos network authentication service (V5), 〈http://www.ietf.org/rfc/rfc4120〉, July 2005.
41. K. Raeburn, Encryption and checksum specifications for Kerberos 5, 〈http://www.ietf.org/rfc/rfc3961.txt〉 February 2005.
42. Schneider S. Verifying authentication protocols in CSP. IEEE Trans. Software Engng. 24 9 (1998) 741-758
43. K. Schutz, Welcome speech, IETF Kerberos Working Group September 2005 Interim Meeting.
44. F.J. Thayer Fábrega, J. Herzog, J.D. Guttman, Honest ideals on strand spaces, in: Proc. CSFW'98, 1998, pp. 66-78.
45. T. Yu, S. Hartman, K. Raeburn, The perils of unauthenticated encryption: Kerberos version 4, in: Proc. NDSS'04, 2004, 〈http://www.isoc.org/isoc/conferences/ndss/04/proceedings/Papers/Yu .pdf〉.
46. L. Zhu, P. Leach, K. Jaganathan, Anonymity support for Kerberos, Internet draft, expires April 18, 2006 〈http://www.ietf.org/internet-drafts/draft-zhu-kerb-anon-00.txt 〉, October 15, 2005.