The Perils of Unauthenticated Encryption: Kerberos Version 4

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2004

Volumn , Issue , 2004, Pages

  Yu, Tom ^a   Hartman, Sam ^a   Raeburn, Kenneth ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; NETWORK SECURITY;

AUTHENTICATION PROTOCOLS; CHOSEN-PLAINTEXT ATTACK; CORRECTIVE MEASURES; KERBEROS; KERBEROS AUTHENTICATION;

AUTHENTICATION;

EID: 85073480054     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6–15, January 1996.
2. G. Bella and L. C. Paulson. Kerberos version IV: Inductive analysis of the secrecy goals. In Proceedings of the 5th European Symposium on Research in Computer Security, pages 361–375. LNCS 1485, Springer-Verlag, 1998.
3. G. Bella and E. Riccobene. Formal analysis of the Kerberos authentication system. Journal of Universal Computer Science, 3(12):1337–1381, 1997.
4. M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. In Proceedings of the 38th Symposium on Foundations of Computer Science, pages 394–403. IEEE, 1997.
5. M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. Available from http://www.cs.ucsd.edu/users/mihir/papers/sym-enc.html, 2000.
6. M. Bellare, T. Kohno, and C. Namprempre. Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol. In Proceedings of 9th ACM Conference on Computer and Communications Security. ACM, November 2002.
7. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology – ASIACRYPT 2000, pages 531–545. LNCS 1976, Springer-Verlag, 2000.
8. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Available from http://www.cs.ucsd.edu/users/mihir/papers/oem.html, 2000.
9. S. M. Bellovin. Problem areas for the IP security protocols. In Proceedings of the Sixth USENIX UNIX Security Symposium. USENIX, July 1996.
10. S. M. Bellovin. Cryptography and the internet. In Advances in Cryptology – CRYPTO’98, pages 46–55. LNCS 1462, Springer-Verlag, 1998.
11. S. M. Bellovin and D. Atkins. Private communications, 1999.
12. S. M. Bellovin and M. Merritt. Limitations of the Kerberos authentication system. In USENIX Conference Proceedings, pages 253–267, Dallas, TX, Winter 1991. USENIX.
13. J. Black and H. Urtubia. Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In Proceedings of the 11th USENIX Security Symposium. USENIX, August 2002.
14. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society of London, Series A, Mathematical and Physical Sciences, 426(1871):233–271, 1989.
15. cr_ciph.c. Source code of Kerberos version 4 library, MIT, 1986.
16. cr_tkt.c. Source code of Kerberos version 4 library, MIT, 1985.
17. R. DeMillo and M. Merritt. Protocols for data security. Computer, 16(2):39–50, February 1983.
18. D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Communications of the ACM, 24(8):533–536, August 1981.
19. D. Dolev, C. Dwork, and M. Naor. Nonmalleable cryptography. SIAM Journal on Computing, 30(2):391–437, 2000.
20. N. Ferguson and B. Schneier. Practical Cryptography. Wiley, 2003.
21. A. M. Iley. Kerberos ivec attack. Web page, now defunct.
22. A. Joux, G. Martinet, and F. Valette. Blockwise-adaptive attackers. In Advances in Cryptology – CRYPTO 2002, pages 17–30. LNCS 2442, Springer-Verlag, 2002.
23. J. Kohl and C. Neuman. The Kerberos network authentication service (v5). Internet Request for Comments 1510, Internet Engineering Task Force, 1993.
24. Messages exchanged on the krb-protocol@athena.mit.edu email list, April 1989.
25. H. Krawczyk. The order of encryption and authentication for protecting communications (or: How secure is SSL?). In Advances in Cryptology – CRYPTO 2001, pages 310–331. LNCS 2139, Springer-Verlag, 2001.
26. H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. Internet Request for Comments 2104, Internet Engineering Task Force, 1997.
27. G. Lowe. Some new attacks upon security protocols. In Proceedings of the 9th Computer Security Foundations Workshop. IEEE, 1996.
28. S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer. Kerberos authentication and authorization system. Project Athena technical plan, section E.2.1, Massachusetts Institute of Technology, 1987.
29. J. H. Moore. Protocol failures in cryptosystems. Proceedings of the IEEE, 76(5):594–602, May 1988.
30. National Institute of Standards and Technology. DES modes of operation. FIPS publication 81, U.S. Department of Commerce, December 1980.
31. National Institute of Standards and Technology. Data encryption standard. FIPS publication 46-3, U.S. Department of Commerce, October 1999.
32. National Institute of Standards and Technology. Advanced encryption standard. FIPS publication 197, U.S. Department of Commerce, November 2001.
33. R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, December 1978.
34. C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The Kerberos network authentication service (v5). Internet Draft draft-ietf-krb-wg-kerberosclarifications-04.txt, 2003.
35. K. Raeburn. AES encryption for Kerberos 5. Internet Draft draft-raeburn-krb-rijndael-krb-05.txt, 2003.
36. K. Raeburn. Encryption and checksum specifications for Kerberos 5. Internet Draft draft-ietf-krb-wg-crypto-06.txt, 2003.
37. J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter Conference, pages 191–202, February 1988.
38. S. G. Stubblebine and V. D. Gligor. On message integrity in cryptographic protocols. In Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 85–104. IEEE, May 1992.
39. S. Vaudenay. Security flaws induced by CBC padding – Applications to SSL, IPSEC, WTLS .... In Advances in Cryptology – EUROCRYPT 2002, pages 534–545. LNCS 2332, Springer-Verlag, 2002.
40. V. L. Voydock and S. T. Kent. Security mechanisms in high-level network protocols. Computing Surveys, 15(2):135–171, June 1983.