Breaking and fixing public-key kerberos

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4435 LNCS, Issue , 2007, Pages 167-181

  Cervesato, Iliano ^a   Jaggard, Aaron D ^b   Scedrov, Andre ^c   Tsay, Joe Kai ^c   Walstad, Christopher ^c  

^a CARNEGIE MELLON UNIVERSITY   (Qatar)

^b TULANE UNIVERSITY   (United States)

^c UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; AUTHENTICATION; COMPUTER SCIENCE; COMPUTER SOFTWARE; TECHNOLOGY;

AUTHENTICATION PROTOCOLS; COMPUTING SCIENCE; END-SERVERS; FORMAL ANALYSIS; KERBEROS; KERBEROS PROTOCOL; MAN IN THE MIDDLE ATTACKS; MICROSOFT; PUBLIC KEY; SECURE SOFTWARE; SERVICE REQUESTS; WINDOWS - OPERATING SYSTEMS;

HEALTH CARE;

EID: 49949119291     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-77505-8_13     Document Type: Conference Paper

References (26)

1. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5) (2005), http://www.ietf.org/rfc/rfc4120
2. Thomas, M., Vilhuber, J.: Kerberized Internet Negotiation of Keys (KINK) (2003), http://ietfreport.isoc.org/all-ids/draft-ietf-kink-kink-06.txt
3. Microsoft: Security Bulletin MS05-042 (2005), http://www.microsoft.com/ technet/security/bulletin/MS05-042.mspx
4. Strasser, M., Steffen, A.: Kerberos PKINIT Implementation for Unix Clients. Technical report, Zurich University of Applied Sciences Winterthur (2002)
5. CERT: Vulnerability Note 477341 (2005), http://www.kb.cert.org/vuls/id/ 477341
6. Yu, T., Hartman, S., Raeburn, K.: The perils of unauthenticated encryption: Kerberos version 4. In: Proc. NDSS 2004 (2004)
7. Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Formal Analysis of Kerberos 5. Theoretical Computer Science 367, 57-87 (2006)
8. Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Specifying Kerberos 5 Cross-Realm Authentication. In: Proc. WITS 2005, ACM Digital Lib. pp. 12-26 (2005)
9. Kemmerer, R., Meadows, C., Millen, J.: Three systems for cryptographic protocol analysis. J. Cryptology 7, 79-130 (1994)
10. Meadows, C.: Analysis of the internet key exchange protocol using the nrl protocol analyzer. In: Proc. IEEE Symp. Security and Privacy, pp. 216-231 (1999)
11. th USENIX Security Symp., pp. 201-216 (1998)
12. Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.K.: Cryptographically Sound Security Proofs for Basic and Public-key Kerberos. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, Springer, Heidelberg (2006)
13. IETF: Public Key Cryptography for Initial Authentication in Kerberos (1996-2006) RFC 4556. Preliminary versions available as a sequence of Internet Drafts at, http://tools.ietf.org/wg/krb-wg/draft-ietf-cat-kerberos-pk-init/
14. De Clercq, J., Balladelli, M.: Windows 2000 authentication, Digital Press (2001), http://www.windowsitlibrary.com/Content/617/06/6.html
15. Cable Television Laboratories, Inc.: PacketCable Security Specification Technical document PKT-SP-SEC-111-040730 (2004)
16. Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen Message Attacks. SIAM J. Computing 17, 281-308 (1988)
17. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2, 107-125 (1992)
18. Canetti, R., Krawczyk, H.: Security Analysis of IKE's Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS. vol. 2442, pp. 143-161. Springer, Heidelberg (2002)
19. Lowe. G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147-166. Springer, Heidelberg (1996)
20. Clark, J., Jacob, J.: On the security of recent protocols. Information Processing Letters 56, 151-155 (1995)
21. Abadi, M., Needham, R.: Prudent Engineering Practice for Cryptographic Protocols. IEEE Trans. Software Eng. 22, 6-15 (1996)
22. Raeburn, K.: Encryption and Checksum Specifications for Kerberos 5 (2005), http://www.ietf.org/rfc/rfc3961.txt
23. Cervesato, I.: Typed MSR: Syntax and Examples. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052. Springer, Heidelberg (2001)
24. Durgin, N.A., Lincoln, P., Mitchell, J., Scedrov. A.: Multiset Rewriting and the Complexity of Bounded Security Protocols. J. Comp. Security 12, 247-311 (2004)
25. Backes, M., Pfitzmann, B., Waidner, M.: A Composable Cryptographic Library with Nested Operations. In: Proc. CCS 2003, pp. 220-230. ACM, New York (2003)
26. Sprenger, C., Backes, M., Basin, D., Pfitzmann, B., Waidner, M.: Cryptographically sound theorem proving. In: Proc. CSFW 2006, pp. 153-166 (2006)